Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help With Infection


  • Please log in to reply
5 replies to this topic

#1 jccgdc

jccgdc

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 30 August 2007 - 12:43 PM

I have a Windows 2000 system running IE 6. There appears to be an iSearch spyware latched into the registry that Spybot and Spyware X-terminator have been unable to remove. Here is the HijackThis log run today:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:16 PM, on 8/29/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
C:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\NetMeeting\hoxyn22011.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\winzip32.exe
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: 0 - {A9B3AC51-5A2C-4C30-5A86-6D1D28C4A5CE} - C:\Program Files\microsoft frontpage\lacurykyb241.dll
O2 - BHO: (no name) - {B698D00D-3752-4390-8058-50D1357995D2} - C:\WINNT\System32\fcflbfa.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [{DC-CC-CE-E2-ZN}] C:\WINNT\system32\dwdsrngt.exe CHD003
O4 - HKLM\..\Run: [hoxyn] C:\Program Files\NetMeeting\hoxyn22011.exe
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/20222/adh1_sexarea.exe
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx
O20 - AppInit_DLLs: c:\winnt\system32\d3dg.dll
O21 - SSODL: systemie - {0F8DC522-3C81-4BBC-B9A5-9E8DA518CD23} - systemie.dll (file missing)
O21 - SSODL: systemp - {28910C69-CFCB-46C8-8F48-45F1EDB0C25A} - systemp.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleDBConsoleprojemp - Oracle Corporation - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServicePROJEMP - Oracle Corporation - c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\microsoft frontpage\prolygudiz.html

--
End of file - 4547 bytes

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 30 August 2007 - 04:25 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jccgdc :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

First of all you've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/


I also see no signs of a firewall which you really do need.
If indeed you do require a firewall then download\install one of the following freeware choices:

Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

You may want to read the following.
Understanding and Using Firewalls:
http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/


Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 jccgdc

jccgdc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 30 August 2007 - 06:47 PM

Thank you. Here is the ComboFix log:



ComboFix 07-08-30.3 - "Administrator" 08/30/2007 3:54:16.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.67 [GMT -7:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\microsoft frontpage\lacurykyb.dll
C:\Program Files\microsoft frontpage\lacurykyb571.dll
C:\Program Files\NetMeeting\hoxyn22011.exe
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\setup.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINNT\b122.exe
C:\WINNT\DOWNLO~1.\xpreload.ocx
C:\WINNT\system32\f02WtR
C:\WINNT\system32\lwinomdt.exe
C:\WINNT\tk58.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-30 )))))))))))))))))))))))))))))))


2007-08-30 03:53 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-30 02:13 499,712 --a------ C:\WINNT\system32\msvcp71.dll
2007-08-30 02:13 348,160 --a------ C:\WINNT\system32\msvcr71.dll
2007-08-30 02:13 26,944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-08-30 02:10 13,714,856 --a------ C:\zlsSetup_65_737_000_en.exe
2007-08-30 02:09 2,617,008 --a------ C:\OutpostInstall.exe
2007-08-30 02:09 19,755,560 --a------ C:\avg75free_446a965.exe
2007-08-30 02:09 1,467,462 --a------ C:\ComboFix.exe
2007-08-29 21:35 <DIR> d-------- C:\HijackThis
2007-08-29 20:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-29 20:34 5,037,072 --a------ C:\spybotsd14.exe
2007-08-29 20:34 1,709,032 --a------ C:\spybotsd_includes.exe
2007-08-29 03:23 201 --a------ C:\DeleteAtReboot.bat
2007-08-29 03:16 <DIR> d--hs---- C:\WINNT\Sm9obiBDb253YXk
2007-08-29 03:15 <DIR> d-------- C:\WINNT\system32\drvr2
2007-08-29 03:15 <DIR> d-------- C:\WINNT\system32\cfig32
2007-08-29 03:15 <DIR> d-------- C:\WINNT\system32\capcom


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-08-30 03:57 --------- d-------- C:\Program Files\microsoft frontpage
07-06-28 14:36 401720 --a------ C:\HijackThis.exe
07-06-20 09:37 18149584 --a------ C:\aaw2007.exe
07-06-03 12:15 17131232 --a------ C:\3600_enu_win2k_xp.exe
03-05-29 12:32 271 ---h----- C:\Program Files\desktop.ini
03-05-29 12:32 21952 ---h----- C:\Program Files\folder.htt
00-07-26 05:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPMemCheck"="C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe" [04-04-02 15:11 ]
"Spyware X-terminator Control Center"="C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe" [04-03-31 12:24 ]
"CookiePatrol"="C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe" [05-01-10 09:35 ]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [03-10-23 19:51 ]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [03-06-25 11:24 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-08-30 02:12 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R2 tcaicchg;tcaicchg;\??\C:\WINNT\System32\tcaicchg.sys
R2 TCAITDI;TCAITDI Protocol;C:\WINNT\system32\DRIVERS\TCAITDI.sys
R3 cwcspud3;Crystal SoundFusion™ SPuD3 Driver;C:\WINNT\system32\drivers\cwcspud3.sys
R3 EL556;3Com 10/100 Mini PCI Ethernet Adapter NDIS5 Driver;C:\WINNT\system32\DRIVERS\EL556ND5.sys
R3 S3GSavageMX;S3GSavageMX;C:\WINNT\system32\DRIVERS\s3gsavm.sys
R3 WDHAIBF;WDHAIBFMiniPCI Winmodem;C:\WINNT\system32\DRIVERS\WDHAIBF.sys
S2 OracleDBConsoleprojemp;OracleDBConsoleprojemp;C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
S2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINNT\system32\DRIVERS\loop.sys
S3 OracleServicePROJEMP;OracleServicePROJEMP;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE PROJEMP
S4 OracleJobSchedulerPROJEMP;OracleJobSchedulerPROJEMP;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe PROJEMP


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-30 04:02:04
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-30 4:05:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-30 04:04

--- E O F ---

==================================================================


And here is the HJT LOG:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:58 AM, on 8/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
O4 - HKLM\..\Run: [Spyware X-terminator Control Center] C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleDBConsoleprojemp - Oracle Corporation - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServicePROJEMP - Oracle Corporation - c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE

--
End of file - 3858 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 30 August 2007 - 07:09 PM

Your log is clean,hows your pc running now.
Posted Image
Posted Image

#5 jccgdc

jccgdc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 31 August 2007 - 08:12 AM

It is running well. Thank you for your help. :thumbsup:

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 31 August 2007 - 08:36 AM

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktopPosted Image
You'll see a black screen flash,thats normal.

@echo off
sc stop hpdj
sc delete hpdj

Restart your pc.

Have Hijack This fix the following [if present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe (file missing)

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\Qoobox

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users