Jump to content

Roguepw25

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Roguepw25
    Here's the new hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:04:55 PM, on 11/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\FastNetSrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\AOL\1180668802\ee\AOLSoftware.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AOL Companion\companion.exe C:\Program Files\iPod\bin\iPodService.exe c:\program files\common files\aol\1180668802\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe c:\program files\common files\aol\1180668802\ee\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HiJackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180668802\ee\AOLSoftware.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Hlazegacudez] rundll32.exe "C:\WINDOWS\asinewoh.dll",Startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 6766 bytes
  2. Roguepw25
    Combo Fix Report: HiJack Report:
  3. Roguepw25
    Did this. Here are the logs: ComboFix: Hi JackThis:
  4. Roguepw25
    Sorry to double post, just wanted to see what to do after this. Thanks so much.
  5. Roguepw25
    Okay, here we go: ComboFix 09-10-17.01 - John Halbert 10/18/2009 17:51.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.240 [GMT -7:00] Running from: c:\documents and settings\John Halbert\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\JOHNHA~1\LOCALS~1\Temp\services.exe c:\docume~1\JOHNHA~1\LOCALS~1\Temp\taskmgr.exe c:\documents and settings\All Users.WINDOWS\Application Data\67077128 c:\documents and settings\All Users.WINDOWS\Application Data\67077128\67077128.exe c:\documents and settings\All Users.WINDOWS\Application Data\80670324 c:\documents and settings\All Users.WINDOWS\Application Data\80670324\80670324.bat c:\documents and settings\All Users.WINDOWS\Application Data\80670324\80670324.exe c:\documents and settings\All Users.WINDOWS\Application Data\ivexuhezi.reg c:\documents and settings\All Users.WINDOWS\Application Data\xurulukyh.vbs c:\documents and settings\All Users.WINDOWS\Application Data\ymop.lib c:\documents and settings\John Halbert\Application Data\iniasd.txt c:\documents and settings\John Halbert\Application Data\lizkavd.exe c:\documents and settings\John Halbert\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\John Halbert\Application Data\qanelyv.pif c:\documents and settings\John Halbert\Application Data\seres.exe c:\documents and settings\John Halbert\Application Data\svcst.exe c:\documents and settings\John Halbert\Application Data\yrehuku._sy c:\documents and settings\John Halbert\Cookies\harah.ban c:\documents and settings\John Halbert\Cookies\kymisex.bin c:\documents and settings\John Halbert\Cookies\otirucoci.dat c:\documents and settings\John Halbert\Desktop\AntivirusPro_2010.lnk c:\documents and settings\John Halbert\Desktop\Windows Police Pro.lnk c:\documents and settings\John Halbert\Local Settings\Application Data\azeze.bat c:\documents and settings\John Halbert\Local Settings\Temporary Internet Files\benysuvamu.lib c:\documents and settings\John Halbert\Local Settings\Temporary Internet Files\bojilobem.inf c:\documents and settings\John Halbert\Local Settings\Temporary Internet Files\favicon.ico c:\documents and settings\John Halbert\Local Settings\Temporary Internet Files\ikesuwifac.dll c:\documents and settings\John Halbert\Local Settings\Temporary Internet Files\ixaxyjuli.sys c:\documents and settings\John Halbert\Local Settings\Temporary Internet Files\vegas.ico c:\documents and settings\John Halbert\Local Settings\Temporary Internet Files\yvuh._dl c:\documents and settings\John Halbert\ntuser.dll c:\documents and settings\John Halbert\Start Menu\Programs\Startup\scandisk.dll c:\documents and settings\John Halbert\Start Menu\Programs\Startup\scandisk.lnk c:\program files\AntivirusPro_2010 c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe c:\program files\Common Files\ajidunoru.dll c:\program files\Common Files\hivanor.vbs c:\program files\Common Files\lowopa.dll c:\program files\Common Files\uvoteqifi.bat c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll c:\program files\Windows Police Pro c:\program files\Windows Police Pro\msvcm80.dll c:\program files\Windows Police Pro\msvcp80.dll c:\program files\Windows Police Pro\msvcr80.dll c:\program files\Windows Police Pro\Windows Police Pro.exe c:\recycler\S-1-5-21-1275210071-764733703-1343024091-1004 c:\recycler\S-1-5-21-2025429265-1708537768-854245398-1004 c:\windows\aceg.vbs c:\windows\dikoca.reg c:\windows\Installer\24f58db.msi c:\windows\Installer\24f58f8.msi c:\windows\okopofev.dll c:\windows\pedifum.scr c:\windows\svohost.exe c:\windows\system32\_scui.cpl c:\windows\system32\~.exe c:\windows\system32\AVR09.exe c:\windows\system32\calc.dll c:\windows\system32\certstore.dat c:\windows\system32\FInstall.sys c:\windows\system32\fypo.inf c:\windows\system32\gipekoji.dll c:\windows\system32\gv1csnbotv.dll c:\windows\system32\hinuhilu.dll c:\windows\system32\Install.txt c:\windows\system32\isapeep.sys c:\windows\system32\kofohy.dl c:\windows\system32\livoguyi.dll c:\windows\system32\mitob.dll c:\windows\system32\nobupize.dll c:\windows\system32\nuar.old c:\windows\system32\poyimimu.dll c:\windows\system32\pump.exe c:\windows\system32\schtml c:\windows\system32\schtml\dbsinit.exe c:\windows\system32\schtml\images\i1.gif c:\windows\system32\schtml\images\i2.gif c:\windows\system32\schtml\images\i3.gif c:\windows\system32\schtml\images\j1.gif c:\windows\system32\schtml\images\j2.gif c:\windows\system32\schtml\images\j3.gif c:\windows\system32\schtml\images\jj1.gif c:\windows\system32\schtml\images\jj2.gif c:\windows\system32\schtml\images\jj3.gif c:\windows\system32\schtml\images\l1.gif c:\windows\system32\schtml\images\l2.gif c:\windows\system32\schtml\images\l3.gif c:\windows\system32\schtml\images\pix.gif c:\windows\system32\schtml\images\t1.gif c:\windows\system32\schtml\images\t2.gif c:\windows\system32\schtml\images\up1.gif c:\windows\system32\schtml\images\up2.gif c:\windows\system32\schtml\images\w1.gif c:\windows\system32\schtml\images\w11.gif c:\windows\system32\schtml\images\w2.gif c:\windows\system32\schtml\images\w3.gif c:\windows\system32\schtml\images\w3.jpg c:\windows\system32\schtml\images\word.doc c:\windows\system32\schtml\images\wt1.gif c:\windows\system32\schtml\images\wt2.gif c:\windows\system32\schtml\images\wt3.gif c:\windows\system32\schtml\wispex.html c:\windows\system32\skynet.dat c:\windows\system32\ttt.exe c:\windows\system32\tulowifi.dll c:\windows\system32\vezurejo.dll c:\windows\system32\winhelper.dll c:\windows\system32\winupdate.exe c:\windows\TEMP\mta13187.dll c:\windows\TEMP\t4m0_737238605311.bk.old c:\windows\TEMP\x1c63279.dll c:\windows\uxopap.bin c:\windows\wuhi.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_ZESOFT -------\Service_6to4 -------\Legacy_isapeep -------\Legacy_WDefend -------\Service_isapeep -------\Service_WDefend ((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 ))))))))))))))))))))))))))))))) . 2009-10-18 07:04 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-18 07:03 . 2009-08-24 21:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-18 07:03 . 2009-08-19 18:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-18 07:03 . 2009-10-18 07:05 -------- d-----w- c:\program files\Common Files\PC Tools 2009-10-18 07:03 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-10-18 07:03 . 2009-10-18 07:06 -------- d-----w- c:\program files\Spyware Doctor 2009-10-18 07:03 . 2009-10-18 07:03 -------- d-----w- c:\documents and settings\John Halbert\Application Data\PC Tools 2009-10-18 07:03 . 2009-10-18 07:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools 2009-10-18 07:02 . 2009-10-19 01:12 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-10-18 06:55 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-18 06:55 . 2009-10-18 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-18 06:55 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-18 06:29 . 2009-10-19 00:51 58 ----a-w- c:\windows\wp4.dat 2009-10-18 06:29 . 2009-10-19 00:51 3 ----a-w- c:\windows\wp3.dat 2009-10-18 06:29 . 2009-10-19 00:09 565248 ----a-w- c:\windows\system32\plugie.dll 2009-10-18 06:25 . 2009-10-18 08:46 0 ----a-w- c:\windows\Wjuwafojocet.bin 2009-10-18 06:24 . 2009-10-18 22:32 120 ----a-w- c:\windows\Tfirupoqoxev.dat 2009-10-18 06:24 . 2009-10-18 06:24 -------- d-----w- c:\documents and settings\John Halbert\Local Settings\Application Data\{E1C7FB92-ECF0-4222-9940-E29A27D740F5} 2009-10-14 23:19 . 2009-10-14 23:19 -------- d-----w- c:\documents and settings\John Halbert\Application Data\Malwarebytes 2009-10-14 23:18 . 2009-10-14 23:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-10-14 23:11 . 2009-10-14 23:11 19754 ----a-w- c:\windows\system32\mybe.dat 2009-10-14 13:20 . 2009-10-18 06:18 196104 ----a-w- C:\jboy.exe 2009-10-14 13:20 . 2009-10-18 06:17 52736 ----a-w- C:\nmihj.exe 2009-10-14 13:20 . 2009-10-18 06:17 247808 ----a-w- C:\lyqr.exe 2009-10-14 13:20 . 2009-10-18 06:17 79360 ----a-w- C:\bqefoh.exe 2009-10-14 13:20 . 2009-10-14 13:20 53248 ----a-w- C:\riyxlqe.exe 2009-10-14 13:20 . 2009-10-14 13:20 243200 ----a-w- C:\tfdp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-12 05:08 . 2004-10-18 23:53 15468 -c--a-w- c:\documents and settings\John Halbert\Application Data\wklnhst.dat 2009-09-11 14:33 . 2002-08-29 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-12-08 00:37 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2002-08-29 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:16 . 2002-08-29 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-05 09:11 . 2004-07-13 18:32 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 14:00 . 2002-08-29 12:00 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 13:13 . 2002-08-29 01:04 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-07-18 22:33 . 2009-07-18 22:33 1114043 --sha-w- c:\windows\system32\kolojebe.exe 2009-07-18 06:26 . 2009-07-18 06:26 1079842 --sha-w- c:\windows\system32\petonuho.exe 2009-07-18 06:26 . 2009-07-18 06:26 1114665 --sha-w- c:\windows\system32\sehuwuri.exe 2009-07-18 06:26 . 2009-07-18 06:26 24576 --sha-w- c:\windows\system32\sezerabo.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 4670968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-11-26 180269] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "HostManager"="c:\program files\Common Files\AOL\1180668802\ee\AOLSoftware.exe" [2006-09-26 50736] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064] "PCTVOICE"="pctspk.exe" - c:\windows\system32\pctspk.exe [2003-02-24 163840] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-3 113664] America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-10-22 156784] AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2004-10-22 250992] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli uiepus.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1180668802\\ee\\aolsoftware.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/18/2009 12:03 AM 206256] R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [8/29/2002 5:00 AM 14336] R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [8/29/2002 5:00 AM 94720] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/18/2009 12:03 AM 348752] R3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\drivers\TNET1130x.sys [7/27/2005 4:39 PM 385536] --- Other Services/Drivers In Memory --- *NewlyCreated* - BTWSRV *Deregistered* - mchInjDrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs BtwSrv . Contents of the 'Scheduled Tasks' folder 2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - BHO-{64a2ad5d-6c8b-4f97-9296-5134b2231935} - nobupize.dll BHO-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\gv1csnbotv.dll HKCU-Run-inixs - c:\windows\system32\minix32.exe HKLM-Run-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll HKLM-Run-URLLSTCK.exe - c:\program files\Norton Internet Security\UrlLstCk.exe HKLM-Run-Tsl - c:\progra~1\COMMON~1\tsa\tsl.exe HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe HKLM-Run-Hlazegacudez - c:\windows\okopofev.dll HKLM-Run-80670324 - c:\documents and settings\All Users.WINDOWS\Application Data\80670324\80670324.exe HKLM-Run-fagedezud - c:\windows\system32\gipekoji.dll HKLM-Run-67077128 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\67077128\67077128.exe HKLM-Run-mulokisugu - hinuhilu.dll SharedTaskScheduler-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\gv1csnbotv.dll SharedTaskScheduler-{5012a22d-b2a9-4fb0-bbd3-06d4e7181c39} - c:\windows\system32\kodesalo.dll SharedTaskScheduler-{aa9e3885-e541-4602-b47b-a403e2122097} - c:\windows\system32\gipekoji.dll SSODL-filulusum-{5012a22d-b2a9-4fb0-bbd3-06d4e7181c39} - c:\windows\system32\kodesalo.dll SSODL-vafimeler-{aa9e3885-e541-4602-b47b-a403e2122097} - c:\windows\system32\gipekoji.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-18 18:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(720) c:\windows\uiepus.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(160) c:\windows\system32\WININET.dll c:\program files\Spyware Doctor\pctgmhk.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\ieframe.dll c:\windows\uiepus.dll c:\program files\Bonjour\mdnsNSP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Spyware Doctor\pctsSvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\system32\wdfmgr.exe c:\windows\wanmpsvc.exe c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe c:\combofix\CF1524.exe c:\program files\Pure Networks\Port Magic\PortAOL.exe c:\program files\Common Files\AOL\1180668802\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wmdtc.exe c:\program files\Java\jre1.6.0_02\bin\jucheck.exe c:\windows\system32\lsm32.sys . ************************************************************************** . Completion time: 2009-10-19 18:25 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-19 01:25 Pre-Run: 231,170,048 bytes free Post-Run: 274,452,480 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 323 --- E O F --- 2009-10-16 10:37
  6. Roguepw25
    Hello I have the virus Windows Police Pro a nd AntivirusPro 2010 on my computer. I've tried installing Malwarebytes' Anti-Malware but it said that mbam-setup.exe could not be found. So I read about all the different ways to get the program to try and work. I download the HiJack and tried to install it, but when I double clicked on it, I got the message: Running the application is impossible. The file C:/Documents and Settings John/Destop/HJTInstall.exe is infected. Please avtivitate yhour antivirus program. This virius is a real pain. Please help so I can get it removed. Thanks so much in advanced.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.