System Security 2009 (I think...) w/ HJT log...

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:35 am

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:36 am

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0xA3 0x2F 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x58 0xF4 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x22 0x97 0xED ...
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:38 am

Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:39 am

Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:40 am

Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:42 am

Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:43 am

Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:44 am

Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:45 am

Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 2:46 am

Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1683983066
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1607367679
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

---- EOF - GMER 1.0.15 ----



Attention Moderators: This sure looks like a lot of the same stuff over and over, agree?
Please let me know how to proceed.
Last instruction was to create new system restore points.......
I am waiting to do that until I have confirmation based on GMER results...
Thanks for all your help!!!

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by Belahzur on Wed Jul 15, 2009 2:36 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\hjgruiarcecqml]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\UACd.sys]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\UACd.sys]


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Wed Jul 15, 2009 9:45 pm

Here is the OTMoveIt log...

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hjgruiarcecqml\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\hjgruiarcecqml\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\hjgruiarcecqml\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\hjgruiarcecqml\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UACd.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\UACd.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\UACd.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\UACd.sys\ not found.

OTM by OldTimer - Version 3.0.0.5 log created on 07152009_164308



Attn: Moderators: Thanks again for your help. What's next?

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by Belahzur on Wed Jul 15, 2009 11:55 pm

Hello.
This looks fine now. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 12:32 am

After running OTMoveIt, I chose to run AVG8.5 virus scan while still in safe mode... Below are the results...

AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.354, engine 8.0.375
Virus Database: Version 270.13.16/2240 2009-07-15

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Tom White\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Tom White\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Tom White\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Tom White\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACxekvpiduwagodkfvp.sys.vir Trojan horse BackDoor.Generic11.ABLC Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruidywiglcl.dll.vir Virus identified Packed.Monder Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChxwaicptoppglsxha.dll.vir Trojan horse Generic13.ATPH Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqwujvbdmvvnvuklql.dll.vir Trojan horse Crypt.FNT Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACcyfuljllcnlwlnfyu.dll.vir Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wiawow32.sys.vir Trojan horse Clicker.AALE Object was moved to Virus Vault.
C:\WINDOWS\system32\config\DEFAULT Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SOFTWARE Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SYSTEM Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\system32\drivers\sptd.sys Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 428135
Found infections : 6
Found PUPs : 0
Healed infections : 6
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------


Based on the above results, I am going to run DrWeb Cureit again and post results....

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 12:19 pm

Here are the results of the latest GMER scan... Let me know what's next...

GMER 1.0.15.14972 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-16 07:17:58
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT splr.sys ZwCreateKey [0xF74D70E0]
SSDT splr.sys ZwEnumerateKey [0xF74F5CA2]
SSDT splr.sys ZwEnumerateValueKey [0xF74F6030]
SSDT splr.sys ZwOpenKey [0xF74D70C0]
SSDT splr.sys ZwQueryKey [0xF74F6108]
SSDT splr.sys ZwQueryValueKey [0xF74F5F88]
SSDT splr.sys ZwSetValueKey [0xF74F619A]

INT 0x62 ? 8B306BF8
INT 0x63 ? 8B297BF8
INT 0x84 ? 8A8B2BF8
INT 0x94 ? 8A8B2BF8
INT 0xA4 ? 8A8B2BF8
INT 0xB4 ? 8A8B2BF8

---- Kernel code sections - GMER 1.0.15 ----

? splr.sys The system cannot find the file specified. !
? dwshd.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA51D8AC 5 Bytes JMP 8A8B21D8
.text an8nocqj.SYS BA4AC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text an8nocqj.SYS BA4AC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text an8nocqj.SYS BA4AC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text an8nocqj.SYS BA4AC3C9 1 Byte [2E]
.text an8nocqj.SYS BA4AC3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8B3082D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] splr.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] splr.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] splr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] splr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] splr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] splr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] splr.sys

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 12:21 pm

IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A8B22D8
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 12:22 pm

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B2961F8
Device \Driver\usbuhci \Device\USBPDO-0 8A8B01F8
Device \Driver\PCI_PNP6880 \Device\00000044 splr.sys
Device \Driver\PCI_PNP6880 \Device\00000044 splr.sys
Device \Driver\usbuhci \Device\USBPDO-1 8A8B01F8
Device \Driver\usbehci \Device\USBPDO-2 8A8833C0
Device \Driver\usbuhci \Device\USBPDO-3 8A8B01F8
Device \Driver\usbuhci \Device\USBPDO-4 8A8B01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2981F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2981F8
Device \Driver\Cdrom \Device\CdRom0 8A8751F8
Device \Driver\Cdrom \Device\CdRom1 8A8751F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B2981F8
Device \Driver\Cdrom \Device\CdRom2 8A8751F8
Device \Driver\sptd \Device\2074361880 splr.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4E81F8
Device \Driver\NetBT \Device\NetbiosSmb 8A4E81F8
Device \Driver\usbuhci \Device\USBFDO-0 8A8B01F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2F468CB8-3FAD-4063-9F4C-19D647127441} 8A4E81F8
Device \Driver\usbuhci \Device\USBFDO-1 8A8B01F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4E31F8
Device \Driver\usbuhci \Device\USBFDO-2 8A8B01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4E31F8
Device \Driver\usbuhci \Device\USBFDO-3 8A8B01F8
Device \Driver\usbehci \Device\USBFDO-4 8A8833C0
Device \Driver\Ftdisk \Device\FtControl 8B2981F8
Device \Driver\an8nocqj \Device\Scsi\an8nocqj1 8A86C1F8
Device \Driver\an8nocqj \Device\Scsi\an8nocqj1Port2Path0Target0Lun0 8A86C1F8
Device \FileSystem\Fastfat \Fat 8A4AB500
Device \FileSystem\Fastfat \Fat B95DA297
Device \FileSystem\Cdfs \Cdfs 8A4C01F8

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 12:23 pm

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0xA3 0x2F 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x58 0xF4 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x22 0x97 0xED ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 12:24 pm

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 12:25 pm

Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 12:27 pm

Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1683983066
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1607367679
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

---- EOF - GMER 1.0.15 ----



Attention Moderators: I don't understand what's going on. I seem to still be infected. Do we need to start over from square one? Let me know. Thanks!

Should I go ahead and delete those *.vir files in the \Qoobox folder???

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 2:52 pm

Attention Moderators: Here is a current MBAM quick scan log...


Malwarebytes' Anti-Malware 1.39
Database version: 2425
Windows 5.1.2600 Service Pack 3

7/16/2009 9:49:12 AM
mbam-log-2009-07-16 (09-49-12).txt

Scan type: Quick Scan
Objects scanned: 94314
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Attention Moderators: I am currently performing an MBAM full scan...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 4:12 pm

Here is the current MBAM full scan log...


Malwarebytes' Anti-Malware 1.39
Database version: 2425
Windows 5.1.2600 Service Pack 3

7/16/2009 11:07:25 AM
mbam-log-2009-07-16 (11-07-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 274508
Time elapsed: 1 hour(s), 13 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1184\A0125924.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.



What's next?

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by Origin on Thu Jul 16, 2009 4:15 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 4:25 pm

Thanks for helping me with this Origin. Here are the results of Avenger...


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by Origin on Thu Jul 16, 2009 5:23 pm

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Thu Jul 16, 2009 10:01 pm

Thanks for responding Origin... Below is the report from Kaspersky...


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 16, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 16, 2009 20:04:41
Records in database: 2475918
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\
J:\
R:\
S:\

Scan statistics:
Files scanned: 176658
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:18:35


File name / Threat name / Threats count
C:\cleanup.exe Infected: Trojan.Win32.Zapchast.uy 1

The selected area was scanned.



Please let me know what's next... Thanks!

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by Origin on Fri Jul 17, 2009 6:25 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\UACd.sys]


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Fri Jul 17, 2009 10:49 pm

Thanks for responding Origin... Here is the OTM log...

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\UACd.sys\ deleted successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 07172009_174747

Attention Moderators: I will leave my computer on, in safe mode, awaiting any further instructions after the last actions performed - (OTM)...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by Origin on Fri Jul 17, 2009 11:32 pm

Run a malwarebytes full scan and post the results back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Sat Jul 18, 2009 5:29 am

Malwarebytes' Anti-Malware 1.39
Database version: 2453
Windows 5.1.2600 Service Pack 3

7/18/2009 12:26:15 AM
mbam-log-2009-07-18 (00-26-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 278343
Time elapsed: 1 hour(s), 18 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\tom white\Desktop\avenger.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\WinRAR\Default.SFX (Spyware.Banker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1186\A0127086.exe (Trojan.Banker) -> Quarantined and deleted successfully.


Attention Moderators: After Malwarebytes scan, chose remove selected, then was instructed to perform a re-boot... That is the current state of my cpu...

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by Origin on Sat Jul 18, 2009 8:05 pm

How is the computer running?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Sat Jul 18, 2009 8:55 pm

Origin - to be honest - over the last couple of days I have kept the computer in "safe mode" just to continue running in all of these scans. As of your last statement, I will re-boot the computer into Normal Mode and use it for a day, let my AVG8.5 run it's normal scan and report back to you.

Let me know if you needed me to do something different. Thanks again.

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by Origin on Sat Jul 18, 2009 8:59 pm

Ok, If you find anything strange come back here so I can see what I can do Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by tom_white70 on Sun Jul 19, 2009 10:59 am

Origin... Here are the results from the latest AVG8.5 full scan...

"Scan ""Scheduled scan"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Saturday, July 18, 2009, 10:00:01 PM"
"Scan finished:";"Sunday, July 19, 2009, 12:50:58 AM (2 hour(s) 50 minute(s) 57 second(s))"
"Total object scanned:";"965977"
"User who launched the scan:";"SYSTEM"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Tom White\Cookies\tom_white@247realmedia[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@247realmedia[2].txt:\247realmedia.com.855b46d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@ad.yieldmanager[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@advertising[2].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@advertising[2].txt:\advertising.com.1820df7a";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@advertising[2].txt:\advertising.com.203aa218";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@advertising[2].txt:\advertising.com.525a5fb9";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@advertising[2].txt:\advertising.com.b624fa46";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@advertising[2].txt:\advertising.com.f62113d5";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@atdmt[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@atdmt[1].txt:\atdmt.com.7247c262";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@atdmt[1].txt:\atdmt.com.74c5668";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@atdmt[1].txt:\atdmt.com.9e6d7fd3";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@doubleclick[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@doubleclick[1].txt:\doubleclick.net.bf396750";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@realmedia[1].txt";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@realmedia[1].txt:\realmedia.com.855b46d";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@realmedia[1].txt:\realmedia.com.94969de2";"Found ";"Moved to Virus Vault"
"C:\Documents and Settings\Tom White\Cookies\tom_white@realmedia[1].txt:\realmedia.com.ef906bac";"Found ";"Moved to Virus Vault"

Origin... Computer is working as near normal as I can tell...I am curious as to why there were almost double the number of objects scanned this time (normal mode) as compared to last time (safe mode)... I deleted all of the files in the AVG8.5 Virus Vault folder... Can I delete the "Qoobox" folder that was created during the Combofix procedure?

Are there any additional steps I should take now to prevent additional virus/spyware/malware infections? What are your thoughts on continuing to use AVG as my virus protection (my budget is limited).

I appreciate all you guys have done over the last few days, this has been quite an ordeal on my end... I have a brand new hatred for computer viruses.

tom_white70
Novice
Novice

Posts Posts : 44
Joined Joined : 2009-07-12
OS OS : XP
Points Points : 27070
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 (I think...) w/ HJT log...

Post by Origin on Sun Jul 19, 2009 4:06 pm

Those are leftover cookies, I would keep Qoobox since it keeps the quarantined items that were deleted by ComboFix should you need them again, but you can delete it if you wish, I will give you some recommendations right now Wink


Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31463
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum