1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hijackthis Log

Discussion in 'Windows - Virus and spyware problems' started by Killamurk, Jan 9, 2007.

  1. Killamurk

    Killamurk Member

    Joined:
    Dec 23, 2006
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    16
    Owner - Tue 01/09/2007 21:56:39.57 Service Pack 4
    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Administrator\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))


    2007-01-08 10:39 <DIR> d-------- C:\Program Files\PestCapture
    2007-01-06 18:47 208,896 --a------ C:\WINNT\system32\wmpns.dll
    2007-01-06 14:57 <DIR> d-------- C:\Program Files\Java
    2007-01-06 14:54 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-01-06 00:03 <DIR> d-------- C:\WINNT\winsxs
    2007-01-05 23:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
    2007-01-05 23:52 <DIR> d-------- C:\Program Files\Adobe
    2007-01-05 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2007-01-05 23:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2006-12-30 14:59 <DIR> d-------- C:\FOUND.000
    2006-12-25 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    2006-12-25 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2006-12-25 09:29 20,992 --a------ C:\WINNT\system32\cthkpcv.dll
    2006-12-25 09:26 <DIR> d-------- C:\Program Files\Video ActiveX Object
    2006-12-25 08:53 <DIR> d-------- C:\Program Files\Mozilla Firefox
    2006-12-25 08:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
    2006-12-22 11:16 <DIR> d--h----- C:\WINNT\$NtUpdateRollupPackUninstall$
    2006-12-21 23:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
    2006-12-21 23:08 <DIR> d-------- C:\WINNT\setup.pss
    2006-12-21 22:12 <DIR> d-------- C:\WINNT\Sun
    2006-12-21 22:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2006-12-21 20:35 <DIR> d--h----- C:\Program Files\Uninstall Information
    2006-12-21 20:35 <DIR> d-------- C:\WINNT\Windows Update Setup Files
    2006-12-20 13:15 <DIR> d-------- C:\Program Files\support.com
    2006-12-20 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
    2006-12-15 07:10 2,174,976 --a------ C:\WINNT\system32\wmvcore.dll
    2006-12-14 19:31 <DIR> d-------- C:\My Games
    2006-12-14 19:30 <DIR> d-------- C:\My Download Files
    2006-12-14 19:27 774,144 --a------ C:\Program Files\RngInterstitial.dll
    2006-12-14 19:26 <DIR> d-------- C:\Program Files\Real
    2006-12-14 19:26 <DIR> d-------- C:\Program Files\Common Files\Real
    2006-12-12 19:17 <DIR> d-------- C:\Program Files\Maestro Learning
    2006-12-10 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
    2006-12-09 21:44 <DIR> d-------- C:\Program Files\eMule
    2006-12-09 21:10 <DIR> d--h----- C:\WINNT\PIF
    2006-12-09 20:48 <DIR> d-------- C:\WINNT\system32\appmgmt
    2006-12-09 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
    2006-12-09 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PlayFirst
    2006-12-09 14:52 <DIR> d--hs---- C:\WINNT\ftpcache
    2006-12-09 11:37 <DIR> d-------- C:\Program Files\Yahoo! Games
    2006-12-09 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-06 22:42 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
    2006-12-06 22:34 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
    2006-12-06 21:14 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-12-06 20:47 -------- d-------- C:\Program Files\Zylom Games
    2006-12-05 22:37 -------- d-------- C:\Program Files\WinRAR
    2006-12-05 18:27 58000 --a------ C:\WINNT\system32\drivers\cdr4_2K.sys
    2006-12-05 18:27 57344 --a------ C:\WINNT\uneng.exe
    2006-12-05 18:27 49152 --a------ C:\WINNT\system32\cdrtc.dll
    2006-12-05 18:27 45056 --a------ C:\WINNT\system32\cdral.dll
    2006-12-05 18:27 23420 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
    2006-12-05 18:27 -------- d-------- C:\Program Files\Common Files\Adaptec Shared
    2006-12-04 09:50 -------- d-------- C:\Program Files\Yahoo!
    2006-12-04 09:47 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
    2006-12-04 09:24 -------- d-------- C:\Documents and Settings\Administrator\Application Data\VCOM
    2006-12-04 09:24 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Identities
    2006-11-25 05:29 -------- d-------- C:\Program Files\Spybot - Search & Destroy
    2006-11-25 05:28 -------- d-------- C:\Program Files\Panicware
    2006-11-25 05:26 -------- d-------- C:\Program Files\URL.BIZ ip blocker 1.0
    2006-11-25 05:17 -------- d-------- C:\Program Files\Microsoft Visual Studio
    2006-11-25 05:17 -------- d-------- C:\Program Files\Common Files\Designer
    2006-11-25 05:15 -------- d-------- C:\Program Files\Microsoft Office
    2006-11-25 05:04 0 ---h----- C:\CONFIG.SYS
    2006-11-25 05:04 0 ---h----- C:\AUTOEXEC.BAT
    2006-11-25 05:02 271 ---h----- C:\Program Files\desktop.ini
    2006-11-25 05:02 21952 ---h----- C:\Program Files\folder.htt
    2006-11-25 04:04 -------- d-------- C:\Program Files\VCOM
    2006-11-25 04:01 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2006-11-25 02:51 -------- d-------- C:\Program Files\microsoft frontpage
    2006-11-25 02:49 0 -rahs---- C:\MSDOS.SYS
    2006-11-25 02:49 0 -rahs---- C:\IO.SYS
    2006-11-25 02:48 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2006-11-25 02:47 -------- d-------- C:\Program Files\Outlook Express
    2006-11-25 02:47 -------- d-------- C:\Program Files\NetMeeting
    2006-11-25 02:47 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-25 02:47 -------- d-------- C:\Program Files\Common Files\System
    2006-11-25 02:47 -------- d-------- C:\Program Files\Common Files\Services
    2006-11-25 02:45 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-11-25 02:45 -------- d-------- C:\Program Files\Windows Media Player
    2006-11-25 02:44 -------- d-------- C:\Program Files\Windows NT
    2006-11-25 02:44 -------- d-------- C:\Program Files\Accessories
    2006-11-25 02:32 -------- d-------- C:\Program Files\Common Files\ODBC
    2006-11-25 02:32 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-11-25 02:32 -------- d-------- C:\Program Files\Common Files
    2006-11-06 13:13 575760 --a------ C:\WINNT\system32\INETCOMM.DLL


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Synchronization Manager"="mobsync.exe /logon"
    "Fix-It AV"="C:\\PROGRA~1\\VCOM\\Fix-It\\MemCheck.exe"
    "QuickTime Task"="\"C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\qttask.exe\" -atboottime"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000003
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,40,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,68,02,00,00,1f,00,00,00,a8,00,00,00,9e,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000095
    "CDRAutoRun"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "isamonitor.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"
    "none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000095

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "buprestidae"="{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: Tue 2007-01-09 21:57:19.40
    C:\ComboFix2.txt ... 07-01-09 21:50
    C:\ComboFix.txt ... 07-01-09 21:57
     
  2. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Hi Killamurk and welcome to aD!

    Well, that's not a HijackThis log as stated in the subject, but just as well I presume. ;-)

    Please follow directions here, that should take care of your problem.

    Post a HijackThis log in that thread if you would like to make sure everything is clean.
     

Share This Page