Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Bad Virtumonde Infection

  1. 2008-04-25, 13:48 #1
    slash_tbh
    slash_tbh is offline
    Member
    Join Date
    Apr 2008
    Posts
    47

    Exclamation Bad Virtumonde Infection

    I'm not Sure HOW i got this virus, but its been keeping me from doing alot things on the web.

    I did read the "Read before posting" Topic but I think i'm so baddly infected that Kaspersky is failing to run, i get an error "Unknown error detected while checking the license for kaspersky online scanner product"

    I'm not sure how to go on with this, i've trying to get rid of it for 2weeks now, i've tried doing a distructive system restore as well but it just seems to lay dormant untill i get on the web long enough. i've download the combofix but haven't touched it yet. Waiting for futher info on what to do about this.

    And thank you for you time.
  2. 2008-04-25, 14:30 #2
    Rorschach112
    Rorschach112 is offline
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Hello

    Delete ComboFix.exe there and do this


    Please visit this webpage for instructions for downloading and running ComboFix:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    This includes installing the Windows XP Recovery Console in case you have not installed it yet.

    for more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. once you install the Recovery Console, when you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. that is normal.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~
  3. 2008-04-25, 23:08 #3
    slash_tbh
    slash_tbh is offline
    Member
    Join Date
    Apr 2008
    Posts
    47

    Default

    Hi Here are the requested logs, sorry i was away w/o notice.. been up all night trying to fix this..

    ComboFix 08-04-24.1 - Owner 2008-04-25 6:17:21.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.239 [GMT -7:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Common Files\mcroso~1.net
    C:\Program Files\Common Files\mcroso~1.net\M?crosoft.NET\
    C:\Program Files\Common Files\mcroso~1.net\nslookup.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\Behjmnnn.ini
    C:\WINDOWS\system32\Behjmnnn.ini2
    C:\WINDOWS\system32\cefuoawl.dll
    C:\WINDOWS\system32\glrxhkpn.dll
    C:\WINDOWS\system32\HjmnnUtv.ini
    C:\WINDOWS\system32\HjmnnUtv.ini2
    C:\WINDOWS\system32\ilUCLnpo.ini
    C:\WINDOWS\system32\ilUCLnpo.ini2
    C:\WINDOWS\system32\irumxrq.dll
    C:\WINDOWS\system32\ljJCvUMC.dll
    C:\WINDOWS\system32\ljJcyVon.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\npkhxrlg.ini
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\sks~1
    C:\WINDOWS\system32\sks~1\l?gonui.exe
    C:\WINDOWS\system32\vruwrhuf.dll
    C:\WINDOWS\system32\vtUnnmjH.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
    .

