HiJack Log

Expand Post »

Hey guys this is my first post! I was recently having problems with SpyWare Malware and so on, But I stumpled upon this site which helped me alot, My computer seems to be running fine but I wanted to post my HiJack and my ComboFix log so yall can check it out, Thanks alot!!

HiJack
--------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:32 PM, on 29-Nov-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AIV Reminder\aivreminder.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dennis\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {261C35B4-9283-6344-C5C0-005CF873D624} - C:\Program Files\Zpknnpgz\qdadpoes.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AIV Reminder] C:\Program Files\AIV Reminder\aivreminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1193555828875
O20 - Winlogon Notify: gos2C - gos2C.tmp (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5010 bytes

--------------------------------------------------------
Combo Fix
--------------------------------------------------------

ComboFix 07-11-29.3 - Dennis 2007-11-28 17:56:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.747 [GMT -6:00]
Running from: C:\Documents and Settings\Dennis\desktop\ComboFix.exe
Command switches used :: /KillAll
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\fqroxilc.dll
C:\Documents and Settings\All Users\Application Data.\Starware316
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\775_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Free_Credit_Score0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Free_Credit_Score0.bmp_new
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Free_Music0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Ringtones0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\WeatherHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware316\Tem1746.tmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp_new
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\Tem1746.tmp
C:\Documents and Settings\Dennis\Application Data.\Ultimate Fixer
C:\Documents and Settings\Dennis\Application Data\Starware316
C:\Documents and Settings\Dennis\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Free_Music\Free_MusicOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Ringtones\RingtonesOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Tem158.tmp
C:\Documents and Settings\Dennis\Application Data\Starware316\Tem1660.tmp
C:\Documents and Settings\Dennis\Application Data\Starware316\Tem3579.tmp
C:\Documents and Settings\Dennis\Application Data\Starware316\Tem39C.tmp
C:\Documents and Settings\Dennis\Application Data\Starware316\Tem7CC.tmp
C:\Documents and Settings\Dennis\Application Data\Starware316\TemE90.tmp
C:\Documents and Settings\Dennis\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Dennis\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\Dennis\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Dennis\Start Menu\Programs\Startup\findfast.exe
C:\Program Files\3269.exe
C:\Program Files\Common Files\racle~1
C:\Program Files\icroso~1.net
C:\Program Files\mantec~1
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\screensavers.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\sinstaller3.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\SSSInstaller.dll
C:\Program Files\screensavers.com\SSSUninst.exe
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe.bak
C:\Program Files\Starware316
C:\Program Files\Starware316\bin\Starware316.dll
C:\Program Files\Starware316\icons\star_16.ico
C:\Program Files\Starware316\Starware316Config.xml
C:\Program Files\Starware316\Starware316Uninstall.exe
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\xloader10181.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\bonjvnrt.dll
C:\WINDOWS\system32\dcrobqhf.dll
C:\WINDOWS\system32\drvpurr.dll
C:\WINDOWS\system32\iifecda.dll
C:\WINDOWS\system32\kltsusds.dll
C:\WINDOWS\system32\mhjimbjt.dll
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.bak2
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\odstdpxw.dll
C:\WINDOWS\system32\oigfmjfp.dll
C:\WINDOWS\system32\sfypjblg.dll
C:\WINDOWS\system32\tbtmpyao.dll
C:\WINDOWS\system32\tdgurbwi.dll
C:\WINDOWS\system32\txpfnapd.dll
C:\WINDOWS\system32\winemx32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-27 19:38 . 2007-11-27 19:38 <DIR> d-------- C:\Documents and Settings\Dennis\Application Data\Grisoft
2007-11-27 19:38 . 2007-11-27 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 19:38 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-27 19:23 . 2007-11-27 19:23 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-27 19:23 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-27 18:58 . 2007-11-27 18:58 71,188 --a------ C:\WINDOWS\system32\nqkceyjf.exe
2007-11-26 18:57 . 2007-11-26 18:57 71,188 --a------ C:\WINDOWS\system32\nrkxehys.exe
2007-11-26 17:52 . 2007-11-26 22:23 <DIR> d-------- C:\Documents and Settings\Dennis\Application Data\Yahoo!
2007-11-26 17:52 . 2007-11-26 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-26 16:58 . 2007-11-26 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-26 16:56 . 2007-11-26 16:58 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-25 19:00 . 2007-11-25 19:00 71,188 --a------ C:\WINDOWS\system32\tcevrjxs.exe
2007-11-25 05:29 . 2005-03-24 01:28 195,616 --a------ C:\Documents and Settings\Dennis\Application Data\sysfixer.exe
2007-11-23 01:09 . 2007-11-23 02:39 22,696 --a------ C:\Documents and Settings\Dennis\Application Data\info.dat
2007-11-23 00:44 . 2007-11-27 20:24 <DIR> d-------- C:\Documents and Settings\Dennis\Application Data\ultra
2007-11-22 21:37 . 2007-11-22 21:37 71,188 --a------ C:\WINDOWS\system32\ujlupquk.exe
2007-11-21 21:37 . 2007-11-21 21:37 71,188 --a--c--- C:\WINDOWS\system32\jvfcejjj.exe
2007-11-21 04:25 . 2007-11-27 20:34 10,240 --a--c--- C:\Program Files\spoolsv.exe
2007-11-19 20:30 . 2007-11-19 20:30 4,286 --a--c--- C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-19 19:19 . 2007-11-19 19:19 71,188 --a--c--- C:\WINDOWS\system32\mrmbtofm.exe
2007-11-18 19:21 . 2007-11-18 19:21 <DIR> d-------- C:\Program Files\E404DHelper
2007-11-18 19:21 . 2007-11-18 19:21 104,448 --a--c--- C:\WINDOWS\system32\drvpur.dll
2007-11-16 17:28 . 2007-11-16 17:28 71,188 --a--c--- C:\WINDOWS\system32\oixthkdp.exe
2007-11-15 17:27 . 2007-11-15 17:27 71,188 --a--c--- C:\WINDOWS\system32\mwtkgqfa.exe
2007-11-14 17:27 . 2007-11-14 17:27 71,188 --a--c--- C:\WINDOWS\system32\akxpdncv.exe
2007-11-13 17:29 . 2007-11-13 17:29 71,188 --a--c--- C:\WINDOWS\system32\lkynmdjh.exe
2007-11-12 17:29 . 2007-11-12 17:29 71,188 --a--c--- C:\WINDOWS\system32\wtsoxbvm.exe
2007-11-11 16:05 . 2007-11-25 18:57 <DIR> d-------- C:\Program Files\E404 Helper
2007-11-11 16:04 . 2007-11-19 20:26 9,728 --a--c--- C:\Program Files\hlpsrv.exe
2007-11-11 16:02 . 2007-11-11 16:02 <DIR> d-------- C:\Program Files\Zpknnpgz
2007-11-11 16:02 . 2007-11-11 16:02 <DIR> d-------- C:\Program Files\zezqzkbc
2007-11-11 16:02 . 2007-11-11 16:03 1,149,576 --a------ C:\Install
2007-10-31 16:01 . 2007-10-31 16:01 <DIR> d-------- C:\WINDOWS\Sun
2007-10-30 18:09 . 1997-05-05 07:35 32,272 --a--c--- C:\WINDOWS\unvise.exe
2007-10-30 18:09 . 1997-04-18 12:56 21,504 --a--c--- C:\WINDOWS\unvise32.dll
2007-10-30 18:08 . 2007-11-15 16:26 1,851 --a--c--- C:\WINDOWS\ACROREAD.INI
2007-10-30 18:07 . 2007-10-30 18:09 <DIR> d-------- C:\Program Files\InMedia Presentations Inc
2007-10-30 18:07 . 1997-06-13 05:46 298,496 --a--c--- C:\WINDOWS\uninst.exe
2007-10-30 17:56 . 2001-08-17 13:00 54,272 --a--c--- C:\WINDOWS\system32\drivers\swmidi.sys
2007-10-30 17:56 . 2001-08-17 13:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2007-10-30 17:54 . 2001-08-17 21:36 99,328 --a------ C:\WINDOWS\system32\srusd.dll
2007-10-30 17:54 . 2001-08-17 21:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2007-10-30 17:54 . 2001-08-17 21:36 71,680 --a--c--- C:\WINDOWS\system32\fnfilter.dll
2007-10-30 07:00 . 2007-10-30 07:00 218,624 --a--c--- C:\WINDOWS\system32\uxtheme.rxp
2007-10-30 07:00 . 2007-10-30 07:00 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.rxp
2007-10-30 06:59 . 2007-10-30 06:59 <DIR> d-------- C:\Program Files\Rocket Division Software
2007-10-30 06:58 . 2007-10-30 06:58 <DIR> d-------- C:\Documents and Settings\Dennis\Application Data\Talkback
2007-10-28 22:27 . 2007-11-27 18:29 <DIR> d-------- C:\Documents and Settings\Dennis\Shared
2007-10-28 22:27 . 2007-11-27 19:00 <DIR> d-------- C:\Documents and Settings\Dennis\Incomplete
2007-10-28 22:27 . 2007-11-26 23:23 <DIR> d-------- C:\Documents and Settings\Dennis\Application Data\LimeWire
2007-10-28 22:26 . 2007-11-09 21:57 <DIR> d-------- C:\Program Files\Java
2007-10-28 22:26 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2007-10-28 22:25 . 2007-10-28 22:26 <DIR> d-------- C:\Program Files\LimeWire
2007-10-28 22:25 . 2007-10-28 22:25 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-28 22:24 . 2007-10-28 22:24 <DIR> d-------- C:\WINDOWS\lhsp
2007-10-28 22:23 . 2007-10-28 22:23 <DIR> d-------- C:\WINDOWS\speech
2007-10-28 22:23 . 2007-10-28 22:23 <DIR> d-------- C:\Program Files\AIV Reminder
2007-10-28 22:23 . 2000-05-21 22:00 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx
2007-10-28 22:23 . 2003-11-29 04:18 366,080 --a--c--- C:\WINDOWS\system32\vbskfr2.ocx
2007-10-28 22:23 . 1998-06-23 23:00 209,192 --a--c--- C:\WINDOWS\system32\TABCTL32.OCX
2007-10-28 22:23 . 2001-06-26 14:35 131,072 --a--c--- C:\WINDOWS\system32\ARbutton.ocx
2007-10-28 22:23 . 1998-06-23 23:00 103,744 --a--c--- C:\WINDOWS\system32\MSCOMM32.OCX
2007-10-28 22:23 . 2006-03-17 12:08 98,304 --a--c--- C:\WINDOWS\system32\etShapedForm.ocx
2007-10-28 22:23 . 2007-08-15 10:12 31 --a--c--- C:\WINDOWS\system32\Killrem.bat
2007-10-28 21:54 . 2007-10-28 21:54 <DIR> d-------- C:\Screensavers.com
2007-10-28 21:54 . 2007-10-28 21:54 <DIR> d-------- C:\Program Files\ScreenScare Trapped
2007-10-28 02:18 . 2007-10-28 02:18 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-28 01:25 . 2007-11-14 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-28 01:17 . 2007-07-30 19:19 25,944 --a--c--- C:\WINDOWS\system32\wuapi.dll.mui
2007-10-26 05:57 . 2007-10-26 05:57 <DIR> d---s---- C:\Documents and Settings\Dennis\UserData
2007-10-25 19:41 . 2007-06-15 15:45 1,826,816 --a--c--- C:\WINDOWS\SkyTel.exe
2007-10-25 19:41 . 2006-02-14 18:22 142,464 --a--c--- C:\WINDOWS\system32\drivers\aec.sys
2007-10-25 19:41 . 2006-02-14 18:22 142,464 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys
2007-10-25 19:41 . 2004-08-03 23:56 130,048 --a--c--- C:\WINDOWS\system32\ksproxy.ax
2007-10-25 19:41 . 2006-06-14 03:00 82,944 --a--c--- C:\WINDOWS\system32\drivers\wdmaud.sys
2007-10-25 19:41 . 2006-06-14 03:00 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-10-25 19:41 . 2004-08-03 22:15 60,800 --a--c--- C:\WINDOWS\system32\drivers\sysaudio.sys
2007-10-25 19:41 . 2004-08-03 22:15 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys
2007-10-25 19:41 . 2006-06-14 02:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-10-25 19:41 . 2004-08-03 23:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-10-25 19:40 . 2007-10-25 19:40 <DIR> d-------- C:\Program Files\Realtek
2007-10-25 19:40 . 2007-10-25 19:40 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-10-25 19:40 . 2007-10-30 17:46 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-10-25 19:40 . 2005-09-21 09:25 299,008 --a--c--- C:\WINDOWS\system32\ALSndMgr.cpl
2007-10-25 19:40 . 2006-08-18 05:58 282,624 --a--c--- C:\WINDOWS\system32\RTSndMgr.cpl
2007-10-25 19:40 . 2006-07-21 15:14 86,016 --a--c--- C:\WINDOWS\SoundMan.exe
2007-10-25 19:40 . 2005-06-28 10:21 22,752 --a--c--- C:\WINDOWS\system32\spupdsvc.exe
2007-10-25 18:50 . 2007-10-25 18:50 <DIR> d-------- C:\Program Files\Intel
2007-10-25 18:50 . 2006-01-12 13:52 1,904 --a--c--- C:\WINDOWS\system32\SetupBD.din
2007-10-25 16:52 . 2007-10-25 16:52 <DIR> d-------- C:\softpaq
2007-10-03 23:25 . 2000-03-29 08:17 5,824 --a--c--- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-10-03 23:19 . 2001-08-23 06:00 49,275 --a--c--- C:\WINDOWS\system32\wfospf.mib
2007-10-03 23:19 . 2001-08-23 06:00 48,593 --a--c--- C:\WINDOWS\system32\hostmib.mib
2007-10-03 23:19 . 2001-08-23 06:00 38,608 --a--c--- C:\WINDOWS\system32\nipx.mib
2007-10-03 23:19 . 2001-08-23 06:00 34,317 --a--c--- C:\WINDOWS\system32\msiprip2.mib
2007-10-03 23:19 . 2001-08-23 06:00 26,236 --a--c--- C:\WINDOWS\system32\wins.mib
2007-10-03 23:19 . 2001-08-23 06:00 20,079 --a--c--- C:\WINDOWS\system32\http.mib
2007-10-03 23:19 . 2001-08-23 06:00 15,799 --a--c--- C:\WINDOWS\system32\ipforwd.mib
2007-10-03 23:19 . 2001-08-23 06:00 15,597 --a------ C:\WINDOWS\system32\accserv.mib
2007-10-03 23:19 . 2001-08-23 06:00 13,767 --a--c--- C:\WINDOWS\system32\msipbtp.mib

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 01:40 315,392 -c--a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{261C35B4-9283-6344-C5C0-005CF873D624}]
2007-11-11 16:02 114688 --a------ C:\Program Files\Zpknnpgz\qdadpoes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1962C5BC-E475-465B-823B-133E711BCEB9}"= C:\Program Files\Starware316\bin\Starware316.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{1962c5bc-e475-465b-823b-133e711bceb9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"RTHDCPL"="RTHDCPL.EXE" []
"AIV Reminder"="C:\Program Files\AIV Reminder\aivreminder.exe" [2007-08-15 10:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"StarSkin"="C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.exe" [2006-03-15 15:47]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gos2C]
gos2C.tmp

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll

R1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 18:06:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 18:07:03 - machine was rebooted
.
--- E O F ---

Similar Threads

Great search homepage (HIjack log inside) in Viruses, Spyware and other Nasties
roings hijacker...hijack log in Viruses, Spyware and other Nasties
Hijack this log - bridge file - please help! in Viruses, Spyware and other Nasties
TROJ STILEN.A hijack this log need to delete in Viruses, Spyware and other Nasties
Help with Hijack Log Please in Viruses, Spyware and other Nasties

CountryBumpkin

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

3 posts
since Nov 2007

Permalink

Nov 30th, 2007

Re: HiJack Log

Keep working at it; your sys is filthy. I'd help, but I don't have the time.... I'm just peering at a few posts.

gerbil

Reputation Points: 239

Solved Threads: 296

Industrious Poster

Offline

4,169 posts
since May 2005

Permalink

Nov 30th, 2007

Re: HiJack Log

I'd also download ad-aware it can clean some of that junk off

Capt_Kirk

Reputation Points: 10

Solved Threads: 1

Newbie Poster

Offline

23 posts
since Nov 2007

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: CTFMON in files other than system32

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Help window keeps popping up

DaniWeb Message

Cancel Changes

User Name
Password