• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ljh

cant get rid of malware

7 posts in this topic

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58:04 PM, on 1/11/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Multimedia Card Reader\readericon10.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\HiJackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {15E6ED01-2C22-4D30-893F-33C2751DE5EF} - c:\windows\system32\dbgengn.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {D95FCDAD-0554-47F2-A013-08DCAD709247} - C:\WINDOWS\System32\dmdskmgrp.dll (file missing)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX5400 on SNOFLAKIE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P37 "Auto EPSON Stylus CX5400 on SNOFLAKIE" /O20 "\\SNOFLAKIE\Printer2" /M "Stylus CX5400"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [readericon10] C:\Program Files\Multimedia Card Reader\readericon10.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\

O20 - Winlogon Notify: nlyeibve - C:\WINDOWS\SYSTEM32\dbgengn.dll

O20 - Winlogon Notify: tt - C:\WINDOWS\

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Share this post


Link to post
Share on other sites

ComboFix 08-01-09.2 - Sean 2008-01-12 0:10:23.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.1583 [GMT -5:00]

Running from: C:\Documents and Settings\Sean\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data.\nazslkhq.dll

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip

C:\Documents and Settings\Sean\Favorites\Online Security Guide.lnk

C:\Documents and Settings\Sean\My Documents\MANTEC~1

C:\Documents and Settings\Sean\My Documents\MANTEC~1\??mantec\

C:\Program Files\akl

C:\Program Files\akl\akl.dll

C:\Program Files\akl\akl.exe

C:\Program Files\akl\curlog.htm

C:\Program Files\akl\keylog.txt

C:\Program Files\akl\readme.txt

C:\Program Files\akl\uninstall.exe

C:\Program Files\akl\unsetup.dat

C:\Program Files\akl\unsetup.exe

C:\Program Files\amsys

C:\Program Files\amsys\awmsg.dat

C:\Program Files\amsys\mfc42.dll

C:\Program Files\amsys\msvcrt.dll

C:\Program Files\amsys\unins000.dat

C:\Program Files\amsys\unis000.exe

C:\Program Files\amsys\winam.dat

C:\Program Files\e-zshopper

C:\Program Files\e-zshopper\BarLcher.dll

C:\Program Files\p2pnetworks

C:\Program Files\p2pnetworks\amp2pl.exe

C:\Program Files\Temporary

C:\Program Files\wnsxs~1

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\Temp\abW9

C:\Temp\abW9\tOasF.log

C:\WINDOWS\764.exe

C:\WINDOWS\absolute key logger.lnk

C:\WINDOWS\aconti.exe

C:\WINDOWS\aconti.log

C:\WINDOWS\acontidialer.txt

C:\WINDOWS\adbar.dll

C:\WINDOWS\cbinst$.exe

C:\WINDOWS\daxtime.dll

C:\WINDOWS\default.htm

C:\WINDOWS\Downloaded Program Files.\xpreload.ocx

C:\WINDOWS\dp0.dll

C:\WINDOWS\eventlowg.dll

C:\WINDOWS\fhfmm-Uninstaller.exe

C:\WINDOWS\fhfmm.exe

C:\WINDOWS\flt.dll

C:\WINDOWS\hotporn.exe

C:\WINDOWS\ie_32.exe

C:\WINDOWS\jd2002.dll

C:\WINDOWS\kkcomp$.exe

C:\WINDOWS\kkcomp.dll

C:\WINDOWS\kkcomp.exe

C:\WINDOWS\liqad$.exe

C:\WINDOWS\liqad.dll

C:\WINDOWS\liqad.exe

C:\WINDOWS\liqui-Uninstaller.exe

C:\WINDOWS\liqui.dll

C:\WINDOWS\liqui.exe

C:\WINDOWS\mwinsys.ini

C:\WINDOWS\ngd.dll

C:\WINDOWS\nwan.dat

C:\WINDOWS\pbar.dll

C:\WINDOWS\PerfInfo

C:\WINDOWS\PerfInfo\BxdjMfwtXMwp.exe

C:\WINDOWS\spredirect.dll

C:\WINDOWS\System\AlxRes071106.exe

C:\WINDOWS\system32\acespy

C:\WINDOWS\system32\acespy\__acelog.ndx

C:\WINDOWS\system32\acespy\systune.exe

C:\WINDOWS\system32\adeeg.bak1

C:\WINDOWS\system32\adeeg.bak2

C:\WINDOWS\system32\adeeg.ini2

C:\WINDOWS\system32\adeeg.tmp

C:\WINDOWS\system32\crosof~1.net

C:\WINDOWS\system32\cubtnpnf.dll

C:\WINDOWS\system32\dbgengn.dll

C:\WINDOWS\system32\din.ip

C:\WINDOWS\system32\dmdskmgrp.dll

C:\WINDOWS\system32\dpqaqlqx.bin

C:\WINDOWS\system32\drivers\blank.gif

C:\WINDOWS\system32\drivers\box_2.gif

C:\WINDOWS\system32\drivers\button_buynow.gif

C:\WINDOWS\system32\drivers\button_freescan.gif

C:\WINDOWS\system32\drivers\cell_bg.gif

C:\WINDOWS\system32\drivers\cell_footer.gif

C:\WINDOWS\system32\drivers\cell_header_block.gif

C:\WINDOWS\system32\drivers\cell_header_remove.gif

C:\WINDOWS\system32\drivers\cell_header_scan.gif

C:\WINDOWS\system32\drivers\detect.htm

C:\WINDOWS\system32\drivers\download_btn.jpg

C:\WINDOWS\system32\drivers\download_now_btn.gif

C:\WINDOWS\system32\drivers\footer_back.jpg

C:\WINDOWS\system32\drivers\header_1.gif

C:\WINDOWS\system32\drivers\header_2.gif

C:\WINDOWS\system32\drivers\header_3.gif

C:\WINDOWS\system32\drivers\header_4.gif

C:\WINDOWS\system32\drivers\header_red_bg.gif

C:\WINDOWS\system32\drivers\header_red_free_scan.gif

C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif

C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif

C:\WINDOWS\system32\drivers\infected.gif

C:\WINDOWS\system32\drivers\jtlfovpv.dat

C:\WINDOWS\system32\drivers\main_back.gif

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\drivers\ohciusb.syt

C:\WINDOWS\system32\drivers\ohctusb.sys

C:\WINDOWS\system32\drivers\ohctusb.syt

C:\WINDOWS\system32\drivers\product_2_header.gif

C:\WINDOWS\system32\drivers\product_2_name_small.gif

C:\WINDOWS\system32\drivers\product_features.gif

C:\WINDOWS\system32\drivers\rating.gif

C:\WINDOWS\system32\drivers\s_detect.htm

C:\WINDOWS\system32\drivers\screenshot.jpg

C:\WINDOWS\system32\drivers\sep_hor.gif

C:\WINDOWS\system32\drivers\sep_vert.gif

C:\WINDOWS\system32\drivers\shadow.jpg

C:\WINDOWS\system32\drivers\shadow_bg.gif

C:\WINDOWS\system32\drivers\spacer.gif

C:\WINDOWS\system32\drivers\star.gif

C:\WINDOWS\system32\drivers\star_gray.gif

C:\WINDOWS\system32\drivers\star_gray_small.gif

C:\WINDOWS\system32\drivers\star_small.gif

C:\WINDOWS\system32\drivers\style.css

C:\WINDOWS\system32\drivers\v.gif

C:\WINDOWS\system32\drivers\warning_icon.gif

C:\WINDOWS\system32\drivers\win_logo.gif

C:\WINDOWS\system32\drivers\x.gif

C:\WINDOWS\system32\edeeg.bak1

C:\WINDOWS\system32\edeeg.ini2

C:\WINDOWS\system32\edeeg.tmp

C:\WINDOWS\system32\ESHOPEE.exe

C:\WINDOWS\system32\explorer.exe

C:\WINDOWS\system32\fnpntbuc.ini

C:\WINDOWS\system32\hnpueghe.exe

C:\WINDOWS\system32\inf\scrsys071106.scr

C:\WINDOWS\system32\inf\scrsys16_071106.dll

C:\WINDOWS\system32\koos.exe

C:\WINDOWS\system32\kprof

C:\WINDOWS\system32\lpcywinp.exe

C:\WINDOWS\system32\mbols~1

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mlkkj.bak2

C:\WINDOWS\system32\mlkkj.tmp

C:\WINDOWS\system32\mp43.exe

C:\WINDOWS\system32\msmapibx32.exe

C:\WINDOWS\system32\msole32.exe

C:\WINDOWS\system32\mywebhit.ini

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\Packet.dll

C:\WINDOWS\system32\poof

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\rlssanur.exe

C:\WINDOWS\system32\rMa01yy

C:\WINDOWS\system32\RunOnce.tmp

C:\WINDOWS\system32\stfv.bin

C:\WINDOWS\system32\sznf.ascii

C:\WINDOWS\system32\vMW02a

C:\WINDOWS\system32\vMW02a\vMW02a1065.exe

C:\WINDOWS\system32\vMW10a

C:\WINDOWS\system32\vMW10a\vMW10a1099.exe

C:\WINDOWS\system32\vxddsk.exe

C:\WINDOWS\system32\vxyxyhzv.dllbox

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\vxddsk.exe

C:\WINDOWS\wml.exe

C:\WINDOWS\xadbrk.dll

C:\WINDOWS\xadbrk.exe

C:\WINDOWS\xadbrk_.exe

C:\WINDOWS\xxxvideo.exe

C:\wsusupd.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_MICROSOFT_INET_SERVICE

-------\LEGACY_OHCIUSB

-------\LEGACY_OLZUBRRH

-------\LEGACY_OZOSHKBU

-------\LEGACY_POOF

-------\olzubrrh

-------\ozoshkbu

 

 

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))

.

 

2008-01-10 17:32 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\mtpkcgmfbtsb.sys

2008-01-10 17:32 . 2008-01-10 17:32 5,120 --a------ C:\WINDOWS\system32\1D4.tmp

2008-01-09 23:53 . 2008-01-11 09:54 18,432 --a------ C:\WINDOWS\fkwggshm.exe

2008-01-09 18:12 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dfknsidulnxd.sys

2008-01-09 17:53 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys

2008-01-09 02:56 . 2008-01-09 03:01 1,439,744 --a------ C:\task00000ac7.tmp

2008-01-09 00:49 . 2001-08-17 14:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-01-09 00:06 . 2008-01-09 00:49 4,791,808 --a------ C:\task000021dd.tmp

2008-01-08 19:34 . 2008-01-09 02:55 0 --a------ C:\MWORDS.IDX

2008-01-08 19:34 . 2008-01-09 02:55 0 --a------ C:\MWORDS.DAT

2008-01-08 19:34 . 2008-01-08 19:34 0 --a------ C:\MFILTERS.IDX

2008-01-08 19:34 . 2008-01-08 19:34 0 --a------ C:\MFILTERS.DAT

2008-01-08 19:18 . 2008-01-08 19:18 <DIR> d-------- C:\Program Files\QuickPar

2008-01-08 17:11 . 2008-01-09 17:05 1,922,470,912 --a------ C:\00000006.DAT

2008-01-08 17:11 . 2008-01-09 16:39 587,005,952 --a------ C:\00000007.DAT

2008-01-08 17:11 . 2008-01-09 17:04 7,048,424 --a------ C:\00000007.IDX

2008-01-08 17:11 . 2008-01-09 17:07 6,990,503 --a------ C:\00000006.IDX

2008-01-08 17:11 . 2008-01-09 17:05 2,367,488 --a------ C:\XPOST.DAT

2008-01-08 17:11 . 2008-01-09 16:38 0 --a------ C:\WORDS.IDX

2008-01-08 17:11 . 2008-01-09 16:38 0 --a------ C:\WORDS.DAT

2008-01-08 17:11 . 2008-01-08 17:11 0 --a------ C:\FILTERS.IDX

2008-01-08 17:11 . 2008-01-08 17:11 0 --a------ C:\FILTERS.DAT

2008-01-08 17:05 . 2008-01-09 02:51 3,530,752 --a------ C:\groupdir.dat

2008-01-08 17:04 . 2008-01-09 17:07 9,047 --a------ C:\tasklog.xml

2008-01-08 17:04 . 2008-01-09 17:07 8,192 --a------ C:\folders.dat

2008-01-08 17:04 . 2008-01-08 17:04 8,121 --a------ C:\urltype.dat

2008-01-08 17:04 . 2008-01-09 13:45 5,782 --a------ C:\errorlog.xml

2008-01-08 17:04 . 2008-01-08 17:04 714 --a------ C:\00000003.IDX

2008-01-08 17:04 . 2008-01-09 01:55 680 --a------ C:\grpprops.dat

2008-01-08 17:03 . 2008-01-09 17:07 17,318 --a------ C:\AGENT.INI

2008-01-08 16:58 . 2008-01-08 16:58 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-01-08 07:55 . 2008-01-08 07:55 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-01-08 07:55 . 2008-01-09 18:05 <DIR> d-------- C:\Program Files\Multimedia Card Reader

2008-01-07 03:27 . 2008-01-11 22:59 2,124 --ah----- C:\Documents and Settings\All Users\Application Data\index0.dat

2008-01-07 03:26 . 2008-01-07 03:26 3,638 --a------ C:\winyvwl.exe

2008-01-07 03:25 . 2008-01-07 03:25 18,176 --a------ C:\WINDOWS\system32\drivers\plogg.sys

2008-01-07 03:25 . 2008-01-07 03:25 3,638 --a------ C:\winyvbt.exe

2008-01-07 03:25 . 2008-01-07 03:26 4 --a------ C:\WINDOWS\system32\jpewocmz.ini

2008-01-07 01:58 . 2008-01-07 01:58 <DIR> d-------- C:\Documents and Settings\Sean\Application Data\Apple Computer

2008-01-07 01:57 . 2008-01-07 01:57 <DIR> d-------- C:\Program Files\QuickTime

2008-01-07 01:57 . 2008-01-09 18:04 <DIR> d-------- C:\Program Files\iTunes

2008-01-07 01:57 . 2008-01-07 01:57 <DIR> d-------- C:\Program Files\iPod

2008-01-07 01:57 . 2008-01-07 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-07 01:56 . 2008-01-07 01:56 <DIR> d-------- C:\Program Files\Apple Software Update

2008-01-07 01:56 . 2008-01-07 01:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-01-01 17:33 . 2008-01-08 17:03 <DIR> d-------- C:\Program Files\Agent

2008-01-01 17:33 . 2008-01-01 17:33 <DIR> d-------- C:\Documents and Settings\Sean\Application Data\Forte

2007-12-29 19:09 . 2007-12-29 19:09 <DIR> d-------- C:\Documents and Settings\Sean\Application Data\Talkback

2007-12-29 19:09 . 2007-12-29 19:09 0 --a------ C:\WINDOWS\nsreg.dat

2007-12-20 04:04 . 2007-12-20 04:04 153 --a------ C:\WINDOWS\system32\delFSF.bat

2007-12-19 20:33 . 2007-12-19 20:33 <DIR> d-------- C:\Program Files\DVD X Studios

2007-12-19 20:33 . 2007-12-19 20:33 14 --a------ C:\WINDOWS\system32\SystemInfo32.sys

2007-12-14 19:32 . 2007-12-14 19:32 3,638 --a------ C:\winmeds.exe

2007-12-12 22:17 . 2007-12-12 22:35 746,550 --a------ C:\WINDOWS\TBulbs Wallpaper.bmp

2007-12-12 22:14 . 2008-01-11 22:57 <DIR> d-------- C:\Program Files\Twinkle Bulbs

2007-12-12 00:51 . 2007-12-12 00:51 3,072 --a------ C:\WINDOWS\system32\drivers\6CCBDABD-D156-40B5-A74C-C6DD44ADAA65.cxv

2007-12-12 00:49 . 2007-12-12 00:49 <DIR> d-------- C:\Program Files\Common Files\iS3

2007-12-12 00:49 . 2007-12-12 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-09 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-05 03:13 --------- d-----w C:\Program Files\City of Heroes

2007-12-28 23:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-12-28 23:45 --------- d-----w C:\Documents and Settings\Sean\Application Data\SUPERAntiSpyware.com

2007-12-15 00:32 97,280 ----a-w C:\WINDOWS\system32\imm32.dll

2007-12-14 02:46 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-12-11 00:23 --------- d-----w C:\Documents and Settings\Sean\Application Data\uTorrent

2007-12-04 20:32 8,711 ----a-w C:\winuurm.exe

2007-12-03 03:05 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-12-01 23:03 10,000 ----a-w C:\WINDOWS\system32\jkd845jg.dll

2007-11-26 00:41 --------- d-----w C:\Documents and Settings\Sean\Application Data\Move Networks

2007-11-19 09:19 3,456 ----a-w C:\WINDOWS\system32\drivers\ohdusb.sys

2007-11-19 06:31 3,584 ----a-w C:\WINDOWS\system32\drivers\ohcusb.syt

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 20:00 99840]

"Auto EPSON Stylus CX5400 on SNOFLAKIE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 20:00 99840]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

"readericon10"="C:\Program Files\Multimedia Card Reader\readericon10.exe" [2007-05-03 11:55 131072]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tt]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe

 

R1 BIOS;BIOS;C:\WINDOWS\System32\drivers\BIOS.sys [2005-03-16 01:23]

R2 ohdusb;Open Host Controller Miniport USB Driver (rev.d);C:\WINDOWS\System32\drivers\ohdusb.sys [2007-11-19 04:19]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-09 12:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-12 00:13:53

Windows 5.1.2600 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-12 0:15:25 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-12 05:15:11

.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

jedi

Share this post


Link to post
Share on other sites

ohdusb.sys;c:\windows\system32\drivers;Trojan.NtRootKit.560;Deleted.;

winmeds.exe;C:\;Trojan.DownLoader.origin;Incurable.Moved.;

winuurm.exe;C:\;Trojan.DownLoader.37981;Deleted.;

winyvbt.exe;C:\;Trojan.DownLoader.origin;Incurable.Moved.;

winyvwl.exe;C:\;Trojan.DownLoader.origin;Incurable.Moved.;

dbgengn.dll;C:\!KillBox;Trojan.Click.4871;Deleted.;

dmdskmgrp.9;C:\!KillBox;Trojan.Iespy;Deleted.;

dmdskmgrp.dll;C:\!KillBox;Trojan.DownLoader.37340;Deleted.;

dmdskmgrp.dll( 1);C:\!KillBox;Trojan.DownLoader.37340;Deleted.;

dmdskmgrp.dll( 2);C:\!KillBox;Trojan.DownLoader.37340;Deleted.;

dmdskmgrp.dll( 3);C:\!KillBox;Trojan.DownLoader.37340;Deleted.;

RegUBP2b-Sean.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;

dgjeh8.dll;C:\Program Files\DVD X Studios\DVD X Player 4.1 Standard;Trojan.Packed.181;Deleted.;

tvay32.dll;C:\Program Files\DVD X Studios\DVD X Player 4.1 Standard;Trojan.Packed.181;Deleted.;

winjecf5.dll;C:\Program Files\DVD X Studios\DVD X Player 4.1 Standard;Trojan.Packed.181;Deleted.;

winnwmkl32.dll;C:\Program Files\DVD X Studios\DVD X Player 4.1 Standard;Trojan.Packed.181;Deleted.;

wlbuwnf32.dll;C:\Program Files\DVD X Studios\DVD X Player 4.1 Standard;Trojan.Packed.181;Deleted.;

nwan.dat.vir;C:\QooBox\Quarantine\C\WINDOWS;Trojan.Ascesso;Deleted.;

AlxRes071106.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system;Trojan.Hitpop.origin;Incurable.Moved.;

hnpueghe.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;

lpcywinp.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.395;Deleted.;

mp43.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;BackDoor.Generic.1570;Deleted.;

msmapibx32.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.NtRootKit.560;Deleted.;

rlssanur.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Hammer;Deleted.;

scrsys071106.scr.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\inf;Trojan.Hitpop.origin;Incurable.Moved.;

scrsys16_071106.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\inf;Trojan.Hitpop.origin;Incurable.Moved.;

vMW02a1065.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\vMW02a;Trojan.DownLoader.24715;Deleted.;

vMW10a1099.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\vMW10a;Trojan.DownLoader.24715;Deleted.;

A0014089.dll;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP47;Trojan.Packed.181;Deleted.;

A0020015.exe;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP48;BackDoor.Generic.1570;Deleted.;

A0020301.sys;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP50;Trojan.Click.2068;Deleted.;

A0020302.dll;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP50;Trojan.DownLoader.35872;Deleted.;

A0020791.sys;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.NtRootKit.560;Deleted.;

A0020792.exe;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.origin;Incurable.Moved.;

A0020793.exe;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.37981;Deleted.;

A0020794.exe;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.origin;Incurable.Moved.;

A0020795.exe;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.origin;Incurable.Moved.;

A0020796.dll;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Click.4871;Deleted.;

A0020797.dll;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.37340;Deleted.;

A0020798.reg;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.StartPage.1505;Deleted.;

A0020799.dll;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Packed.181;Deleted.;

A0020800.dll;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Packed.181;Deleted.;

A0020801.dll;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Packed.181;Deleted.;

A0020802.dll;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Packed.181;Deleted.;

A0020803.dll;C:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Packed.181;Deleted.;

dbgengn.dll.bak;C:\WINDOWS\system32;Trojan.Click.4796;Deleted.;

dmdskmgrp.1;C:\WINDOWS\system32;Trojan.Iespy;Deleted.;

dmdskmgrp.2;C:\WINDOWS\system32;Trojan.Sentinel;Incurable.Moved.;

dmdskmgrp.3;C:\WINDOWS\system32;Trojan.PWS.Tanspy.775;Deleted.;

dmdskmgrp.4;C:\WINDOWS\system32;Trojan.Click.4671;Deleted.;

dmdskmgrp.5;C:\WINDOWS\system32;Trojan.Sentinel;Deleted.;

dmdskmgrp.6;C:\WINDOWS\system32;Trojan.Sentinel;Deleted.;

dmdskmgrp.7;C:\WINDOWS\system32;Trojan.Sentinel;Deleted.;

dmdskmgrp.8;C:\WINDOWS\system32;Trojan.Iespy;Deleted.;

phyhvitx.dll.bak;C:\WINDOWS\system32;BackDoor.Pigeon.9123;Deleted.;

rkgda.bak;C:\WINDOWS\system32;Trojan.Click.4796;Deleted.;

rkte.exe;C:\WINDOWS\system32;BackDoor.Roam;Deleted.;

jtlfovpv.sys;C:\WINDOWS\system32\drivers;Trojan.Sentinel;Deleted.;

backup-20071121-232312-111.dll;E:\backups;Trojan.Click.4871;Deleted.;

backup-20071121-232312-153.dll;E:\backups;Trojan.Iespy;Deleted.;

backup-20071201-184625-363.dll;E:\backups;Trojan.DownLoader.37340;Deleted.;

backup-20071201-184625-428.dll;E:\backups;Trojan.Click.4871;Deleted.;

backup-20071201-184625-436.dll;E:\backups;Trojan.DownLoader.35873;Deleted.;

backup-20071201-184625-656.dll;E:\backups;Trojan.DownLoader.35872;Deleted.;

backup-20071201-184747-205.dll;E:\backups;Trojan.Click.4871;Deleted.;

backup-20071201-184747-440.dll;E:\backups;Trojan.DownLoader.37340;Deleted.;

backup-20071202-205421-154.dll;E:\backups;Trojan.Click.4871;Deleted.;

backup-20071202-205421-976.dll;E:\backups;Trojan.DownLoader.37340;Deleted.;

backup-20071202-205505-557.dll;E:\backups;Trojan.DownLoader.37340;Deleted.;

backup-20071202-205505-820.dll;E:\backups;Trojan.Click.4871;Deleted.;

backup-20080107-061920-284.dll;E:\backups;Trojan.Click.4871;Deleted.;

backup-20080107-061920-826.dll;E:\backups;Trojan.Fakealert.394;Deleted.;

A0020806.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Click.4871;Deleted.;

A0020807.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Iespy;Deleted.;

A0020808.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.37340;Deleted.;

A0020809.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Click.4871;Deleted.;

A0020810.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.35873;Deleted.;

A0020811.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.35872;Deleted.;

A0020812.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Click.4871;Deleted.;

A0020813.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.37340;Deleted.;

A0020814.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Click.4871;Deleted.;

A0020815.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.37340;Deleted.;

A0020816.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.DownLoader.37340;Deleted.;

A0020817.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Click.4871;Deleted.;

A0020818.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Click.4871;Deleted.;

A0020819.dll;E:\System Volume Information\_restore{8FF57CE8-65DD-4A35-B1B6-63F0B8BE4DEF}\RP63;Trojan.Fakealert.394;Deleted.;

Share this post


Link to post
Share on other sites

Hi again,

 

OK, please do the following:

 

Then, * Go to start > run and copy and paste next command in the field:

 

ComboFix /u

 

Make sure there's a space between Combofix and /

Then hit enter.

 

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

 

Next:

 

Download and scan with the most recent issue of Combofix:

Please visit this webpage for instructions for downloading and running ComboFix:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

 

jedi

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0