|
|
|
help with this hijak log.....
|
|
|
tony909
Junior Member
|
13. September 2008 @ 04:02 |
Link to this message
|
hey guys just trying to clean up my computer.. i ranned hijackthis and
got this... any help would be appreciated,,,,,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:51 AM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Twain\Twain.exe
C:\Documents and Settings\HP_Administrator\Application Data\SpeedRunner\SpeedRunner.exe
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\GetPack\GetPack21.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...arm1=seconduser
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{90ac6768-4f1b-7f21-546d-1345e34c9c80}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\iobgfvcumspnj.dll" DllStub
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\HP_Administrator\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdwareProMFCT] C:\Program Files\AdwarePro\AdwarePro.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 8254 bytes
Tonymontana
|
|
Advertisement
|
 |
|
|
Senior Member
|
13. September 2008 @ 05:33 |
Link to this message
|
Hey tony909
You are indeed infected. Follow the instructions below to help clean up.
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Then post a new HijackThis log.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
tony909
Junior Member
|
13. September 2008 @ 16:39 |
Link to this message
|
hey i just finishing running combofix and the log
shows the following....
ComboFix 08-09-13.03 - Administrator 2008-09-13 13:25:36.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.322 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\combo-fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Program Files\Common Files\Yazzle1554OinAdmin.exe
C:\Program Files\Common Files\Yazzle1554OinUninstaller.exe
C:\Program Files\GetModule
C:\Program Files\GetModule\dicik.gz
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\GetModule\kwdik.gz
C:\Program Files\GetModule\ozadik.gz
C:\Program Files\iCheck
C:\Program Files\iCheck\iCheck.exe
C:\Program Files\iCheck\Uninstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\WINDOWS\BM8b41974a.txt
C:\WINDOWS\BM8b41974a.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bhyksqow.dll
C:\WINDOWS\system32\htpammox.ini
C:\WINDOWS\system32\iifCTLFu.dll
C:\WINDOWS\system32\oqymxkkf.dll
C:\WINDOWS\system32\qkethgyi.dll
C:\WINDOWS\system32\qoMeBqRj.dll
C:\WINDOWS\system32\uFLTCfii.ini
C:\WINDOWS\system32\uFLTCfii.ini2
C:\WINDOWS\system32\urqQiJBR.dll
C:\WINDOWS\system32\vtsabx.dll
C:\WINDOWS\system32\xommapth.dll
C:\WINDOWS\system32\xqjxpnya.dll
C:\WINDOWS\system32\yqqaolqp.dll
C:\WINDOWS\system32\zznodp.dll
C:\WINDOWS\wnsxs~1
C:\WINDOWS\wnsxs~1\ntvdm.exe
C:\WINDOWS\wnsxs~1\W?nSxS\
C:\Documents and Settings\HP_Administrator\My Documents\YSTEM3~1\w?aclt.exe . . . . failed to delete
C:\Program Files\Common Files\icroso~1.net\t?skmgr.exe . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))
.
2008-09-13 13:12 . 2008-09-13 13:14 <DIR> d-------- C:\Program Files\XoftSpySE
2008-09-13 12:47 . 2008-09-13 12:47 294 --ahs---- C:\WINDOWS\system32\iyghtekq.ini
2008-09-13 07:32 . 2008-09-13 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-09-13 06:55 . 2008-09-13 06:55 253,440 --a------ C:\WINDOWS\system32\ssqQkIXp.dll.vir
2008-09-13 06:51 . 2008-09-13 06:51 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-09-13 06:50 . 2008-09-13 06:50 229,533 --a------ C:\WINDOWS\system32\01257aad.exe
2008-09-13 06:50 . 2008-09-13 06:50 215,329 --a------ C:\WINDOWS\system32\01259cac.exe
2008-09-13 06:50 . 2008-09-13 06:50 144,749 --a------ C:\WINDOWS\system32\01255b8c.exe
2008-09-13 06:50 . 2008-09-13 07:01 96,556 --a------ C:\WINDOWS\stfMeane72.exe
2008-09-13 06:50 . 2008-09-13 06:50 87,116 --a------ C:\WINDOWS\system32\0125a96d.exe
2008-09-13 01:35 . 2008-09-13 01:35 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-09-13 01:34 . 2008-09-13 01:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-13 01:30 . 2008-09-13 12:38 6,144 --a------ C:\WINDOWS\system32\karina.dat.vir
2008-09-13 01:28 . 2008-09-13 01:28 32,768 --a------ C:\tsdi.exe
2008-09-13 01:28 . 2008-09-13 01:28 29,184 --a------ C:\bcje.exe
2008-09-13 01:28 . 2008-09-13 01:28 16,896 --a------ C:\sjle.exe
2008-09-13 01:28 . 2008-09-13 01:28 14,336 --a------ C:\jhvwffvh.exe
2008-09-13 01:28 . 2008-09-13 01:28 6,876 --a------ C:\iojxqrrr.exe
2008-09-13 01:27 . 2008-09-13 01:27 65,536 --a------ C:\tpynsmfc.exe
2008-09-13 01:27 . 2008-09-13 01:27 41,472 --a------ C:\R8VE.exe
2008-09-13 01:27 . 2008-09-13 01:27 7,532 --a------ C:\CFy.exe
2008-09-13 01:17 . 2008-09-13 07:32 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-13 00:54 . 2008-09-13 00:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-13 00:24 . 2004-08-10 05:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-09-13 00:24 . 2004-08-10 05:00 4,224 --a------ C:\WINDOWS\system32\dllcache\beep.sys
2008-09-12 20:44 . 2008-09-12 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 20:30 . 2008-09-13 00:38 <DIR> d-------- C:\Program Files\AdwarePro
2008-09-12 20:23 . 2008-09-12 20:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-12 20:23 . 2008-09-13 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-12 20:12 . 2008-09-12 20:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-12 20:03 . 2008-09-12 20:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Simply Super Software
2008-09-12 19:56 . 2008-09-12 19:57 <DIR> d-------- C:\Program Files\Trojan Remover
2008-09-12 19:56 . 2008-09-12 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-09-12 19:56 . 2008-09-12 19:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-09-12 19:56 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-12 19:56 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-09-12 19:56 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-12 19:56 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-12 19:56 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-09-12 19:51 . 2008-09-12 19:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-09-12 19:46 . 2008-09-13 01:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-09-12 19:40 . 2008-09-12 19:40 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-09-12 18:05 . 2008-09-12 18:05 15,883 --a------ C:\WINDOWS\kawituzaqi.ban
2008-09-12 18:04 . 2008-09-12 18:04 <DIR> d-------- C:\Program Files\OINAnalytics
2008-09-07 20:27 . 2008-09-07 20:27 19,519 --a------ C:\WINDOWS\urobyhi.pif
2008-09-07 20:27 . 2008-09-07 20:27 19,028 --a------ C:\Documents and Settings\All Users\Application Data\ajaleg.vbs
2008-09-07 20:27 . 2008-09-07 20:27 16,966 --a------ C:\WINDOWS\system32\avunyr.bin
2008-09-07 20:27 . 2008-09-07 20:27 15,422 --a------ C:\Documents and Settings\All Users\Application Data\yqujelimi.dll
2008-09-07 20:27 . 2008-09-07 20:27 14,658 --a------ C:\Documents and Settings\All Users\Application Data\iwaxowifuh.vbs
2008-09-07 20:27 . 2008-09-07 20:27 13,859 --a------ C:\WINDOWS\inijoxupap._sy
2008-09-07 20:27 . 2008-09-07 20:27 12,650 --a------ C:\WINDOWS\ucov.exe
2008-09-07 20:27 . 2008-09-07 20:27 11,391 --a------ C:\Documents and Settings\HP_Administrator\Application Data\fyxavebuvy.dll
2008-09-07 20:27 . 2008-09-07 20:27 11,345 --a------ C:\WINDOWS\golibocy.dat
2008-09-07 20:27 . 2008-09-07 20:27 10,671 --a------ C:\WINDOWS\system32\yhubusofus.scr
2008-09-07 20:27 . 2008-09-07 20:27 10,552 --a------ C:\Documents and Settings\HP_Administrator\Application Data\ajiduhe.sys
2008-09-07 20:27 . 2008-09-07 20:27 10,364 --a------ C:\Documents and Settings\All Users\Application Data\urexobasyf.vbs
2008-09-07 20:27 . 2008-09-07 20:27 10,064 --a------ C:\WINDOWS\evusoqyva.scr
2008-09-07 20:19 . 2008-09-07 20:19 0 --a------ C:\WINDOWS\system32\U3L35MEA.exe.a_a
2008-09-07 19:51 . 2008-09-07 19:51 71,723 --a------ C:\WINDOWS\system32\nbxfuajcvm.exe
2008-09-07 19:30 . 2008-09-07 19:30 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-09-07 19:20 . 2008-09-12 20:12 71,992 --a------ C:\WINDOWS\system32\winivstr.exe.vir
2008-09-07 19:19 . 2008-09-13 01:30 9,216 --a------ C:\WINDOWS\system32\buritos.exe.vir
2008-09-07 19:19 . 2008-09-13 01:30 9,216 --a------ C:\WINDOWS\buritos.exe.vir
2008-09-06 20:29 . 2008-09-06 20:29 <DIR> d-------- C:\WINDOWS\qkzk
2008-09-06 20:29 . 2008-09-12 21:08 <DIR> d-------- C:\Program Files\Common Files\qkzk
2008-09-06 20:19 . 2008-09-12 20:26 <DIR> d-------- C:\Program Files\VnrBlock
2008-09-06 19:49 . 2008-09-13 00:56 <DIR> d-------- C:\Program Files\Twain
2008-09-06 19:49 . 2008-09-12 19:56 1,962 --a------ C:\WINDOWS\default.htm.vir
2008-09-06 19:44 . 2008-09-06 19:44 <DIR> d-------- C:\Program Files\Webtools
2008-09-06 19:39 . 2008-09-12 20:06 <DIR> d-------- C:\Program Files\Mjcore
2008-09-06 19:35 . 2008-09-06 19:35 <DIR> d-------- C:\Program Files\uTorrent
2008-09-06 19:34 . 2008-09-12 19:50 8,704 --a------ C:\WINDOWS\system32\smwin32.dll
2008-09-06 19:33 . 2008-09-06 19:33 210,097 --a------ C:\WINDOWS\00963b59.exe
2008-09-06 19:33 . 2008-09-06 19:33 85,008 --a------ C:\WINDOWS\system32\uesiuqcr.exe.vir
2008-09-06 19:33 . 2008-09-12 19:50 15,360 --a------ C:\WINDOWS\system32\getsn32.dll.vir
2008-09-06 19:29 . 2008-09-12 23:11 80,898 --a------ C:\WINDOWS\system32\U3L35MEA.exe
2008-09-06 19:16 . 2008-09-06 19:15 29,824 --a------ C:\WINDOWS\system32\jBT0sE1U.exe
2008-09-06 19:16 . 2008-09-06 19:16 0 --a------ C:\WINDOWS\system32\jBT0sE1U.exe.a_a
2008-09-04 17:02 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-30 23:34 . 2008-08-30 23:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-08-28 02:22 . 2008-08-28 02:22 166,400 --a------ C:\WINDOWS\system32\iobgfvcumspnj.dll
2008-08-27 19:09 . 2008-08-27 19:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-08-27 17:33 . 2008-08-27 17:33 <DIR> d---s---- C:\Documents and Settings\HP_Administrator\UserData
2008-08-26 18:35 . 2008-08-26 18:35 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\funkitron
2008-08-26 09:36 . 2008-08-26 09:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-08-25 21:30 . 2008-08-25 21:30 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MySpace
2008-08-25 21:06 . 2008-08-25 21:06 1,833 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EL479AA-ABA a1221n_YC_0Pavi_QMXF540_E54NAsyMPC1_48_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.25_T050906_WXP2_L409_M504_J200_7Intel_8Pentium 4_93.06_#051121_N10EC8139_Z14F12F20_G80862582.MRK
2008-08-25 21:05 . 2004-10-25 15:17 90,112 --a------ C:\WINDOWS\system32\ps2.EXE
2008-08-25 21:04 . 2005-09-16 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-08-25 21:04 . 2008-08-26 09:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-08-25 21:04 . 2005-09-16 23:06 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
2008-08-25 21:04 . 2005-09-16 23:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-08-25 21:04 . 2005-09-16 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-08-25 21:04 . 2008-09-13 00:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator
2008-08-25 21:03 . 2005-09-16 23:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-08-25 21:03 . 2005-09-16 23:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-08-25 21:03 . 2005-09-16 23:06 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-08-25 21:03 . 2005-09-16 23:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit
2008-08-25 21:03 . 2005-09-16 23:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-08-25 20:30 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-25 20:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-25 19:58 . 2008-09-13 07:03 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-08-25 18:45 . 2008-08-25 18:45 <DIR> d-------- C:\Program Files\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 19:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-13 09:40 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-13 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-13 07:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-08 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-04 23:58 --------- d-----w C:\Program Files\Microsoft Works
2008-08-27 00:35 --------- d-----w C:\Program Files\WildTangent
2008-08-26 04:05 --------- d-----w C:\Program Files\Easy Internet signup
2008-08-25 16:39 --------- d-----w C:\Program Files\Incomplete
2008-08-25 16:38 --------- d-----w C:\Program Files\LimeWire
2008-08-24 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
.
((((((((((((((((((((((((((((( snapshot@2008-09-13_ 1.07.25.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-13 08:35:45 42,248 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll
+ 2008-09-13 08:35:45 27,912 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll
+ 2008-09-13 08:35:45 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll
+ 2008-09-13 08:35:45 83,296 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]
2008-09-11 12:48 229376 --a------ C:\Program Files\OINAnalytics\OINAnalytics.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 114688]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-04 48752]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-16 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-16 98304]
"{90ac6768-4f1b-7f21-546d-1345e34c9c80}"="C:\WINDOWS\system32\iobgfvcumspnj.dll" [2008-08-28 166400]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-10 158208]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 C:\WINDOWS\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Odkkwrax"="C:\Program Files\Common Files\?icrosoft.NET\t?skmgr.exe" [?]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-08-19 20:08 914512 C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{9213bb08-8c1e-46ec-861c-e9d1a08fe6b9} - C:\WINDOWS\system32\zznodp.dll
BHO-{925FBA44-5610-49DF-A05A-CFE64C6CF227} - C:\WINDOWS\system32\iifCTLFu.dll
BHO-{AC32B632-77A9-2020-FB4D-0BA2E1C94E92} - (no file)
BHO-{c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file)
BHO-{D7336D32-62F7-43B5-8B8C-3963C72CA498} - C:\WINDOWS\system32\qoMeBqRj.dll
BHO-{f1a8d27e-29ed-474b-b8a3-57f623b8afac} - (no file)
HKLM-Run-8872a4d6 - C:\WINDOWS\system32\qkethgyi.dll
HKLM-Run-SSC_UserPrompt - c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
HKLM-Run-IS CfgWiz - c:\Program Files\Norton Internet Security\cfgwiz.exe
HKLM-Run-URLLSTCK.exe - c:\Program Files\Norton Internet Security\UrlLstCk.exe
HKLM-Run-BM8b41974a - C:\WINDOWS\system32\yqqaolqp.dll
HKLM-Run-buritos - buritos.exe
HKU-Default-Run-Scbu - C:\WINDOWS\WNSXS~1\ntvdm.exe
HKU-Default-Run-GetModule23 - C:\Program Files\GetModule\GetModule23.exe
ShellExecuteHooks-{D7336D32-62F7-43B5-8B8C-3963C72CA498} - C:\WINDOWS\system32\qoMeBqRj.dll
Notify-qoMeBqRj - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\x3efexyh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 13:31:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-13 13:34:54 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2008-09-13 20:34:48
ComboFix2.txt 2008-09-13 08:07:52
Pre-Run: 173,579,247,616 bytes free
Post-Run: 173,051,834,368 bytes free
291
Tonymontana
|
Senior Member
|
14. September 2008 @ 02:01 |
Link to this message
|
Hey tony909
Please download Superantispyware Free and install it. Follow the prompts and reboot if required.
Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...
Configuring SuperAntispyware
? Click on Preferences.
? In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
? Navigate to the tab Scanning Control.
? Make sure only these boxes are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)
? Click on Close.
Updating SuperAntispyware
? At the main window, click on Check for Updates....
? Wait for SuperAntispyware to be fully updated.
***********************************************************
Before scanning with Superantispyware, let us first make the job easier. Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
Open Notepad and copy/paste the text in the code box below into it:
KILLALL::
Driver::
Beep
103C_HP_CPC_EL479AA-ABAa1221n_YC_0Pavi_QMXF540_E54NAsyMPC1_48_IGoldfish3_SASUSTeK ComputerINC._V1.xx_B3.25_T050906_WXP2_L409_M504_J200_7Intel_8Pentium4_93.06_#051121_N10EC8139_Z14F12F20_G80862582.MRK
File::
C:\WINDOWS\system32\ssqQkIXp.dll.vir
C:\WINDOWS\system32\iyghtekq.ini
C:\WINDOWS\system32\01257aad.exe
C:\WINDOWS\system32\01259cac.exe
C:\WINDOWS\system32\01255b8c.exe
C:\WINDOWS\stfMeane72.exe
C:\WINDOWS\system32\0125a96d.exe
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
C:\WINDOWS\system32\karina.dat.vir
C:\tsdi.exe
C:\bcje.exe
C:\sjle.exe
C:\jhvwffvh.exe
C:\iojxqrrr.exe
C:\tpynsmfc.exe
C:\R8VE.exe
C:\CFy.exe
C:\WINDOWS\urobyhi.pif
C:\Documents and Settings\All Users\Application Data\ajaleg.vbs
C:\WINDOWS\system32\avunyr.bin
C:\Documents and Settings\All Users\Application Data\yqujelimi.dll
C:\Documents and Settings\All Users\Application Data\iwaxowifuh.vbs
C:\WINDOWS\inijoxupap._sy
C:\WINDOWS\ucov.exe
C:\WINDOWS\golibocy.dat
C:\WINDOWS\system32\yhubusofus.scr
C:\Documents and Settings\HP_Administrator\Application Data\ajiduhe.sys
C:\Documents and Settings\All Users\Application Data\urexobasyf.vbs
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\WINDOWS\evusoqyva.scr
C:\WINDOWS\system32\U3L35MEA.exe.a_a
C:\WINDOWS\system32\nbxfuajcvm.exe
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
C:\WINDOWS\system32\winivstr.exe.vir
C:\WINDOWS\system32\buritos.exe.vir
C:\WINDOWS\buritos.exe.vir
C:\WINDOWS\default.htm.vir
C:\WINDOWS\system32\smwin32.dll
C:\WINDOWS\00963b59.exe
C:\WINDOWS\system32\uesiuqcr.exe.vir
C:\WINDOWS\system32\getsn32.dll.vir
C:\WINDOWS\system32\U3L35MEA.exe
C:\WINDOWS\system32\jBT0sE1U.exe
C:\WINDOWS\system32\jBT0sE1U.exe.a_a
C:\WINDOWS\system32\msonpmon.dll
C:\WINDOWS\system32\iobgfvcumspnj.dll
C:\WINDOWS\system32\drivers\103C_HP_CPC_EL479AA-ABAa1221n_YC_0Pavi_QMXF540_E54NAsyMPC1_48_IGoldfish3_SASUSTeK ComputerINC._V1.xx_B3.25_T050906_WXP2_L409_M504_J200_7Intel_8Pentium4_93.06_#051121_N10EC8139_Z14F12F20_G80862582.MRK
Folder::
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\AdwarePro
C:\WINDOWS\qkzk
C:\Program Files\Common Files\qkzk
C:\Program Files\VnrBlock
C:\Program Files\Twain
C:\Program Files\Webtools
C:\Program Files\Mjcore
Save this as CFScript.txt in the same folder as ComboFix.
Then drag the CFScript.txt into Combo-Fix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).
Do not click on the ComoboFix window, as it may cause it to stall.
***********************************************************
Scanning Time
? Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
? Launch SuperAntispyware.
? At the main window, click on Scan your Computer....
? Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
? Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
? Reboot your computer.
Post A Log
? Launch SuperAntispyware
? Click on Preferences
? Navigate to the tab Statistics/Logs.
? Choose the latest scan log, and the click on View Log....
? Copy and paste the contents of the log here in your next post.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 14. September 2008 @ 02:02
|
|
tony909
Junior Member
|
14. September 2008 @ 14:19 |
Link to this message
|
heres the combo fix log...
ComboFix 08-09-13.05 - HP_Administrator 2008-09-14 11:03:45.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.249 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: C:\ComboFix\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\bcje.exe
C:\CFy.exe
C:\Documents and Settings\All Users\Application Data\ajaleg.vbs
C:\Documents and Settings\All Users\Application Data\iwaxowifuh.vbs
C:\Documents and Settings\All Users\Application Data\urexobasyf.vbs
C:\Documents and Settings\All Users\Application Data\yqujelimi.dll
C:\Documents and Settings\HP_Administrator\Application Data\ajiduhe.sys
C:\Program Files\AdwarePro
C:\Program Files\AdwarePro\engine.dat.tmp
C:\Program Files\AdwarePro\SchedulePlan.txt
C:\Program Files\Common Files\qkzk
C:\Program Files\Common Files\qkzk\qkzka.lck
C:\Program Files\Common Files\qkzk\qkzkd\class-barrel
C:\Program Files\Common Files\qkzk\qkzkh
C:\Program Files\Common Files\qkzk\qkzkl.lck
C:\Program Files\Common Files\qkzk\qkzkm.lck
C:\Program Files\Mjcore
C:\Program Files\Twain
C:\Program Files\VnrBlock
C:\Program Files\VnrBlock\xtarga.gz
C:\Program Files\Webtools
C:\R8VE.exe
C:\sjle.exe
C:\tpynsmfc.exe
C:\WINDOWS\00963b59.exe
C:\WINDOWS\buritos.exe.vir
C:\WINDOWS\default.htm.vir
C:\WINDOWS\evusoqyva.scr
C:\WINDOWS\golibocy.dat
C:\WINDOWS\inijoxupap._sy
C:\WINDOWS\qkzk
C:\WINDOWS\qkzk\qkzk.dat
C:\WINDOWS\qkzk\wu
C:\WINDOWS\stfMeane72.exe
C:\WINDOWS\system32\01255b8c.exe
C:\WINDOWS\system32\01257aad.exe
C:\WINDOWS\system32\01259cac.exe
C:\WINDOWS\system32\0125a96d.exe
C:\WINDOWS\system32\avunyr.bin
C:\WINDOWS\system32\buritos.exe.vir
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\WINDOWS\system32\getsn32.dll.vir
C:\WINDOWS\system32\iobgfvcumspnj.dll
C:\WINDOWS\system32\iyghtekq.ini
C:\WINDOWS\system32\jBT0sE1U.exe
C:\WINDOWS\system32\jBT0sE1U.exe.a_a
C:\WINDOWS\system32\karina.dat.vir
C:\WINDOWS\system32\msonpmon.dll
C:\WINDOWS\system32\nbxfuajcvm.exe
C:\WINDOWS\system32\smwin32.dll
C:\WINDOWS\system32\ssqQkIXp.dll.vir
C:\WINDOWS\system32\U3L35MEA.exe
C:\WINDOWS\system32\U3L35MEA.exe.a_a
C:\WINDOWS\system32\uesiuqcr.exe.vir
C:\WINDOWS\system32\winivstr.exe.vir
C:\WINDOWS\system32\yhubusofus.scr
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
C:\WINDOWS\ucov.exe
C:\WINDOWS\urobyhi.pif
J:\autorun.inf
shell\open\default=1C:\Program Files\Common Files\icroso~1.net\t?skmgr.exe
C:\Documents and Settings\HP_Administrator\My Documents\YSTEM3~1\w?aclt.exe . . . . failed to delete
C:\Program Files\Common Files\icroso~1.net\t?skmgr.exe . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BEEP
-------\Service_Beep
((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 )))))))))))))))))))))))))))))))
.
2008-09-14 10:46 . 2008-09-14 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-14 10:45 . 2008-09-14 10:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-14 10:45 . 2008-09-14 10:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-09-13 23:45 . 2008-09-13 23:45 21,504 --a------ C:\WINDOWS\system32\judgjrin32.dll
2008-09-13 23:31 . 2008-09-13 23:31 21,504 --a------ C:\WINDOWS\system32\judgjrin.dll
2008-09-13 15:09 . 2008-09-13 15:09 326,656 --a------ C:\WINDOWS\system32\khfcaBqQ.dll
2008-09-13 14:51 . 2008-09-13 16:19 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-13 14:51 . 2008-09-13 16:19 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-13 14:25 . 2008-09-13 23:25 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-09-13 14:20 . 2008-09-13 14:20 <DIR> d-------- C:\1628ba
2008-09-13 14:20 . 2008-09-13 14:20 <DIR> d-------- C:\15fbfd
2008-09-13 14:19 . 2008-09-13 14:19 <DIR> d-------- C:\158fb6
2008-09-13 14:19 . 2008-09-13 14:19 133,248 --a------ C:\WINDOWS\system32\drivers\ethzfczr.sys
2008-09-13 14:18 . 2008-09-13 14:18 34,816 --a------ C:\ueqf.exe
2008-09-13 14:18 . 2008-09-13 14:18 10,000 --a------ C:\WINDOWS\system32\gjm86akm34.dll
2008-09-13 14:18 . 2008-09-13 14:18 2 --a------ C:\-2005752711
2008-09-13 14:17 . 2004-08-10 12:00 8,704 --a------ C:\WINDOWS\system32\reset5e.dll
2008-09-13 14:17 . 2008-09-13 14:17 7,532 --a------ C:\uxs.exe
2008-09-13 13:12 . 2008-09-13 13:54 <DIR> d-------- C:\Program Files\XoftSpySE
2008-09-13 07:32 . 2008-09-13 07:47 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-09-13 06:51 . 2008-09-13 06:51 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-09-13 01:35 . 2008-09-13 01:35 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-09-13 01:34 . 2008-09-13 01:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-13 01:17 . 2008-09-13 07:32 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-13 00:54 . 2008-09-13 00:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-12 20:44 . 2008-09-12 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 20:23 . 2008-09-12 20:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-12 20:23 . 2008-09-13 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-12 20:12 . 2008-09-12 20:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-12 20:03 . 2008-09-12 20:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Simply Super Software
2008-09-12 19:56 . 2008-09-12 19:57 <DIR> d-------- C:\Program Files\Trojan Remover
2008-09-12 19:56 . 2008-09-12 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-09-12 19:56 . 2008-09-12 19:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-09-12 19:56 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-12 19:56 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-09-12 19:56 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-12 19:56 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-12 19:56 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-09-12 19:51 . 2008-09-12 19:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-09-12 19:46 . 2008-09-13 01:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-09-12 19:40 . 2008-09-12 19:40 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-09-12 18:05 . 2008-09-12 18:05 15,883 --a------ C:\WINDOWS\kawituzaqi.ban
2008-09-12 18:04 . 2008-09-12 18:04 <DIR> d-------- C:\Program Files\OINAnalytics
2008-09-07 20:27 . 2008-09-07 20:27 11,391 --a------ C:\Documents and Settings\HP_Administrator\Application Data\fyxavebuvy.dll
2008-09-06 19:35 . 2008-09-06 19:35 <DIR> d-------- C:\Program Files\uTorrent
2008-08-30 23:34 . 2008-08-30 23:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-08-27 19:09 . 2008-08-27 19:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HP
2008-08-27 17:33 . 2008-08-27 17:33 <DIR> d---s---- C:\Documents and Settings\HP_Administrator\UserData
2008-08-26 18:35 . 2008-08-26 18:35 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\funkitron
2008-08-26 09:36 . 2008-08-26 09:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-08-25 21:30 . 2008-08-25 21:30 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MySpace
2008-08-25 21:06 . 2008-08-25 21:06 1,833 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EL479AA-ABA a1221n_YC_0Pavi_QMXF540_E54NAsyMPC1_48_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.25_T050906_WXP2_L409_M504_J200_7Intel_8Pentium 4_93.06_#051121_N10EC8139_Z14F12F20_G80862582.MRK
2008-08-25 21:05 . 2004-10-25 15:17 90,112 --a------ C:\WINDOWS\system32\ps2.EXE
2008-08-25 21:04 . 2005-09-16 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-08-25 21:04 . 2008-08-26 09:36 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-08-25 21:04 . 2005-09-16 23:06 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
2008-08-25 21:04 . 2005-09-16 23:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-08-25 21:04 . 2005-09-16 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-08-25 21:04 . 2008-09-13 13:44 <DIR> d-------- C:\Documents and Settings\HP_Administrator
2008-08-25 21:03 . 2005-09-16 23:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-08-25 20:30 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-25 20:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-25 19:58 . 2008-09-14 11:09 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-08-25 18:45 . 2008-08-25 18:45 <DIR> d-------- C:\Program Files\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 23:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-13 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-13 23:19 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-13 23:19 --------- d-----w C:\Program Files\Symantec
2008-09-13 20:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 20:43 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-13 19:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-13 07:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-08 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-04 23:58 --------- d-----w C:\Program Files\Microsoft Works
2008-08-27 00:35 --------- d-----w C:\Program Files\WildTangent
2008-08-25 16:39 --------- d-----w C:\Program Files\Incomplete
2008-08-25 16:38 --------- d-----w C:\Program Files\LimeWire
2008-08-24 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
.
((((((((((((((((((((((((((((( snapshot_2008-09-14_ 0.15.30.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-14 17:45:51 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-14 17:45:51 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]
2008-09-11 12:48 229376 --a------ C:\Program Files\OINAnalytics\OINAnalytics.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5BF49A2-94F3-42BD-F434-3604812C897D}]
2008-09-13 14:18 10000 --a------ C:\WINDOWS\system32\gjm86akm34.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 114688]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 84640]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-16 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-16 98304]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [BU]
"BM8b41974a"="C:\WINDOWS\system32\yqqaolqp.dll" [BU]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 26248]
"8872a4d6"="C:\WINDOWS\system32\fgfsqjjb.dll" [BU]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 C:\WINDOWS\system32\HdAShCut.exe]
"buritos"="buritos.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Odkkwrax"="C:\Program Files\Common Files\?icrosoft.NET\t?skmgr.exe" [?]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C5BF49A2-94F3-42BD-F434-3604812C897D}"= "C:\WINDOWS\system32\gjm86akm34.dll" [2008-09-13 10000]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRjhee]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\judgjrin]
2008-09-13 23:45 21504 C:\WINDOWS\system32\judgjrin32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMeBqRj]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fos65.sys]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-08-19 20:08 914512 C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
S1 ethzfczr;ethzfczr;C:\WINDOWS\system32\drivers\ethzfczr.sys [2008-09-13 133248]
S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{3E502482-11F4-4DF7-AA3C-16A34D78FD3C} - (no file)
BHO-{5D3DC08D-381D-42CE-8562-5F627626C2D9} - (no file)
BHO-{9213bb08-8c1e-46ec-861c-e9d1a08fe6b9} - (no file)
BHO-{925FBA44-5610-49DF-A05A-CFE64C6CF227} - (no file)
BHO-{AC32B632-77A9-2020-FB4D-0BA2E1C94E92} - (no file)
BHO-{c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file)
BHO-{D7336D32-62F7-43B5-8B8C-3963C72CA498} - (no file)
BHO-{f1a8d27e-29ed-474b-b8a3-57f623b8afac} - (no file)
HKLM-Run-{90ac6768-4f1b-7f21-546d-1345e34c9c80} - C:\WINDOWS\system32\iobgfvcumspnj.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 11:09:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\judgjrin32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-14 11:12:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-14 18:12:17
ComboFix2.txt 2008-09-14 07:15:58
ComboFix3.txt 2008-09-13 20:34:55
ComboFix4.txt 2008-09-13 08:07:52
Pre-Run: 173,628,141,568 bytes free
Post-Run: 173,617,635,328 bytes free
305
Tonymontana
|
|
tony909
Junior Member
|
14. September 2008 @ 17:19 |
Link to this message
|
heres the superantispyware log... i ranned it in safemode, but it
did not make a log.. so i ranned it again in normal starup and got this log....
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/14/2008 at 01:57 PM
Application Version : 4.21.1004
Core Rules Database Version : 3566
Trace Rules Database Version: 1554
Scan type : Complete Scan
Total Scan Time : 00:59:50
Memory items scanned : 393
Memory threats detected : 1
Registry items scanned : 6253
Registry threats detected : 12
File items scanned : 98905
File threats detected : 19
Rootkit.Dropper/BotNet
C:\WINDOWS\SYSTEM32\JUDGJRIN32.DLL
C:\WINDOWS\SYSTEM32\JUDGJRIN32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\judgjrin
C:\WINDOWS\SYSTEM32\JUDGJRIN.DLL
Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5BF49A2-94F3-42BD-F434-3604812C897D}
Rootkit.Dopper/ETH
HKLM\System\ControlSet001\Services\ethzfczr
C:\WINDOWS\SYSTEM32\DRIVERS\ETHZFCZR.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_ethzfczr
HKLM\System\ControlSet003\Services\ethzfczr
HKLM\System\ControlSet003\Enum\Root\LEGACY_ethzfczr
HKLM\System\CurrentControlSet\Services\ethzfczr
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ethzfczr
Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
Trojan.FakeAlert/Desktop
HKU\S-1-5-21-1316273570-1447017622-1403318424-1008\CONTROL PANEL\DESKTOP#WALLPAPER
HKU\S-1-5-21-1316273570-1447017622-1403318424-1008\CONTROL PANEL\DESKTOP#ORIGINALWALLPAPER
HKU\S-1-5-21-1316273570-1447017622-1403318424-1008\CONTROL PANEL\DESKTOP#CONVERTEDWALLPAPER
Trojan.Unclassified/Buritos
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#buritos [ buritos.exe ]
Adware.ClickSpring
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\?YSTEM32\W?ACLT.EXE
C:\PROGRAM FILES\COMMON FILES\?ICROSOFT.NET\T?SKMGR.EXE
Trojan.Dropper/Gen-Packed
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\SPEEDRUNNER\SRUNINSTALL.EXE.VIR
Adware.Unknown Origin
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\QKZK\QKZKD\CLASS-BARREL.VIR
Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1554OINADMIN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1554OINUNINSTALLER.EXE.VIR
Adware.AdSponsor/ISM-GetModule
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\GETMODULE\GETMODULE20.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\GETMODULE\GETMODULE21.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\GETMODULE\GETMODULE23.EXE.VIR
Adware.AdSponsor/ISM-GetPack
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\GETPACK\GETPACK21.EXE.VIR
Adware.AdSponsor/ISM
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ICHECK\ICHECK.EXE.VIR
NotHarmful.Sysinternals Bluescreen Screen Saver
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BLPHCG8JJ0E585.SCR.VIR
Trojan.Downloader-Gen/Win
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KARINA.DAT.VIR.VIR
Trojan.Unclassified/Uesiuqcr
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UESIUQCR.EXE.VIR.VIR
Adware.ClickSpring/Outerinfo
C:\QOOBOX\QUARANTINE\C\WINDOWS\WNSXS~1\NTVDM.EXE.VIR
Tonymontana
|
Senior Member
|
15. September 2008 @ 09:55 |
Link to this message
|
Goody.... the malware's getting destroyed. Now, post a new HijackThis log, and tell me what problems you have left.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
tony909
Junior Member
|
15. September 2008 @ 11:51 |
Link to this message
|
my computer is working great now,, looks like its all cleaned up, i installed a fresh copy or norton antivirus 07 and it finished up the job.... Thanks a lot for your help, appreciate it......
Tonymontana
|
|
Advertisement
|
|
|
Senior Member
|
16. September 2008 @ 09:49 |
Link to this message
|
|
Hey tony909
You're welcome. If you have any more problems, feel free to come back.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