    2008-04-25 04:01 . 2008-04-25 04:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-04-25 04:01 . 2008-04-25 04:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-25 03:49 . 2008-04-25 03:49 <DIR> d-------- C:\Documents and Settings\Owner\dwhelper
    2008-04-25 03:12 . 2008-04-25 03:12 <DIR> d-------- C:\Program Files\Safer Networking
    2008-04-24 23:27 . 2002-12-12 00:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-04-24 21:28 . 2008-04-24 21:28 136 --ah----- C:\sqmnoopt02.sqm
    2008-04-24 21:28 . 2008-04-24 21:28 136 --ah----- C:\sqmdata02.sqm
    2008-04-24 13:47 . 2008-04-24 13:47 1,509,099 --ahs---- C:\WINDOWS\system32\uugsaihc.ini
    2008-04-24 13:37 . 2008-04-24 13:37 268 --ah----- C:\sqmdata01.sqm
    2008-04-24 13:37 . 2008-04-24 13:37 244 --ah----- C:\sqmnoopt01.sqm
    2008-04-24 13:13 . 2008-04-24 13:16 543 --a------ C:\WINDOWS\wininit.ini
    2008-04-24 12:20 . 2008-04-24 12:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-24 12:20 . 2008-04-24 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-24 03:21 . 2008-04-24 03:21 268 --ah----- C:\sqmdata00.sqm
    2008-04-24 03:21 . 2008-04-24 03:21 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-23 21:41 . 2008-04-24 13:12 1,540,789 --ahs---- C:\WINDOWS\system32\sdythuuj.ini
    2008-04-23 15:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-04-23 15:55 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-04-23 07:06 . 2008-04-23 07:10 <DIR> d-------- C:\Program Files\BitLord
    2008-04-23 06:30 . 2008-04-23 07:23 <DIR> d-------- C:\Program Files\eMule
    2008-04-23 04:40 . 2008-04-23 04:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Soldat
    2008-04-23 04:40 . 2008-04-23 04:40 0 -ra------ C:\logwmemory.bin
    2008-04-23 04:36 . 2008-04-23 04:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-23 04:35 . 2008-04-23 04:35 <DIR> d-------- C:\Program Files\MSN Messenger
    2008-04-23 04:30 . 2008-04-23 04:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
    2008-04-23 04:29 . 2008-04-23 04:30 <DIR> d-------- C:\Program Files\Viewpoint
    2008-04-23 04:29 . 2008-04-23 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-04-23 04:29 . 2008-04-23 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
    2008-04-23 04:29 . 2008-04-23 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
    2008-04-23 04:28 . 2008-04-23 04:28 <DIR> d-------- C:\Program Files\Common Files\AOL
    2008-04-23 04:28 . 2008-04-23 04:30 <DIR> d-------- C:\Program Files\AIM6
    2008-04-23 04:28 . 2008-04-23 04:30 450 --ah----- C:\IPH.PH
    2008-04-23 04:08 . 2007-03-07 16:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-04-23 04:08 . 2007-03-07 16:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-04-23 04:07 . 2008-04-23 04:12 <DIR> d-------- C:\Program Files\Winamp
    2008-04-23 04:07 . 2008-04-23 04:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
    2008-04-23 04:07 . 2007-03-07 16:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
    2008-04-23 03:23 . 2008-04-23 03:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nexon
    2008-04-23 02:59 . 2008-04-23 02:59 <DIR> d-------- C:\Nexon
    2008-04-23 01:54 . 2008-04-23 01:55 <DIR> d-------- C:\Program Files\Unlocker
    2008-04-22 21:53 . 2008-04-22 21:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\.clamwin
    2008-04-22 21:52 . 2008-04-22 21:52 <DIR> d-------- C:\Program Files\ClamWin
    2008-04-22 21:52 . 2008-04-22 21:52 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
    2008-04-22 21:41 . 2003-03-03 10:24 33,792 --a------ C:\WINDOWS\ieuninst.exe
    2008-04-22 21:36 . 2008-04-22 21:37 1,540,617 --ahs---- C:\WINDOWS\system32\lirosyxt.ini
    2008-04-22 21:34 . 2008-04-25 04:05 109,772 --a------ C:\WINDOWS\BMbff1958b.xml
    2008-04-22 21:31 . 2002-08-29 01:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-04-22 21:31 . 2002-08-29 01:50 24,960 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-04-22 21:28 . 2008-04-22 21:28 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
    2008-04-22 21:28 . 2008-04-22 21:28 <DIR> d-------- C:\Temp\berDrv11
    2008-04-22 21:28 . 2008-04-22 21:28 <DIR> d-------- C:\Temp
    2008-04-22 21:23 . 2008-04-22 21:23 <DIR> d-------- C:\WINDOWS\Sun
    2008-04-22 19:03 . 2002-08-29 01:32 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2008-04-22 19:03 . 2002-08-28 23:16 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2008-04-22 19:03 . 2002-08-29 02:00 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2008-04-22 19:03 . 2002-08-29 02:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2008-04-22 19:03 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2008-04-22 19:03 . 2001-08-17 13:59 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2008-04-22 19:03 . 2002-08-29 01:32 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2008-04-22 19:03 . 2002-08-29 01:32 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2008-04-22 19:02 . 2008-04-22 19:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2008-04-22 19:02 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2008-04-22 19:02 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2008-04-22 19:02 . 2002-08-29 01:33 55,680 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
    2008-04-22 19:02 . 2005-02-24 20:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-04-22 19:02 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2008-04-22 18:59 . 2008-04-22 18:59 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-04-22 18:58 . 2008-04-25 06:28 247 --a------ C:\WINDOWS\system\hpsysdrv.dat
    2008-04-22 18:57 . 2004-07-01 15:08 361,984 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
    2008-04-22 18:57 . 2004-07-01 15:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
    2008-04-22 18:57 . 2004-07-01 15:08 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
    2008-04-22 18:57 . 2004-06-30 16:59 158,720 --a------ C:\WINDOWS\system32\xpob2res.dll
    2008-04-22 18:57 . 2004-07-01 15:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2008-04-22 18:57 . 2004-07-01 15:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
    2008-04-22 18:57 . 2004-07-01 15:08 7,680 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
    2008-04-22 18:57 . 2004-07-01 15:08 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
    2008-04-22 18:57 . 2004-07-01 15:08 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
    2008-04-22 18:57 . 2004-07-01 15:08 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
    2008-04-22 18:55 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
    2008-04-22 18:55 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-04-22 18:55 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-04-22 18:55 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-04-22 18:55 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2008-04-22 18:53 . 2008-04-22 18:53 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
    2008-04-22 18:53 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
    2008-04-22 18:53 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
    2008-04-22 18:53 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
    2008-04-22 18:53 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2008-04-22 18:53 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2008-04-22 18:53 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
    2008-04-22 18:51 . 2008-04-22 18:51 <DIR> d--h----- C:\BJPrinter
    2008-04-22 18:51 . 2002-09-05 14:00 87,552 --a------ C:\WINDOWS\system32\CNMLM3m.DLL
    2008-04-22 18:51 . 2002-07-30 02:59 73,728 --a------ C:\WINDOWS\system32\CNMCP3m.exe
    2008-04-22 18:51 . 2002-09-05 14:00 5,632 --a------ C:\WINDOWS\system32\CNMVS3m.DLL
    2008-04-22 18:46 . 2008-04-22 18:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
    2008-04-22 18:46 . 2008-04-22 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-04-22 18:42 . 2008-04-25 03:12 <DIR> dr------- C:\Program Files
    2008-04-22 18:42 . 2008-04-22 18:53 <DIR> dr------- C:\Documents and Settings\All Users\Documents
    2008-04-22 18:39 . 2008-04-23 04:11 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
    2008-04-22 17:33 . 2008-04-22 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-04-22 17:32 . 2008-04-22 17:32 <DIR> d-------- C:\Program Files\Yahoo!
    2008-04-22 17:24 . 2008-04-22 17:24 0 --a------ C:\WINDOWS\nsreg.dat
    2008-04-22 17:18 . 2008-04-22 17:21 3,884 --a------ C:\WINDOWS\viassary-hp.reg
    2008-04-22 17:14 . 2008-04-22 17:14 4,158 -rahs---- C:\WINDOWS\system32\drivers\HP_DQ174A-ABA A410N_YC_Pavi_QMXK349_E41NAheBLU4_4_IMS-6577_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.02_T031031_WXH1_L409_M504_J123_7Intel_8Celeron_92.8_111063044_N10EC8139_P_Z11C1044C_K_A808624C5_U808624C2_G80862562.MRK
    2008-04-22 17:13 . 2003-10-13 22:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
    2008-04-22 17:13 . 2003-10-10 21:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
    2008-04-22 17:13 . 2003-10-10 22:47 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
    2008-04-22 17:13 . 2003-10-13 22:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\interMute
    2008-04-22 17:12 . 2003-10-10 22:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
    2008-04-22 17:12 . 2008-04-25 01:05 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
    2008-04-22 17:10 . 2008-04-22 17:10 <DIR> d-------- C:\Program Files\ArcSoft
    2008-04-22 17:10 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
    2008-04-22 17:09 . 2008-04-22 17:09 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2008-04-22 17:09 . 2008-04-22 17:09 <DIR> d-------- C:\Program Files\Multimedia Card Reader
    2008-04-22 17:07 . 2002-08-29 01:09 62,976 --a------ C:\WINDOWS\system32\drivers\pci.sys
    2008-04-22 17:06 . 2001-08-17 13:58 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
    2008-04-22 17:05 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
    2008-04-22 17:05 . 2002-08-29 01:27 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
    2008-04-22 17:04 . 2003-10-10 22:19 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
    2008-04-22 17:04 . 2008-04-22 17:12 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-23 00:18 --------- d-----w C:\Program Files\Easy Internet signup
    2008-04-23 00:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83955744-3395-48D8-848B-10BEFB2BC81A}]
    C:\WINDOWS\System32\opnLCUli.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6759C9B-BF22-40AF-BB88-E9A24968B967}]
    C:\WINDOWS\System32\nnnmjheB.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 07:07 114688]
    "CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 07:23 90112]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 02:55 483328]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01 110592]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 21:58 151597]
    "AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 19:19 53248]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
    "VTTimer"="VTTimer.exe" []
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 00:59 70816]
    "LTMSG"="LTMSG.exe" [2003-07-14 17:52 40960 C:\WINDOWS\ltmsg.exe]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 13:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 20:11 139264]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 18:13 118784]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 16:37 53248]
    "AntiSpywareMaster"="C:\Program Files\AntiSpywareMaster\asm.exe" [ ]
    "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-04-19 16:35 77824]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 22:10 15872]

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-13 22:24:52 557056]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 08:20:40 233472]
    Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 04:49:48 57344]
    Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-10 22:26:40 16384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJcyVon]
    ljJcyVon.dll

    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]

    *Newly Created Service* - ALG
    *Newly Created Service* - IPNAT
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-23 00:18:22 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
    - C:\Program Files\Easy Internet signup\HPSdpApp.exe
    "2008-04-25 06:29:45 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
    - c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
    "2008-04-25 06:29:47 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-25 06:28:49
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP.NEW 468 bytes
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP.NEW 2672 bytes
    C:\WINDOWS\system32\wbem\Repository\FS\ROLL_FORWARD 0 bytes

    scan completed successfully
    hidden files: 3

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Unlocker\UnlockerHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-25 6:32:43 - machine was rebooted [Owner]
    ComboFix-quarantined-files.txt 2008-04-25 13:32:31

    Pre-Run: 104,230,498,304 bytes free
    Post-Run: 104,194,588,672 bytes free

    244 --- E O F --- 2008-04-23 21:00:37



    <Hijackthis Log>
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:01, on 2008-04-25
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\ClamWin\bin\ClamTray.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {83955744-3395-48D8-848B-10BEFB2BC81A} - C:\WINDOWS\System32\opnLCUli.dll (file missing)
    O2 - BHO: (no name) - {F6759C9B-BF22-40AF-BB88-E9A24968B967} - C:\WINDOWS\System32\nnnmjheB.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1208915641656
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1208916465093
    O20 - Winlogon Notify: ljJcyVon - ljJcyVon.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8128 bytes
  4. 2008-04-26, 13:17 #4
    Rorschach112
    Rorschach112 is offline
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: (no name) - {83955744-3395-48D8-848B-10BEFB2BC81A} - C:\WINDOWS\System32\opnLCUli.dll (file missing)
    O2 - BHO: (no name) - {F6759C9B-BF22-40AF-BB88-E9A24968B967} - C:\WINDOWS\System32\nnnmjheB.dll (file missing)
    O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O20 - Winlogon Notify: ljJcyVon - ljJcyVon.dll (file missing)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    1. Close any open browsers.

    2. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\WINDOWS\system32\uugsaihc.ini
    C:\WINDOWS\system32\sdythuuj.ini
    C:\WINDOWS\system32\lirosyxt.ini
    C:\WINDOWS\BMbff1958b.xml

    Folder::
    C:\WINDOWS\system32\xcsDd01
    C:\Temp\berDrv11
    C:\Program Files\AntiSpywareMaster

    Registry::

    Driver::
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall



    Reboot and post a new HijackThis log
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~
  5. 2008-04-27, 02:29 #5
    slash_tbh
    slash_tbh is offline
    Member
    Join Date
    Apr 2008
    Posts
    47

    Default

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
    "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 08:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04 52736]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 14:51 118784]
    "CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 06:23 90112]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:55 483328]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 07:01 110592]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 20:58 151597]
    "AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19 53248]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42 212992]
    "VTTimer"="VTTimer.exe" []
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 23:59 70816]
    "LTMSG"="LTMSG.exe" [2003-07-14 16:52 40960 C:\WINDOWS\ltmsg.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 19:11 139264]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 17:13 118784]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 15:37 53248]
    "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-04-19 15:35 77824]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 21:10 15872]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 14:55 155648]

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-13 21:24:52 557056]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 07:20:40 233472]
    Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 03:49:48 57344]
    Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-10 21:26:40 16384]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-23 00:18:22 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
    - C:\Program Files\Easy Internet signup\HPSdpApp.exe
    "2008-04-26 10:57:19 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
    - c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
    "2008-04-25 06:29:47 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-26 16:03:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Unlocker\UnlockerHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-26 16:07:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-27 00:07:31
    ComboFix2.txt 2008-04-25 13:32:45

    Pre-Run: 96,266,366,976 bytes free
    Post-Run: 96,243,855,360 bytes free

    5069 --- E O F --- 2008-04-26 22:11:18
  6. 2008-04-27, 02:34 #6
    slash_tbh
    slash_tbh is offline
    Member
    Join Date
    Apr 2008
    Posts
    47

    Default

    Sorry. i got this error in the forum saying my post was too long. that was the end of it i think. Is there somewhere i can upload this log too?
  7. 2008-04-27, 14:09 #7
    Rorschach112
    Rorschach112 is offline
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    You will need to use multiple posts to fit it all

    Can you try post it again
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~
  8. 2008-04-27, 16:28 #8
    slash_tbh
    slash_tbh is offline
    Member
    Join Date
    Apr 2008
    Posts
    47

    Default

    ComboFix 08-04-24.1 - Owner 2008-04-26 15:58:10.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.213 [GMT -8:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    C:\WINDOWS\BMbff1958b.xml
    C:\WINDOWS\system32\lirosyxt.ini
    C:\WINDOWS\system32\sdythuuj.ini
    C:\WINDOWS\system32\uugsaihc.ini
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\berDrv11
    C:\Temp\berDrv11\fxpNbu.log
    C:\WINDOWS\BMbff1958b.xml
    C:\WINDOWS\system32\lirosyxt.ini
    C:\WINDOWS\system32\sdythuuj.ini
    C:\WINDOWS\system32\uugsaihc.ini
    C:\WINDOWS\system32\xcsDd01
    C:\WINDOWS\system32\xcsDd01\xcsDd011065.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NWSAPAGENT
    -------\Service_NwSapAgent


    ((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
    .

    2008-04-26 14:31 . 2002-04-11 20:21 13,335 --a------ C:\WINDOWS\system32\drivers\usbcm.sys
    2008-04-26 14:04 . 2006-08-21 01:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2008-04-26 14:04 . 2006-08-21 01:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
    2008-04-26 14:04 . 2006-08-21 04:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
    2008-04-26 13:59 . 2008-04-26 13:59 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-04-26 09:23 . 2007-07-09 05:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-04-26 03:57 . 2008-04-26 03:57 <DIR> d-------- C:\WINDOWS\provisioning
    2008-04-26 03:57 . 2008-04-26 03:57 <DIR> d-------- C:\WINDOWS\peernet
    2008-04-26 03:54 . 2008-04-26 03:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-04-26 03:41 . 2008-04-26 03:41 <DIR> d-------- C:\WINDOWS\EHome
    2008-04-26 03:23 . 2004-08-20 14:50 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
    2008-04-26 02:30 . 2004-08-03 22:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2008-04-26 02:30 . 2004-08-03 22:07 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2008-04-25 03:01 . 2008-04-25 03:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-04-25 03:01 . 2008-04-25 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-25 02:49 . 2008-04-25 02:49 <DIR> d-------- C:\Documents and Settings\Owner\dwhelper
    2008-04-25 02:12 . 2008-04-25 02:12 <DIR> d-------- C:\Program Files\Safer Networking
    2008-04-24 22:27 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-04-24 20:28 . 2008-04-24 20:28 136 --ah----- C:\sqmnoopt02.sqm
    2008-04-24 20:28 . 2008-04-24 20:28 136 --ah----- C:\sqmdata02.sqm
    2008-04-24 12:37 . 2008-04-24 12:37 268 --ah----- C:\sqmdata01.sqm
    2008-04-24 12:37 . 2008-04-24 12:37 244 --ah----- C:\sqmnoopt01.sqm
    2008-04-24 12:13 . 2008-04-24 12:16 543 --a------ C:\WINDOWS\wininit.ini
    2008-04-24 11:20 . 2008-04-24 11:21 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-24 11:20 . 2008-04-24 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-24 02:21 . 2008-04-24 02:21 268 --ah----- C:\sqmdata00.sqm
    2008-04-24 02:21 . 2008-04-24 02:21 244 --ah----- C:\sqmnoopt00.sqm
    2008-04-23 14:55 . 2007-07-30 18:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-04-23 14:55 . 2007-07-30 18:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-04-23 06:06 . 2008-04-23 06:10 <DIR> d-------- C:\Program Files\BitLord
    2008-04-23 05:30 . 2008-04-23 06:23 <DIR> d-------- C:\Program Files\eMule
    2008-04-23 03:40 . 2008-04-23 03:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Soldat
    2008-04-23 03:40 . 2008-04-23 03:40 0 -ra------ C:\logwmemory.bin
    2008-04-23 03:36 . 2008-04-23 03:36 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-23 03:35 . 2008-04-23 03:35 <DIR> d-------- C:\Program Files\MSN Messenger
    2008-04-23 03:30 . 2008-04-23 03:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
    2008-04-23 03:29 . 2008-04-23 03:30 <DIR> d-------- C:\Program Files\Viewpoint
    2008-04-23 03:29 . 2008-04-23 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-04-23 03:29 . 2008-04-23 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
    2008-04-23 03:29 . 2008-04-23 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
    2008-04-23 03:28 . 2008-04-23 03:28 <DIR> d-------- C:\Program Files\Common Files\AOL
    2008-04-23 03:28 . 2008-04-23 03:30 <DIR> d-------- C:\Program Files\AIM6
    2008-04-23 03:28 . 2008-04-23 03:30 450 --ah----- C:\IPH.PH
    2008-04-23 03:08 . 2007-03-07 15:51 9,464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-04-23 03:08 . 2007-03-07 15:51 9,336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-04-23 03:07 . 2008-04-23 03:12 <DIR> d-------- C:\Program Files\Winamp
    2008-04-23 03:07 . 2008-04-23 03:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
    2008-04-23 03:07 . 2007-03-07 15:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
    2008-04-23 02:23 . 2008-04-23 02:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nexon
    2008-04-23 01:59 . 2008-04-23 01:59 <DIR> d-------- C:\Nexon
    2008-04-23 00:54 . 2008-04-23 00:55 <DIR> d-------- C:\Program Files\Unlocker
    2008-04-22 20:53 . 2008-04-22 20:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\.clamwin
    2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Program Files\ClamWin
    2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin
    2008-04-22 20:41 . 2003-03-03 09:24 33,792 --a------ C:\WINDOWS\ieuninst.exe
    2008-04-22 20:31 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-04-22 20:28 . 2008-04-26 15:58 <DIR> d-------- C:\Temp
    2008-04-22 20:23 . 2008-04-22 20:23 <DIR> d-------- C:\WINDOWS\Sun
    2008-04-22 19:06 . 2002-04-15 20:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
    2008-04-22 19:06 . 2004-08-03 23:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
    2008-04-22 19:06 . 2004-08-02 13:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
    2008-04-22 19:06 . 2004-08-02 13:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
    2008-04-22 18:41 . 2005-10-20 14:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
    2008-04-22 18:03 . 2006-06-14 00:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2008-04-22 18:03 . 2006-02-14 16:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2008-04-22 18:03 . 2006-06-14 01:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2008-04-22 18:03 . 2004-08-03 22:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2008-04-22 18:03 . 2001-08-17 13:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2008-04-22 18:03 . 2004-08-03 22:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
    2008-04-22 18:03 . 2006-06-14 00:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2008-04-22 18:03 . 2004-08-03 22:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2008-04-22 18:02 . 2008-04-26 14:10 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2008-04-22 18:02 . 2004-08-03 22:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
    2008-04-22 18:02 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-04-22 18:02 . 2001-08-17 12:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2008-04-22 17:59 . 2008-04-22 17:59 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-04-22 17:58 . 2008-04-26 16:03 247 --a------ C:\WINDOWS\system\hpsysdrv.dat
    2008-04-22 17:57 . 2004-08-03 23:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
    2008-04-22 17:57 . 2004-08-03 23:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2008-04-22 17:57 . 2004-08-03 23:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
    2008-04-22 17:57 . 2004-08-03 23:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
    2008-04-22 17:55 . 2007-07-30 18:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
    2008-04-22 17:55 . 2007-07-30 18:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-04-22 17:55 . 2007-07-30 18:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-04-22 17:55 . 2007-07-30 18:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-04-22 17:55 . 2007-07-30 18:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2008-04-22 17:53 . 2008-04-22 17:53 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
    2008-04-22 17:53 . 2007-07-30 18:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
    2008-04-22 17:53 . 2007-07-30 18:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
    2008-04-22 17:53 . 2007-07-30 18:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
    2008-04-22 17:53 . 2004-08-03 13:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2008-04-22 17:53 . 2004-08-03 13:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2008-04-22 17:53 . 2007-07-30 18:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
    2008-04-22 17:51 . 2008-04-22 17:51 <DIR> d--h----- C:\BJPrinter
    2008-04-22 17:51 . 2002-09-05 13:00 87,552 --a------ C:\WINDOWS\system32\CNMLM3m.DLL
    2008-04-22 17:51 . 2002-07-30 01:59 73,728 --a------ C:\WINDOWS\system32\CNMCP3m.exe
    2008-04-22 17:51 . 2002-09-05 13:00 5,632 --a------ C:\WINDOWS\system32\CNMVS3m.DLL
    2008-04-22 17:46 . 2008-04-22 17:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
    2008-04-22 17:46 . 2008-04-22 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-04-22 17:42 . 2008-04-26 13:59 <DIR> dr------- C:\Program Files
    2008-04-22 17:42 . 2008-04-22 17:53 <DIR> dr------- C:\Documents and Settings\All Users\Documents
    2008-04-22 17:39 . 2008-04-26 14:12 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
    2008-04-22 16:33 . 2008-04-22 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-04-22 16:32 . 2008-04-22 16:32 <DIR> d-------- C:\Program Files\Yahoo!
    2008-04-22 16:24 . 2008-04-22 16:24 0 --a------ C:\WINDOWS\nsreg.dat
    2008-04-22 16:18 . 2008-04-22 16:21 3,884 --a------ C:\WINDOWS\viassary-hp.reg
    2008-04-22 16:14 . 2008-04-22 16:14 4,158 -rahs---- C:\WINDOWS\system32\drivers\HP_DQ174A-ABA A410N_YC_Pavi_QMXK349_E41NAheBLU4_4_IMS-6577_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.02_T031031_WXH1_L409_M504_J123_7Intel_8Celeron_92.8_111063044_N10EC8139_P_Z11C1044C_K_A808624C5_U808624C2_G80862562.MRK
    2008-04-22 16:13 . 2003-10-13 21:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
    2008-04-22 16:13 . 2003-10-10 20:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sonic
    2008-04-22 16:13 . 2003-10-10 21:47 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
    2008-04-22 16:13 . 2003-10-13 21:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\interMute
    2008-04-22 16:12 . 2003-10-10 21:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
    2008-04-22 16:12 . 2008-04-25 00:05 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
    2008-04-22 16:10 . 2008-04-22 16:10 <DIR> d-------- C:\Program Files\ArcSoft
    2008-04-22 16:10 . 1995-07-31 12:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
    2008-04-22 16:09 . 2008-04-22 16:09 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2008-04-22 16:09 . 2008-04-22 16:09 <DIR> d-------- C:\Program Files\Multimedia Card Reader
    2008-04-22 16:07 . 2004-08-03 22:07 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys
    2008-04-22 16:06 . 2001-08-17 12:58 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
    2008-04-22 16:05 . 2004-08-03 22:14 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
    2008-04-22 16:05 . 2004-08-03 21:58 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
    2008-04-22 16:04 . 2003-10-10 21:19 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
    2008-04-22 16:04 . 2008-04-22 16:12 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-26 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-23 00:18 --------- d-----w C:\Program Files\Easy Internet signup
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
    "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 08:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04 52736]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 14:51 118784]
    "CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 06:23 90112]
    "HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
    "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:55 483328]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02 61440]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 07:01 110592]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-10 20:58 151597]
    "AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19 53248]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42 212992]
    "VTTimer"="VTTimer.exe" []
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 23:59 70816]
    "LTMSG"="LTMSG.exe" [2003-07-14 16:52 40960 C:\WINDOWS\ltmsg.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]
    "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 19:11 139264]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 17:13 118784]
    "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 15:37 53248]
    "ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-04-19 15:35 77824]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 21:10 15872]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 14:55 155648]

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-13 21:24:52 557056]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 07:20:40 233472]
    Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 03:49:48 57344]
    Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-10 21:26:40 16384]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-23 00:18:22 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
    - C:\Program Files\Easy Internet signup\HPSdpApp.exe
    "2008-04-26 10:57:19 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
    - c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
    "2008-04-25 06:29:47 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-26 16:03:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Unlocker\UnlockerHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-26 16:07:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-27 00:07:31
    ComboFix2.txt 2008-04-25 13:32:45

    Pre-Run: 96,266,366,976 bytes free
    Post-Run: 96,243,855,360 bytes free

    5069 --- E O F --- 2008-04-26 22:11:18
  9. 2008-04-27, 16:29 #9
    Rorschach112
    Rorschach112 is offline
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Looking good

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    Also post a new HijackThis log and tell me how your PC is running
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~
  10. 2008-04-27, 16:32 #10
    slash_tbh
    slash_tbh is offline
    Member
    Join Date
    Apr 2008
    Posts
    47

    Default

    The reason it was so long was because Windows patched me XP SP2 i skipped that. it was the only thing installed since i didn't touch the internet while this was being installed and when i ran hijackthis
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules