Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Pure Hole Hole  (Read 17698 times)

0 Members and 1 Guest are viewing this topic.

Zakir

  • Guest
Re: Pure Hole Hole
« Reply #15 on: October 04, 2007, 07:10:28 AM »
 Volume in drive C is ACER
 Volume Serial Number is 3056-A0AA

 Directory of C:\Users\K!R\Application Data

 Volume in drive C is ACER
 Volume Serial Number is 3056-A0AA

 Directory of C:\Users\Kir\Application Data

 Volume in drive C is ACER
 Volume Serial Number is 3056-A0AA

 Directory of C:\Users\All Users\Application Data

 Volume in drive C is ACER
 Volume Serial Number is 3056-A0AA

 Directory of C:\Users\Default\Application Data

 Volume in drive C is ACER
 Volume Serial Number is 3056-A0AA

 Directory of C:\Users\Default User\Application Data


CBMatt

  • Mod & Malware Specialist


  • Prodigy

  • Sad and lonely...and loving every minute of it.
  • Thanked: 167
    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Pure Hole Hole
« Reply #16 on: October 04, 2007, 08:16:01 AM »
Okay, your infection doesn't seem to be as serious as I had thought it was going to be.  That's usually a good sign.  Heh.  I've attached a zip file...in it is a reg file.  Run that file and when prompted, click Yes.  This will delete the infection's key in the registry.

Then...download CCleaner (install without Yahoo! toolbar) and configure it according to this guide.

And if it still exists, try using Pocket KillBox to delete C:\ProgramData\Pure Hole Hole.wybxn8j.  I would then like to see a new HijackThis log.
Quote
An undefined problem has an infinite number of solutions.
—Robert A. Humphrey

Zakir

  • Guest
Re: Pure Hole Hole
« Reply #17 on: October 04, 2007, 08:30:10 AM »
i cant seem to find the attachment that u said u attached....and sorry to bother u so much

CBMatt

  • Mod & Malware Specialist


  • Prodigy

  • Sad and lonely...and loving every minute of it.
  • Thanked: 167
    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Pure Hole Hole
« Reply #18 on: October 04, 2007, 08:44:08 AM »
Sorry, Zakir, the upload folder is full, so I can't attach the file right now.  Instead, I'll tell you how to make it yourself.  Copy everything in the quote box below...

Quote
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"FunkItch" =-

Then open up Notepad and paste the contents.  Go to File > Save As...  Next to Save as Type select All Files and name the file badkey.reg and save it to your desktop.  You can then run the file like I previously instructed.

And don't worry, you're not a bother at all.  This is what I'm here for!
Quote
An undefined problem has an infinite number of solutions.
—Robert A. Humphrey

Zakir

  • Guest
Re: Pure Hole Hole
« Reply #19 on: October 04, 2007, 09:13:52 AM »
i did what u asked and used the pocker killbox and theres still 2 pure hole hole files in my programdata directory, one is a 0v203 file and the other a wybxn8j file.....and i did reboot after i did al that

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:55 PM, on 4/10/2007
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
D:\Program Files\Vidalia Bundle\Tor\tor.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Zakir

  • Guest
Re: Pure Hole Hole
« Reply #20 on: October 04, 2007, 09:14:31 AM »

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ycomp/defaults/sp/*http://sg.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - D:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NOD32 Control Center] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eset\NOD32 Control Center.lnk
O4 - HKCU\..\Run: [Launch Manager] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [FunkItch] "C:\ProgramData\Pure Hole Hole.wybxn8j"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download ALL with IDA - D:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: Download with IDA - D:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4E9FB3-923F-4BED-B23D-5037D93AF3E4}: NameServer = 218.186.1.38,202.156.1.68
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - D:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 9818 bytes

CBMatt

  • Mod & Malware Specialist


  • Prodigy

  • Sad and lonely...and loving every minute of it.
  • Thanked: 167
    • Yes
  • Experience: Experienced
  • OS: Windows 7
Re: Pure Hole Hole
« Reply #21 on: October 04, 2007, 09:33:55 AM »
This file is deciding to be a bit stubborn, I see.  I hate to give you more "homework", but download SUPERAntiSpyware, update it, and scan with it in Safe Mode.  Then go ahead and post the log here.  To retrieve the removal information after reboot, launch SUPERAntiSpyware again.  Click Preferences, then click the Statistics/Logs tab. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

Then...download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.
Quote
An undefined problem has an infinite number of solutions.
—Robert A. Humphrey

Zakir

  • Guest
Re: Pure Hole Hole
« Reply #22 on: October 04, 2007, 10:51:10 AM »
after about an hour of scanning, finally finished....dont worry about giving me homework, ur helping me ;D

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/05/2007 at 00:37 AM

Application Version : 3.9.1008

Core Rules Database Version : 3318
Trace Rules Database Version: 1319

Scan type       : Complete Scan
Total Scan Time : 00:39:12

Memory items scanned      : 258
Memory threats detected   : 0
Registry items scanned    : 10005
Registry threats detected : 0
File items scanned        : 70068
File threats detected     : 6

Adware.Lop-Variant
   C:\PROGRAMDATA\GRIM PROGRAM ACTIVE\FORD KEEP BARB.EXE
   C:\PROGRAMDATA\GRIM PROGRAM ACTIVE\LBPZYDCB.EXE
   C:\PROGRAMDATA\LONG SLOW ROAD ITCH\SOFT NAME.EXE
   C:\USERS\ALL USERS\GRIM PROGRAM ACTIVE\FORD KEEP BARB.EXE
   C:\USERS\ALL USERS\GRIM PROGRAM ACTIVE\LBPZYDCB.EXE
   C:\USERS\ALL USERS\LONG SLOW ROAD ITCH\SOFT NAME.EXE




Zakir

  • Guest
Re: Pure Hole Hole
« Reply #23 on: October 04, 2007, 10:52:18 AM »
ComboFix 07-10-04.6 - K!R 2007-10-05  0:45:36.1 - NTFSx86
Microsoftr Windows VistaT Home Premium   6.0.6000.0.1252.1.1033.18.169 [GMT 8:00]
Running from: C:\Users\K!R\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\K!R\AppData\Roaming\inst.exe
C:\Windows\system32\x64

.
(((((((((((((((((((((((((   Files Created from 2007-09-04 to 2007-10-04  )))))))))))))))))))))))))))))))
.

2007-10-05 00:44   51,200   --a------   C:\Windows\NirCmd.exe
2007-10-04 23:43   <DIR>   d--------   C:\Users\K!R\AppData\Roaming\SUPERAntiSpyware.com
2007-10-04 23:43   <DIR>   d--------   C:\Users\All Users\SUPERAntiSpyware.com
2007-10-04 23:43   <DIR>   d--------   C:\ProgramData\SUPERAntiSpyware.com
2007-10-04 22:58   <DIR>   dr-------   C:\!KillBox
2007-10-04 20:53   318   --a------   C:\delete.bat
2007-10-02 10:10   <DIR>   d--------   C:\Users\All Users\Long slow road itch
2007-10-02 10:10   <DIR>   d--------   C:\ProgramData\Long slow road itch
2007-10-02 10:09   <DIR>   d--------   C:\Users\All Users\grim program active
2007-10-02 10:09   <DIR>   d--------   C:\ProgramData\grim program active
2007-09-30 18:08   <DIR>   d--------   C:\Users\K!R\AppData\Roaming\Joost
2007-09-30 16:44   <DIR>   d--------   C:\Users\K!R\dwhelper
2007-09-28 16:40   <DIR>   d--------   C:\Users\All Users\p9-55-6o-55-93-56
2007-09-28 16:40   <DIR>   d--------   C:\ProgramData\p9-55-6o-55-93-56
2007-09-28 15:47   <DIR>   d--------   C:\Users\All Users\p9-55-2n-55-93-56
2007-09-28 15:47   <DIR>   d--------   C:\ProgramData\p9-55-2n-55-93-56
2007-09-27 17:30   <DIR>   dr-h-----   C:\Users\K!R\AppData\Roaming\SecuROM
2007-09-26 14:08   0   --a------   C:\Windows\Infob.dat
2007-09-26 14:08   0   --a------   C:\Windows\Infoa.dat
2007-09-24 09:31   <DIR>   d--------   C:\Users\K!R\AppData\Roaming\Vidalia
2007-09-24 09:31   <DIR>   d--------   C:\Users\K!R\AppData\Roaming\tor
2007-09-21 17:04   <DIR>   d--------   C:\Program Files\Common Files\Apple
2007-09-21 17:01   <DIR>   d--------   C:\Users\All Users\Apple
2007-09-21 17:01   <DIR>   d--------   C:\ProgramData\Apple
2007-09-21 17:01   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-09-19 06:54   <DIR>   d--------   C:\Users\K!R\AppData\Roaming\vlc
2007-09-19 05:50   <DIR>   d--------   C:\Program Files\Microsoft Works
2007-09-19 05:41   <DIR>   dr-h-----   C:\MSOCache
2007-09-19 05:35   <DIR>   d--------   C:\Users\K!R\AppData\Roaming\Audacity
2007-09-19 04:51   <DIR>   d--------   C:\Users\K!R\AppData\Roaming\uTorrent
2007-09-19 04:28   86,016   --a------   C:\Windows\System32\AddiTunes.exe
2007-09-19 04:28   626,688   --a------   C:\Windows\System32\NCTImageFile.dll
2007-09-19 04:28   61,440   --a------   C:\Windows\System32\cygz.dll
2007-09-19 04:28   4,755,968   --a------   C:\Windows\System32\apexconverter.exe
2007-09-19 04:28   398,798   --a------   C:\Windows\System32\apexpmp.exe
2007-09-19 04:28   3,138,048   --a------   C:\Windows\System32\apexxbox.exe
2007-09-19 04:28   120,320   --a------   C:\Windows\System32\apexchanger.exe
2007-09-19 04:28   109,568   --a------   C:\Windows\System32\apex3gp.exe
2007-09-19 04:28   1,295,582   --a------   C:\Windows\System32\cygwin1.dll
2007-09-19 04:27   764,416   --a------   C:\Windows\System32\NCTRMFile.dll
2007-09-19 04:27   495,104   --a------   C:\Windows\System32\NCTVideoCoreM.dll
2007-09-19 04:27   382,464   --a------   C:\Windows\System32\NCTAVIFile.dll
2007-09-19 04:27   249,856   --a------   C:\Windows\System32\NCTQuickTimeFile.dll
2007-09-19 04:16   217,127   --a------   C:\Windows\System32\drv43260.dll
2007-09-19 04:16   208,935   --a------   C:\Windows\System32\drv33260.dll
2007-09-19 04:16   176,165   --a------   C:\Windows\System32\drv23260.dll
2007-09-19 03:18   29,704   --a------   C:\Windows\System32\uxtuneup.dll
2007-09-19 03:18   16,904   --a------   C:\Windows\System32\authuitu.dll
2007-09-19 03:16   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 03:10   512,096   --a------   C:\Windows\System32\drivers\amon.sys
2007-09-19 03:10   298,104   --a------   C:\Windows\System32\imon.dll
2007-09-19 03:10   15,424   --a------   C:\Windows\System32\drivers\nod32drv.sys
2007-09-18 02:23   823,296   --a------   C:\Windows\System32\divx_xx0c.dll
2007-09-18 02:23   823,296   --a------   C:\Windows\System32\divx_xx07.dll
2007-09-18 02:22   802,816   --a------   C:\Windows\System32\divx_xx11.dll
2007-09-18 02:22   739,840   --a------   C:\Windows\System32\DivX.dll
2007-09-18 01:51   685,816   --a------   C:\Windows\System32\drivers\sptd.sys
2007-09-17 17:49   89,360   --a------   C:\Windows\System32\VB5DB.DLL
2007-09-17 17:49   86,016   --a------   C:\Windows\unvise32qt.exe
2007-09-17 17:49   69,632   --a------   C:\Windows\System32\xmltok.dll
2007-09-17 17:49   505,104   --a------   C:\Windows\System32\msxml.dll
2007-09-17 17:49   36,864   --a------   C:\Windows\System32\xmlparse.dll
2007-09-17 17:49   28,432   --a------   C:\Windows\System32\msxmlr.dll
2007-09-17 17:49   26,088   --a------   C:\Windows\System32\xmlinst.exe
2007-09-17 17:49   24,576   --a------   C:\Windows\System32\msxml3a.dll
2007-09-17 17:48   <DIR>   d--------   C:\Users\All Users\QuickTime
2007-09-17 17:48   <DIR>   d--------   C:\ProgramData\QuickTime
2007-09-16 00:14   <DIR>   d--------   C:\Users\K!R\.dwa_store
2007-09-15 10:09   <DIR>   d--------   C:\Users\All Users\p9-55-60-55-55-7s
2007-09-15 10:09   <DIR>   d--------   C:\ProgramData\p9-55-60-55-55-7s
2007-09-14 22:02   <DIR>   d--------   C:\Users\All Users\55-55-55-55-55-55
2007-09-14 22:02   <DIR>   d--------   C:\ProgramData\55-55-55-55-55-55
2007-09-14 22:00   <DIR>   d--------   C:\Windows\Monopoly Here & Now Edition
2007-09-14 22:00   <DIR>      C:\Program Files\Monopoly
2007-09-13 18:48   <DIR>   d--------   C:\Program Files\Common Files\Steam
2007-09-13 12:17   49,664   --a------   C:\Windows\SSMaui Wowee.scr
2007-09-13 12:14   802,816   --a------   C:\Windows\FeedingFrenzy.scr
2007-09-13 12:13   57,344   --a------   C:\Windows\System32\Big Kahuna Reef.scr
2007-09-13 12:12   389,120   --a------   C:\Windows\Adventure Inlay.scr
2007-09-12 18:24   <DIR>   d--------   C:\Users\K!R\AppData\Roaming\GetRightToGo
2007-09-12 07:14   156,992   --a------   C:\Windows\System32\DivXCodecVersionChecker.exe
2007-09-11 14:01   360,448   --a------   C:\Windows\System32\NCTWMAFile.dll
2007-09-11 14:01   1,703,936   --a------   C:\Windows\System32\NCTAudioFile.dll
2007-09-07 01:56   35   --a------   C:\Windows\popcinfo.dat
2007-09-05 18:48   139,264   --a------   C:\Windows\System32\eax.dll
2007-09-05 18:48   <DIR>   d--------   C:\Program Files\Creative
2007-09-05 18:47   233,472   -ra------   C:\Windows\System32\MafiaSetup.exe
2007-09-05 18:42   233,472   -ra------   C:\Users\K!R\AppData\Roaming\MafiaSetup.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

Zakir

  • Guest
Re: Pure Hole Hole
« Reply #24 on: October 04, 2007, 10:52:38 AM »
.
2007-10-02 10:31   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-10-01 04:10   ---------   d--------   C:\Users\K!R\AppData\Roaming\Internet Download Accelerator
2007-09-26 17:31   ---------   d--------   C:\Users\K!R\AppData\Roaming\Vso
2007-09-24 08:48   ---------   d--------   C:\Users\K!R\AppData\Roaming\FrostWire
2007-09-21 17:18   ---------   d--------   C:\ProgramData\Apple Computer
2007-09-21 17:07   ---------   d--------   C:\Users\K!R\AppData\Roaming\Apple Computer
2007-09-19 05:53   ---------   d--------   C:\ProgramData\Microsoft Help
2007-09-19 05:49   ---------   d--------   C:\Program Files\MSBuild
2007-09-19 05:43   ---------   d--------   C:\Program Files\Microsoft Visual Studio 8
2007-09-19 04:16   47360   --a------   C:\Users\K!R\AppData\Roaming\pcouffin.sys
2007-09-19 03:45   ---------   d--------   C:\Program Files\Common Files\PX Storage Engine
2007-09-15 08:04   ---------   d--------   C:\Program Files\IE7pro
2007-09-12 09:53   ---------   d--------   C:\Program Files\Windows Mail
2007-09-10 23:58   319984   --a------   C:\Windows\DIFxAPI.dll
2007-08-31 01:05   174   --ahs----   C:\Program Files\desktop.ini
2007-08-30 20:02   704000   --a------   C:\Windows\System32\PhotoScreensaver.scr
2007-08-30 20:01   88576   --a------   C:\Windows\System32\avifil32.dll
2007-08-30 20:01   82944   --a------   C:\Windows\System32\mciavi32.dll
2007-08-30 20:01   8138240   --a------   C:\Windows\System32\ssBranded.scr
2007-08-30 20:01   712192   --a------   C:\Windows\System32\WindowsCodecs.dll
2007-08-30 20:01   69632   --a------   C:\Windows\System32\sendmail.dll
2007-08-30 20:01   65024   --a------   C:\Windows\System32\avicap32.dll
2007-08-30 20:01   61440   --a------   C:\Windows\System32\ntprint.exe
2007-08-30 20:01   3504824   --a------   C:\Windows\System32\ntkrnlpa.exe
2007-08-30 20:01   3470008   --a------   C:\Windows\System32\ntoskrnl.exe
2007-08-30 20:01   31232   --a------   C:\Windows\System32\msvidc32.dll
2007-08-30 20:01   269824   --a------   C:\Windows\System32\schannel.dll
2007-08-30 20:01   220160   --a------   C:\Windows\System32\ntprint.dll
2007-08-30 20:01   1984512   --a------   C:\Windows\System32\authui.dll
2007-08-30 20:01   12800   --a------   C:\Windows\System32\msrle32.dll
2007-08-30 20:01   123904   --a------   C:\Windows\System32\msvfw32.dll
2007-08-30 20:01   120320   --a------   C:\Windows\System32\dhcpcsvc6.dll
2007-08-30 20:01   10240   --a------   C:\Windows\System32\dhcpcmonitor.dll
2007-08-29 20:45   ---------   d--------   C:\Program Files\Windows Calendar
2007-08-29 20:04   8192   --a------   C:\Windows\System32\riched32.dll
2007-08-29 20:04   77824   --a------   C:\Windows\System32\rascfg.dll
2007-08-29 20:04   70144   --a------   C:\Windows\system32\drivers\pacer.sys
2007-08-29 20:04   694784   --a------   C:\Windows\System32\localspl.dll
2007-08-29 20:04   61952   --a------   C:\Windows\system32\drivers\wanarp.sys
2007-08-29 20:04   619008   --a------   C:\Windows\system32\drivers\dxgkrnl.sys
2007-08-29 20:04   52736   --a------   C:\Windows\System32\rasdiag.dll
2007-08-29 20:04   48640   --a------   C:\Windows\system32\drivers\ndproxy.sys
2007-08-29 20:04   384000   --a------   C:\Windows\System32\netcfgx.dll
2007-08-29 20:04   36864   --a------   C:\Windows\System32\cdd.dll
2007-08-29 20:04   33280   --a------   C:\Windows\System32\traffic.dll
2007-08-29 20:04   32768   --a------   C:\Windows\System32\rasmxs.dll
2007-08-29 20:04   286208   --a------   C:\Windows\System32\ipnathlp.dll
2007-08-29 20:04   22016   --a------   C:\Windows\System32\rasser.dll
2007-08-29 20:04   20480   --a------   C:\Windows\system32\drivers\ndistapi.sys
2007-08-29 20:04   15360   --a------   C:\Windows\System32\pacerprf.dll
2007-08-29 20:04   13824   --a------   C:\Windows\System32\wshqos.dll
2007-08-29 20:04   13824   --a------   C:\Windows\System32\icsunattend.exe
2007-08-29 20:04   134656   --a------   C:\Windows\System32\dps.dll
2007-08-29 20:03   750080   --a------   C:\Windows\System32\qmgr.dll
2007-08-22 03:35   53080   --a------   C:\Windows\System32\wuauclt.exe
2007-08-22 03:35   43352   --a------   C:\Windows\System32\wups2.dll
2007-08-22 03:35   1712984   --a------   C:\Windows\System32\wuaueng.dll
2007-08-22 03:35   1524224   --a------   C:\Windows\System32\wucltux.dll
2007-08-22 03:34   80896   --a------   C:\Windows\System32\wudriver.dll
2007-08-22 03:34   549720   --a------   C:\Windows\System32\wuapi.dll
2007-08-22 03:34   33624   --a------   C:\Windows\System32\wups.dll
2007-08-22 03:33   31232   --a------   C:\Windows\System32\wuapp.exe
2007-08-22 03:33   163000   --a------   C:\Windows\System32\wuwebv.dll
2007-08-21 08:26   81920   --a------   C:\Windows\System32\dpl100.dll
2007-08-21 08:26   196608   --a------   C:\Windows\System32\dtu100.dll
2007-08-17 23:31   ---------   d--------   C:\Users\K!R\AppData\Roaming\Sports Interactive
2007-08-17 23:27   ---------   d--------   C:\Users\Kir\AppData\Roaming\TuneUp Software
2007-08-17 23:16   ---------   d--------   C:\Users\Kir\AppData\Roaming\Logitech
2007-08-17 19:43   ---------   d--------   C:\Program Files\Common Files\InstallShield
2007-08-16 06:33   524288   --a------   C:\Windows\System32\DivXsm.exe
2007-08-16 06:33   3596288   --a------   C:\Windows\System32\qt-dx331.dll
2007-08-16 06:33   200704   --a------   C:\Windows\System32\ssldivx.dll
2007-08-16 06:33   1044480   --a------   C:\Windows\System32\libdivx.dll
2007-08-16 06:31   593920   --a------   C:\Windows\System32\dpuGUI11.dll
2007-08-16 06:31   57344   --a------   C:\Windows\System32\dpv11.dll
2007-08-16 06:31   53248   --a------   C:\Windows\System32\dpuGUI10.dll
2007-08-16 06:31   344064   --a------   C:\Windows\System32\dpus11.dll
2007-08-16 06:31   294912   --a------   C:\Windows\System32\dpu11.dll
2007-08-16 06:31   294912   --a------   C:\Windows\System32\dpu10.dll
2007-08-16 06:30   12288   --a------   C:\Windows\System32\DivXWMPExtType.dll
2007-08-15 04:44   8147968   --a------   C:\Windows\System32\wmploc.DLL
2007-08-15 04:44   7680   --a------   C:\Windows\System32\spwmp.dll
2007-08-15 04:44   4096   --a------   C:\Windows\System32\dxmasf.dll
2007-08-15 04:43   1191936   --a------   C:\Windows\System32\msxml3.dll
2007-08-15 04:37   1335296   --a------   C:\Windows\System32\msxml6.dll
2007-08-15 04:35   56320   --a------   C:\Windows\System32\iesetup.dll
2007-08-15 04:35   52736   --a------   C:\Windows\AppPatch\iebrshim.dll
2007-08-15 04:35   26624   --a------   C:\Windows\System32\ieUnatt.exe
2007-08-07 18:09   ---------   d--------   C:\Program Files\MSN Messenger
2007-07-27 07:06   129784   ---------   C:\Windows\System32\pxafs.dll
2007-07-27 07:06   120056   ---------   C:\Windows\System32\pxcpyi64.exe
2007-07-27 07:06   118520   ---------   C:\Windows\System32\pxinsi64.exe
2007-07-11 09:02   86016   --a------   C:\Windows\System32\icfupgd.dll
2007-07-11 09:02   61952   --a------   C:\Windows\System32\cmifw.dll
2007-07-11 09:02   396800   --a------   C:\Windows\System32\MPSSVC.dll
2007-07-11 09:02   392192   --a------   C:\Windows\System32\FirewallAPI.dll
2007-07-11 09:02   374456   --a------   C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-07-11 09:02   178688   --a------   C:\Windows\System32\iphlpsvc.dll
2007-07-11 09:02   16896   --a------   C:\Windows\System32\wfapigp.dll
2007-07-11 09:00   57856   --a------   C:\Windows\System32\SLUINotify.dll
2007-06-09 12:06:50   56   --sha-r   C:\Windows\System32\B309C375B6.sys
2007-06-09 12:06:59   3,766   --sha-w   C:\Windows\System32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.

Zakir

  • Guest
Re: Pure Hole Hole
« Reply #25 on: October 04, 2007, 10:53:02 AM »
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-03-30 11:04]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-03-30 11:04]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-03-30 11:04]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-06 14:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-09-19 03:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 20:35]
"NOD32 Control Center"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eset\NOD32 Control Center.lnk" [2007-09-19 03:10]
"Launch Manager"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK" [2007-04-16 20:07]
"PeerGuardian"="D:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"Vidalia"="D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 14:02]
"FunkItch"="C:\ProgramData\Pure Hole Hole.wybxn8j" [2007-10-04 19:49]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-25 23:37:48]
Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 22:30:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-25 23:37:48]
Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 22:30:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\Windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^K!R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\K!R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
R2 int15;int15;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe -p
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe -k netsvcs
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\Windows\system32\DRIVERS\DKbFltr.sys
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\Windows\system32\Drivers\LUsbFilt.Sys
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys
R3 pgfilter;pgfilter;\??\D:\Program Files\PeerGuardian2\pgfilter.sys
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\Windows\System32\DRIVERS\ASPI32.sys
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService
S3 WimFltr;WimFltr;C:\Windows\system32\DRIVERS\wimfltr.sys
S3 WSVD;WSVD;\??\C:\Windows\system32\drivers\WSVD.sys
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted   hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs   BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 11:55:47 C:\Windows\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-10-04 06:57:07 C:\Windows\Tasks\User_Feed_Synchronization-{371CCB78-4DF7-4D0F-9081-6B14D59BC5D5}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 00:48:21
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-05  0:49:30
C:\ComboFix-quarantined-files.txt ... 2007-10-05 00:49
.
   --- E O F ---

Zakir

  • Guest
Re: Pure Hole Hole
« Reply #26 on: October 04, 2007, 10:55:14 AM »
this is the Hijack This log file after the scans


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:26 AM, on 5/10/2007
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehmsas.exe
D:\Program Files\Eset\nod32kui.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
D:\Program Files\Vidalia Bundle\Tor\tor.exe
D:\Program Files\PeerGuardian2\pg2.exe
C:\Windows\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Zakir

  • Guest
Re: Pure Hole Hole
« Reply #27 on: October 04, 2007, 10:55:35 AM »
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - D:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NOD32 Control Center] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eset\NOD32 Control Center.lnk
O4 - HKCU\..\Run: [Launch Manager] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK
O4 - HKCU\..\Run: [PeerGuardian] D:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [FunkItch] "C:\ProgramData\Pure Hole Hole.wybxn8j"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Download ALL with IDA - D:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download Video - http://www.viloader.net/addon.htm
O8 - Extra context menu item: Download with IDA - D:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - D:\Program Files\IDA\ida.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4E9FB3-923F-4BED-B23D-5037D93AF3E4}: NameServer = 218.186.1.38,202.156.1.68
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - D:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 9708 bytes