Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer with outerinfo and trojandownloader.xs

Started by tspec , Mar 04 2008 07:08 PM

  • Please log in to reply

#1
tspec
Posted 04 March 2008 - 07:08 PM

tspec

    New Member

  • Member
  • Pip
  • 1 posts
Hi, i am trying to fix a computer for a friend, and the computer had outerinfo and trojandownloader.xs on it. i used the guide for removing outerinfo that is here on the forums and have just created hijackthis and combofix log files. I would like to know what to do next, thanks

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:59 PM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Gamburg provider - {F832BACA-4BD5-4eee-B420-4A85F0794030} - berg2.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dc7aa2e4] rundll32.exe "C:\WINDOWS\system32\mslhpcrj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?02c12c6882784d5f85e84de83e3526f0
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?02c12c6882784d5f85e84de83e3526f0
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: alwthrga - alwthrga.dll (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 4729 bytes




Combofix:




ComboFix 08-03-04.4 - Khodia 2008-03-04 19:42:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.261 [GMT -5:00]
Running from: C:\Documents and Settings\Khodia\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\RABCO
C:\Program Files\RABCO\ExecutionDll.dll
C:\Program Files\RABCO\RABCO.dll.intermediate.manifest
C:\Program Files\RABCO\RABCOse.info
C:\Program Files\RABCO\RABCOse.original
C:\Program Files\RABCO\Setup.log
C:\Program Files\RABCO\un_RABCOSetup_16230.exe
C:\Program Files\RABCO\un_RABCOSetup_16230.txt
C:\Program Files\RABCO\X_RABCOse.log
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\alwthrga.dllbox
C:\WINDOWS\system32\bpmddcid.dll
C:\WINDOWS\system32\c2
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\c4\np89104.exe
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\DMusicc.sys
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\iDlo01\iDlo011065.exe
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\jrcphlsm.ini
C:\WINDOWS\system32\k8
C:\WINDOWS\system32\nbgyvgfo.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\s7
C:\WINDOWS\system32\s7\gbsu011.exe
C:\WINDOWS\system32\soxhwvxn.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\x3
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DMUSICC
-------\DMusicc


((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-04 18:38 . 2008-03-04 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-04 18:37 . 2008-03-04 18:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-04 18:37 . 2008-03-04 18:37 <DIR> d-------- C:\Documents and Settings\Khodia\Application Data\SUPERAntiSpyware.com
2008-03-04 18:36 . 2008-03-04 18:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 18:34 . 2008-03-04 18:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-04 18:33 . 2008-03-04 18:33 26,048 --a------ C:\WINDOWS\system32\ssqrrqp.dll
2008-03-04 17:48 . 2008-03-04 17:49 34,816 --a------ C:\WINDOWS\system32\tinox1.dll
2008-03-04 17:48 . 2008-03-04 17:49 34,816 --a------ C:\WINDOWS\system32\berg2.dll
2008-03-04 15:58 . 2008-03-04 15:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-04 15:58 . 2008-03-04 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 04:50 . 2008-03-04 17:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-03 04:50 . 2008-03-03 04:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 01:55 . 2008-03-03 01:55 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-03 00:46 . 2008-03-03 00:46 26,048 --a------ C:\WINDOWS\system32\ljjjijk.dll
2008-03-02 13:16 . 2008-03-03 00:29 40,960 --a------ C:\WINDOWS\system32\rfhdfhw.exe
2008-03-02 13:16 . 2008-03-03 00:29 40,960 --a------ C:\WINDOWS\gfhy45juyhgr.exe
2008-03-02 13:16 . 2008-03-03 00:29 20,480 --a------ C:\WINDOWS\quit.exe
2008-03-02 13:08 . 2008-03-02 17:40 <DIR> d-------- C:\Program Files\Registry Defender
2008-03-02 12:29 . 2008-03-02 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-02 12:27 . 2008-03-04 19:22 <DIR> d--hs---- C:\WINDOWS\S2hvZGlh
2008-03-02 12:27 . 2008-03-04 19:42 <DIR> d-------- C:\Temp
2008-03-01 00:57 . 2008-03-01 00:57 <DIR> d-------- C:\Program Files\Windows Live
2008-03-01 00:57 . 2008-03-01 01:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 00:57 . 2008-03-01 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-24 13:14 . 2008-02-24 13:14 268 --ah----- C:\sqmdata07.sqm
2008-02-24 13:14 . 2008-02-24 13:14 244 --ah----- C:\sqmnoopt07.sqm
2008-02-24 02:11 . 2008-02-24 02:11 268 --ah----- C:\sqmdata06.sqm
2008-02-24 02:11 . 2008-02-24 02:11 244 --ah----- C:\sqmnoopt06.sqm
2008-02-23 08:27 . 2008-02-23 08:27 268 --ah----- C:\sqmdata05.sqm
2008-02-23 08:27 . 2008-02-23 08:27 244 --ah----- C:\sqmnoopt05.sqm
2008-02-23 02:39 . 2008-02-23 02:39 268 --ah----- C:\sqmdata04.sqm
2008-02-23 02:39 . 2008-02-23 02:39 244 --ah----- C:\sqmnoopt04.sqm
2008-02-15 17:15 . 2008-02-15 17:23 <DIR> d-------- C:\Documents and Settings\Khodia\Application Data\DivX
2008-02-15 16:49 . 2008-02-15 16:50 <DIR> d-------- C:\Program Files\DivX
2008-02-08 19:49 . 2008-02-08 19:49 268 --ah----- C:\sqmdata03.sqm
2008-02-08 19:49 . 2008-02-08 19:49 244 --ah----- C:\sqmnoopt03.sqm
2008-02-08 12:11 . 2008-02-13 10:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-08 12:11 . 2008-02-08 12:11 268 --ah----- C:\sqmdata02.sqm
2008-02-08 12:11 . 2008-02-08 12:11 244 --ah----- C:\sqmnoopt02.sqm
2008-02-08 11:22 . 2008-02-08 11:22 268 --ah----- C:\sqmdata01.sqm
2008-02-08 11:22 . 2008-02-08 11:22 244 --ah----- C:\sqmnoopt01.sqm
2008-02-08 11:19 . 2008-02-08 11:19 268 --ah----- C:\sqmdata00.sqm
2008-02-08 11:19 . 2008-02-08 11:19 244 --ah----- C:\sqmnoopt00.sqm
2008-02-08 11:12 . 2006-09-15 16:49 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
2008-02-08 09:04 . 2004-08-03 21:32 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-08 09:03 . 2001-08-23 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-08 09:02 . 2001-08-23 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-08 09:01 . 2001-08-23 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-08 09:00 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-02-08 08:58 . 2008-02-08 08:58 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-02-08 08:58 . 2008-02-08 08:58 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-08 08:58 . 2008-02-08 08:58 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-08 08:58 . 2008-02-08 08:58 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-08 08:58 . 2008-02-08 08:58 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-08 08:58 . 2008-02-08 08:58 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-08 08:57 . 2004-08-03 23:56 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-02-08 08:57 . 2001-08-23 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 18:15 --------- d-----w C:\Documents and Settings\Khodia\Application Data\Move Networks
2008-01-27 04:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-27 03:52 --------- d-----w C:\Documents and Settings\Khodia\Application Data\Apple Computer
2008-01-24 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-24 21:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-24 21:50 --------- d-----w C:\Program Files\Windows Live Favorites
2008-01-24 04:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-01-24 04:11 --------- d-----w C:\Program Files\QuickTime
2008-01-24 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-24 04:10 --------- d-----w C:\Program Files\Kodak
2008-01-24 04:10 --------- d-----w C:\Program Files\Common Files\Kodak
2008-01-23 23:28 --------- d-----w C:\Program Files\Real
2008-01-23 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-01-23 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 19:31 --------- d-----w C:\Program Files\CyberLink
2008-01-23 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-23 19:18 --------- d-----w C:\Program Files\MSBuild
2008-01-23 19:18 --------- d-----w C:\Program Files\Microsoft Works
2008-01-23 18:40 --------- d-----w C:\Program Files\Intel
2008-01-23 18:37 --------- d-----w C:\Program Files\Dell
2008-01-23 18:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-23 18:29 --------- d-----w C:\Program Files\CONEXANT
2008-01-23 18:12 --------- d-----w C:\Program Files\Broadcom
2008-01-23 18:10 --------- d-----w C:\Program Files\SigmaTel
2008-01-23 17:14 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F832BACA-4BD5-4eee-B420-4A85F0794030}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 18:10 1392640]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-09-15 16:53 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-09-15 16:50 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-09-15 16:54 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"dc7aa2e4"="C:\WINDOWS\system32\mslhpcrj.dll" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\alwthrga]
alwthrga.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 15:49]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-05 00:47:11 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-24 04:06:30 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.20.2.sxt _RegistrationOffer@16
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 19:47:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-03-04 19:48:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-05 00:48:35
.
2008-03-04 20:22:05 --- E O F ---
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP