Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Is this a SAFE hijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Is this a SAFE hijack this log

Unread postby timo1025 » October 5th, 2009, 12:32 pm

Hello - I recently had to take over this computer from
my Father - I have tried to clean it up as best as I can.
Is there anything suspicious in this log ?
THANK YOU ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:13 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: FreshDownload - {08C0CB8B-D5A3-48A7-805E-DDE1D4F00490} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/ ... itStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2966368109
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/ ... D3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/ ... iVirus.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/ ... tstop2.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: opnkkji - opnkkji.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe

--
End of file - 6240 bytes
timo1025
Regular Member
 
Posts: 15
Joined: October 5th, 2009, 12:19 pm
Advertisement
Register to Remove

Re: Is this a SAFE hijack this log

Unread postby km2357 » October 8th, 2009, 2:14 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Is this a SAFE hijack this log

Unread postby km2357 » October 11th, 2009, 12:33 pm

timo1025? Do you still need help?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Is this a SAFE hijack this log

Unread postby timo1025 » October 11th, 2009, 12:38 pm

yes, i thought you were looking at my log to see if it was safe
timo1025
Regular Member
 
Posts: 15
Joined: October 5th, 2009, 12:19 pm

Re: Is this a SAFE hijack this log

Unread postby km2357 » October 12th, 2009, 2:11 am

timo1025 wrote:yes, i thought you were looking at my log to see if it was safe


As the last sentence in my last post says:

If you still need help, please post a fresh HiJackThis Log


The HiJackThis Log in your first post is almost a week old, I need to see a new one then we can continue working on the computer. :)
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Is this a SAFE hijack this log

Unread postby timo1025 » October 12th, 2009, 9:03 pm

here is an updated log
thanks...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:55 PM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: FreshDownload - {08C0CB8B-D5A3-48A7-805E-DDE1D4F00490} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/ ... itStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2966368109
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/Nirvana/ ... D3Ctrl.dll
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Nirvana/ ... iVirus.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Nirvana/ ... tstop2.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnkkji - opnkkji.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe

--
End of file - 6336 bytes
timo1025
Regular Member
 
Posts: 15
Joined: October 5th, 2009, 12:19 pm

Re: Is this a SAFE hijack this log

Unread postby km2357 » October 13th, 2009, 1:27 am

Step # 1: Remove Hijackthis Entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)



    If an Administrator has not set a policy restricting access to Internet Explorer settings and you have not configured any software such as Spybot S & D or a similar program to prevent changing Internet Explorer settings, then you can also fix these O6 entries with HijackThis:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.



Step # 2 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.



Step # 3: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click No.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Is this a SAFE hijack this log

Unread postby timo1025 » October 13th, 2009, 7:36 pm

DDS

DDS (Ver_09-10-13.01) - NTFSx86
Run by Owner at 18:16:41.35 on Tue 10/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.978 [GMT -4:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\79A5G5YK\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://srch-us8.hpwis.com/
uSearch Bar = hxxp://srch-us8.hpwis.com/
mSearch Bar = hxxp://srch-us8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
mWinlogon: SFCDisable=4 (0x4)
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {08C0CB8B-D5A3-48A7-805E-DDE1D4F00490}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/ ... itStop.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 2966368109
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/ ... D3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/ ... iVirus.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/ ... tstop2.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: opnkkji - opnkkji.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddccb

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-20 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-14 54752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-8-22 309008]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-10-05 14:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 14:22 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 14:22 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-10-05 14:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-04 18:07 <DIR> --d----- c:\program files\Trend Micro
2009-10-04 18:04 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 18:04 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-04 18:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 12:48 268,648 a------- c:\windows\system32\mucltui.dll
2009-09-15 12:48 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-09-14 18:26 <DIR> --d----- c:\documents and settings\owner\Tracing
2009-09-14 18:24 54,752 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-14 18:23 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-09-14 18:23 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-09-14 18:21 <DIR> --d----- c:\program files\Microsoft
2009-09-14 18:21 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-09-14 18:15 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-08-23 09:35 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
2009-08-17 20:23 166,356 a------- c:\windows\hpoins29.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-18 12:21 79,915 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2008-09-05 15:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 18:17:26.90 ===============
timo1025
Regular Member
 
Posts: 15
Joined: October 5th, 2009, 12:19 pm

Re: Is this a SAFE hijack this log

Unread postby timo1025 » October 13th, 2009, 7:38 pm

GMER log

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-13 19:34:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxldipow.sys


---- System - GMER 1.0.15 ----

SSDT F7AA219E ZwCreateKey
SSDT F7AA2194 ZwCreateThread
SSDT F7AA21A3 ZwDeleteKey
SSDT F7AA21AD ZwDeleteValueKey
SSDT F7AA21B2 ZwLoadKey
SSDT F7AA2180 ZwOpenProcess
SSDT F7AA2185 ZwOpenThread
SSDT F7AA21BC ZwReplaceKey
SSDT F7AA21B7 ZwRestoreKey
SSDT F7AA21A8 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB1DE60B0]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01900001
.text C:\WINDOWS\system32\ctfmon.exe[1532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\msaud32.acm (size mismatch) 282654/294912 bytes executable
File C:\WINDOWS\system32\iedkcs32.dll (size mismatch) 387584/386048 bytes executable
File C:\WINDOWS\system32\SET459.tmp 136192 bytes executable
File C:\WINDOWS\system32\SET4D8.tmp 58880 bytes executable
File C:\WINDOWS\system32\SET4F7.tmp 916480 bytes executable
File C:\WINDOWS\system32\SET4F8.tmp 1208832 bytes executable
File C:\WINDOWS\system32\SET4FA.tmp 5940224 bytes
File C:\WINDOWS\system32\SET4FB.tmp 55296 bytes executable
File C:\WINDOWS\system32\SET4FC.tmp 594432 bytes executable
File C:\WINDOWS\system32\SET4FF.tmp 1985536 bytes executable
File C:\WINDOWS\system32\SET501.tmp 11069440 bytes executable
File C:\WINDOWS\FaxSetup.log 61589 bytes
File C:\WINDOWS\msgsocm.log 3090 bytes
File C:\WINDOWS\ntdtcsetup.log 12264 bytes
File C:\WINDOWS\ocgen.log 29560 bytes
File C:\WINDOWS\ocmsn.log 3420 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index128.dat 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index129.dat 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP610.tmp 0 bytes
File C:\WINDOWS\comsetup.log 20147 bytes
File C:\WINDOWS\$NtUninstallKB969059$ 0 bytes
File C:\WINDOWS\$NtUninstallKB969059$\query.dll 1435648 bytes executable
File C:\WINDOWS\$NtUninstallKB969059$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.inf 10260 bytes
File C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.txt 308 bytes
File C:\WINDOWS\$NtUninstallKB969059$\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\$NtUninstallKB971486$ 0 bytes
File C:\WINDOWS\$NtUninstallKB971486$\ntkrnlmp.exe 2145280 bytes executable
File C:\WINDOWS\$NtUninstallKB971486$\ntkrnlpa.exe 2023936 bytes executable
File C:\WINDOWS\$NtUninstallKB971486$\ntkrnlpa.exe.000 2066048 bytes executable
File C:\WINDOWS\$NtUninstallKB971486$\ntkrpamp.exe 2023936 bytes executable
File C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe 2145280 bytes executable
File C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe.000 2189056 bytes executable
File C:\WINDOWS\$NtUninstallKB971486$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.inf 11706 bytes
File C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.txt 1348 bytes
File C:\WINDOWS\$NtUninstallKB971486$\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\$NtUninstallKB973525$ 0 bytes
File C:\WINDOWS\$NtUninstallKB973525$\reg00001 1560576 bytes
File C:\WINDOWS\$NtUninstallKB973525$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.inf 9235 bytes
File C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.txt 122 bytes
File C:\WINDOWS\$NtUninstallKB973525$\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\setupact.log 0 bytes
File C:\WINDOWS\setupapi.log 13430 bytes
File C:\WINDOWS\setuperr.log 0 bytes
File C:\WINDOWS\$NtUninstallKB954155_WM9$ 0 bytes
File C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.inf 9992 bytes
File C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.txt 275 bytes
File C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\$NtUninstallKB954155_WM9$\wmspdmod.dll 603648 bytes
File C:\WINDOWS\$NtUninstallKB958869$ 0 bytes
File C:\WINDOWS\$NtUninstallKB958869$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB958869$\spuninst\KB958869.asms 592 bytes
File C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.inf 9462 bytes
File C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.txt 122 bytes
File C:\WINDOWS\$NtUninstallKB958869$\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\KB954155.log 12538 bytes
File C:\WINDOWS\KB958869.log 10463 bytes
File C:\WINDOWS\KB971486.log 16511 bytes
File C:\WINDOWS\KB973525.log 11773 bytes
File C:\WINDOWS\KB974455-IE8.log 28883 bytes

---- EOF - GMER 1.0.15 ----
timo1025
Regular Member
 
Posts: 15
Joined: October 5th, 2009, 12:19 pm

Re: Is this a SAFE hijack this log

Unread postby timo1025 » October 13th, 2009, 7:39 pm

Attach txt

DDS (Ver_09-10-13.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/14/2005 5:03:35 PM
System Uptime: 10/13/2009 7:48:35 AM (11 hours ago)

Motherboard: ASUSTeK Computer INC. | | 'P4SD-LA'
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | CPU 1 | 2400/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 62.359 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_058F&PID_9360\9203111
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_058F&PID_9360\9203111
Service: USBSTOR

==== System Restore Points ===================

RP1227: 10/4/2009 6:17:26 PM - System Checkpoint
RP1228: 10/5/2009 2:22:34 PM - Installed SUPERAntiSpyware Free Edition
RP1229: 10/9/2009 1:21:00 AM - System Checkpoint
RP1230: 10/11/2009 1:11:08 PM - System Checkpoint
RP1231: 10/12/2009 9:26:39 PM - System Checkpoint

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Advanced SystemCare 3
Avira AntiVir Personal - Free Antivirus
BroadJump Client Foundation
BufferChm
C4400
C4400_Help
Cake Poker
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner (remove only)
Copy
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
GPBaseService
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Instant Support
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HpSdpAppCoreApp
Intel(R) Extreme Graphics 2 Driver
IntelliMover Data Transfer Demo
Internet Explorer Q903235
InterVideo WinDVD Player
IObit Security 360
J2SE Runtime Environment 5.0 Update 9
Junk Mail filter update
KBD
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S. 11.0
PanoStandAlone
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PS2
PSSWCORE
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealOne Player
S3Display
S3Gamma2
S3Info2
S3Overlay
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Simple Installer - Multilanguage Version
SmartWebPrinting
SolutionCenter
Status
SUPERAntiSpyware Free Edition
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Updates from HP
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

10/11/2009 2:19:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
10/11/2009 2:19:32 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
10/11/2009 2:19:32 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/10/2009 10:34:36 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================
timo1025
Regular Member
 
Posts: 15
Joined: October 5th, 2009, 12:19 pm

Re: Is this a SAFE hijack this log

Unread postby km2357 » October 14th, 2009, 1:20 am

Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Is this a SAFE hijack this log

Unread postby timo1025 » October 15th, 2009, 8:07 am

ComboFix 09-10-14.09 - Owner 10/15/2009 7:07.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1089 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CA Yahoo Antispy.lnk
c:\windows\system32\bgrcqgrx.ini
c:\windows\system32\bphlbvxb.ini
c:\windows\system32\breqmfyx.ini
c:\windows\system32\buwhihdr.ini
c:\windows\system32\ctfmon .exe
c:\windows\system32\dkpentil.ini
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\jayrwump.ini
c:\windows\system32\kcwphlip.ini
c:\windows\system32\mqewyhsq.ini
c:\windows\system32\nnepxayq.ini
c:\windows\system32\okfomtvd.ini
c:\windows\system32\pcixqvul.ini
c:\windows\system32\ps2.bat
c:\windows\system32\vvvlulqx.ini
c:\windows\system32\wcpvegkj.ini
c:\windows\system32\yapvlrom.ini

.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-05 18:23 . 2009-10-15 04:34 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-05 18:22 . 2009-10-05 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-05 18:22 . 2009-10-05 18:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-05 18:22 . 2009-10-05 18:22 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-10-05 18:20 . 2009-10-05 18:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-04 22:07 . 2009-10-04 22:07 -------- d-----w- c:\program files\Trend Micro
2009-10-04 22:04 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 22:04 . 2009-10-04 22:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 22:04 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 20:03 . 2009-10-13 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-10-04 19:45 . 2009-10-04 19:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-26 07:46 . 2009-09-30 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-15 16:48 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 16:48 . 2008-11-01 22:19 -------- d-----w- c:\program files\Cake Poker
2009-09-24 20:55 . 2009-09-12 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-09-16 19:43 . 2009-09-14 22:25 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-14 22:31 . 2009-09-12 13:37 -------- d-----w- c:\program files\PCPitstop
2009-09-14 22:26 . 2005-11-03 14:47 45920 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 22:24 . 2009-09-14 22:21 -------- d-----w- c:\program files\Windows Live
2009-09-14 22:24 . 2009-09-14 22:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-14 22:23 . 2009-09-14 22:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-14 22:21 . 2009-09-14 22:21 -------- d-----w- c:\program files\Microsoft
2009-09-14 22:21 . 2009-09-14 22:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-14 22:15 . 2009-09-14 22:15 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-13 13:10 . 2009-09-12 15:03 -------- d-----w- c:\documents and settings\Owner\Application Data\FreshDiagnose
2009-09-12 15:31 . 2009-09-12 14:15 -------- d-----w- c:\program files\FreshDevices
2009-09-12 14:32 . 2008-02-06 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 14:18 . 2005-04-14 21:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-04-14 20:59 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 14:33 . 2009-08-29 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-08-29 13:35 . 2009-08-18 01:43 -------- d-----w- c:\documents and settings\Owner\Application Data\TweakNow RegCleaner
2009-08-29 13:34 . 2009-08-17 23:59 -------- d-----w- c:\program files\HP
2009-08-29 08:08 . 2005-04-27 14:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2005-04-14 21:55 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 23:37 . 2009-06-20 21:30 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2009-08-23 23:06 . 2003-04-10 06:26 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-23 13:44 . 2003-04-10 07:06 -------- d-----w- c:\program files\HP Instant Support
2009-08-23 13:35 . 2009-08-08 15:58 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-08-18 00:24 . 2009-08-18 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-08-18 00:23 . 2009-08-17 23:54 166356 ----a-w- c:\windows\hpoins29.dat
2009-08-18 00:22 . 2009-08-18 00:22 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-08-18 00:10 . 2009-08-18 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-18 00:10 . 2009-08-18 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-08-18 00:09 . 2009-08-18 00:09 -------- d-----w- c:\program files\Common Files\HP
2009-08-18 00:09 . 2009-08-18 00:09 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-17 23:59 . 2009-08-17 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-08-07 21:58 . 2009-06-20 21:00 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-06 02:48 . 2009-09-14 22:24 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-29 08:04 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 08:04 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2005-04-14 20:58 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22 . 2005-04-14 21:55 1435648 ----a-w- c:\windows\system32\query.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"omniserv"=2 (0x2)
"MpfService"=2 (0x2)
"McShield"=2 (0x2)
"aolavupd"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"NISUM"=2 (0x2)
"ccPxySvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"helpsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\windows\system32\wlynhkoj.exe"= c:\windows\system32\wly
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/20/2009 5:00 PM 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/14/2009 6:24 PM 54752]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [8/22/2009 11:01 AM 309008]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-04 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-05 15:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://srch-us8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: {{08C0CB8B-D5A3-48A7-805E-DDE1D4F00490}
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/ ... D3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/ ... iVirus.dll
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
Notify-opnkkji - opnkkji.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 07:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,03,da,70,d6,89,89,4f,83,fc,f1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,03,da,70,d6,89,89,4f,83,fc,f1,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(492)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-15 7:13
ComboFix-quarantined-files.txt 2009-10-15 11:13

Pre-Run: 66,160,664,576 bytes free
Post-Run: 66,123,825,152 bytes free

212 --- E O F --- 2009-10-13 23:14
timo1025
Regular Member
 
Posts: 15
Joined: October 5th, 2009, 12:19 pm

Re: Is this a SAFE hijack this log

Unread postby km2357 » October 15th, 2009, 2:25 pm

Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    File::
    
    c:\windows\system32\wlynhkoj.exe
    
    DirLook::
    
    c:\windows\system32\wly
    
    Registry::
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\windows\system32\wlynhkoj.exe"=-
    
    DDS::
    
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on timo1025's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Is this a SAFE hijack this log

Unread postby timo1025 » October 15th, 2009, 4:56 pm

ComboFix 09-10-15.01 - Owner 10/15/2009 16:46.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1073 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt.lnk
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-05 18:23 . 2009-10-15 04:34 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-05 18:22 . 2009-10-05 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-05 18:22 . 2009-10-05 18:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-05 18:22 . 2009-10-05 18:22 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-10-05 18:20 . 2009-10-05 18:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-04 22:07 . 2009-10-04 22:07 -------- d-----w- c:\program files\Trend Micro
2009-10-04 22:04 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 22:04 . 2009-10-04 22:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 22:04 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 20:03 . 2009-10-15 20:43 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-10-04 19:45 . 2009-10-04 19:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-26 07:46 . 2009-09-30 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 16:48 . 2008-11-01 22:19 -------- d-----w- c:\program files\Cake Poker
2009-09-24 20:55 . 2009-09-12 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-09-16 19:43 . 2009-09-14 22:25 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-14 22:31 . 2009-09-12 13:37 -------- d-----w- c:\program files\PCPitstop
2009-09-14 22:26 . 2005-11-03 14:47 45920 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 22:24 . 2009-09-14 22:21 -------- d-----w- c:\program files\Windows Live
2009-09-14 22:24 . 2009-09-14 22:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-14 22:23 . 2009-09-14 22:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-14 22:21 . 2009-09-14 22:21 -------- d-----w- c:\program files\Microsoft
2009-09-14 22:21 . 2009-09-14 22:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-14 22:15 . 2009-09-14 22:15 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-13 13:10 . 2009-09-12 15:03 -------- d-----w- c:\documents and settings\Owner\Application Data\FreshDiagnose
2009-09-12 15:31 . 2009-09-12 14:15 -------- d-----w- c:\program files\FreshDevices
2009-09-12 14:32 . 2008-02-06 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 14:18 . 2005-04-14 21:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-04-14 20:59 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 14:33 . 2009-08-29 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-08-29 13:35 . 2009-08-18 01:43 -------- d-----w- c:\documents and settings\Owner\Application Data\TweakNow RegCleaner
2009-08-29 13:34 . 2009-08-17 23:59 -------- d-----w- c:\program files\HP
2009-08-29 08:08 . 2005-04-27 14:54 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2005-04-14 21:55 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 23:37 . 2009-06-20 21:30 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2009-08-23 23:06 . 2003-04-10 06:26 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-23 13:44 . 2003-04-10 07:06 -------- d-----w- c:\program files\HP Instant Support
2009-08-23 13:35 . 2009-08-08 15:58 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-08-18 00:24 . 2009-08-18 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-08-18 00:23 . 2009-08-17 23:54 166356 ----a-w- c:\windows\hpoins29.dat
2009-08-18 00:22 . 2009-08-18 00:22 -------- d-----w- c:\documents and settings\Owner\Application Data\HP
2009-08-18 00:10 . 2009-08-18 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-18 00:10 . 2009-08-18 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-08-18 00:09 . 2009-08-18 00:09 -------- d-----w- c:\program files\Common Files\HP
2009-08-18 00:09 . 2009-08-18 00:09 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-17 23:59 . 2009-08-17 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-08-07 21:58 . 2009-06-20 21:00 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-06 02:48 . 2009-09-14 22:24 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-29 08:04 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 08:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"omniserv"=2 (0x2)
"MpfService"=2 (0x2)
"McShield"=2 (0x2)
"aolavupd"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"NISUM"=2 (0x2)
"ccPxySvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"helpsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\windows\system32\wlynhkoj.exe"= c:\windows\system32\wly
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/20/2009 5:00 PM 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/14/2009 6:24 PM 54752]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [8/22/2009 11:01 AM 309008]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys --> c:\documents and settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://srch-us8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
IE: {{08C0CB8B-D5A3-48A7-805E-DDE1D4F00490}
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/ ... D3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/ ... iVirus.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 16:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,03,da,70,d6,89,89,4f,83,fc,f1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,03,da,70,d6,89,89,4f,83,fc,f1,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(492)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-15 16:53
ComboFix-quarantined-files.txt 2009-10-15 20:53
ComboFix2.txt 2009-10-15 11:14

Pre-Run: 66,036,473,856 bytes free
Post-Run: 66,110,722,048 bytes free

176 --- E O F --- 2009-10-13 23:14
timo1025
Regular Member
 
Posts: 15
Joined: October 5th, 2009, 12:19 pm

Re: Is this a SAFE hijack this log

Unread postby timo1025 » October 15th, 2009, 4:57 pm

DDS (Ver_09-10-13.01) - NTFSx86
Run by Owner at 16:55:44.42 on Thu 10/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1002 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HNX7UXSK\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://srch-us8.hpwis.com/
uInternet Settings,ProxyOverride = localhost
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {08C0CB8B-D5A3-48A7-805E-DDE1D4F00490}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/ ... itStop.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 2966368109
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/ ... D3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/ ... iVirus.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/ ... tstop2.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-20 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-14 54752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-8-22 309008]
S3 FileObjInfo;STFileDriver;\??\c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys --> c:\documents and settings\all users\application data\spyware terminator\FileObjInfo.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-10-14 17:52 <DIR> a-dshr-- C:\cmdcons
2009-10-14 17:51 236,544 a------- c:\windows\PEV.exe
2009-10-14 17:51 161,792 a------- c:\windows\SWREG.exe
2009-10-14 17:51 98,816 a------- c:\windows\sed.exe
2009-10-05 14:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-05 14:22 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-05 14:22 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-10-05 14:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-10-04 18:07 <DIR> --d----- c:\program files\Trend Micro
2009-10-04 18:04 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 18:04 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-04 18:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 04:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-23 09:35 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
2009-08-17 20:23 166,356 a------- c:\windows\hpoins29.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 11:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-18 12:21 79,915 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-05 15:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 16:56:15.04 ===============
timo1025
Regular Member
 
Posts: 15
Joined: October 5th, 2009, 12:19 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware