Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantispyware 2007 Popup


  • Please log in to reply
3 replies to this topic

#1 Blond

Blond

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 08 October 2007 - 04:21 AM

Hello friends.

Im new here and asking you for Help
Here is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:42, on 8.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RaConfig2500.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HjtNew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.najdi.si/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6B40EC6B-2DB3-4554-93AC-0EC37555CF0B} - C:\WINDOWS\system32\qopno.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RaConfig2500.EXE] RaConfig2500.EXE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ovhryldw.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 5271 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 08 October 2007 - 08:33 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Blond :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Blond

Blond
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 09 October 2007 - 06:40 AM

Hello and thanks for reply.

I have deleted previus Combofix and downloaded that from your link.
Saved it to desktop and started

Here is Combofix LOG
ComboFix 07-10-09.3 - Primoz 2007-10-09 13:15:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.110 [GMT 2:00]
Running from: C:\Documents and Settings\Primoz\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\deahsein.dll
C:\WINDOWS\system32\dmiqeohv.ini
C:\WINDOWS\system32\ffwxjjct.dll
C:\WINDOWS\system32\ihplpltt.ini
C:\WINDOWS\system32\iurfiisk.ini
C:\WINDOWS\system32\jclrlxau.dll
C:\WINDOWS\system32\ksiifrui.dll
C:\WINDOWS\system32\mqqhvapt.dll
C:\WINDOWS\system32\nieshaed.ini
C:\WINDOWS\system32\odvltnqs.ini
C:\WINDOWS\system32\onpoq.bak1
C:\WINDOWS\system32\onpoq.bak1
C:\WINDOWS\system32\onpoq.bak2
C:\WINDOWS\system32\onpoq.bak2
C:\WINDOWS\system32\onpoq.ini
C:\WINDOWS\system32\onpoq.ini
C:\WINDOWS\system32\onpoq.ini2
C:\WINDOWS\system32\onpoq.ini2
C:\WINDOWS\system32\onpoq.tmp
C:\WINDOWS\system32\onpoq.tmp
C:\WINDOWS\system32\qjtebkdw.ini
C:\WINDOWS\system32\sqntlvdo.dll
C:\WINDOWS\system32\tcjjxwff.ini
C:\WINDOWS\system32\tpavhqqm.ini
C:\WINDOWS\system32\ttlplphi.dll
C:\WINDOWS\system32\uaxlrlcj.ini
C:\WINDOWS\system32\umswjqnx.ini
C:\WINDOWS\system32\uqxcmpdy.dll
C:\WINDOWS\system32\vhoeqimd.dll
C:\WINDOWS\system32\vwvoogay.ini
C:\WINDOWS\system32\wdkbetjq.dll
C:\WINDOWS\system32\xnqjwsmu.dll
C:\WINDOWS\system32\yagoovwv.dll
C:\WINDOWS\system32\ydpmcxqu.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 13:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 09:26 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-08 21:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-08 21:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-08 21:16 <DIR> d-------- C:\Documents and Settings\Primoz\Application Data\SUPERAntiSpyware.com
2007-10-08 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-08 21:13 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-10-08 21:07 <DIR> d-------- C:\VundoFix Backups
2007-10-08 13:52 <DIR> d-------- C:\Program Files\InCode Solutions
2007-10-07 21:39 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-10-07 21:37 <DIR> d-------- C:\WINDOWS\Drivers
2007-10-07 21:37 <DIR> d-------- C:\Program Files\WLAN 802.11g Cardbus Utility
2007-10-07 20:59 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-10-07 20:59 <DIR> d-------- C:\Program Files\Belkin Corporation
2007-10-07 20:59 168,448 --a------ C:\WINDOWS\system32\drivers\Bel6020.sys
2007-10-07 20:59 151,552 --a------ C:\WINDOWS\system32\RtlLib.dll
2007-10-07 20:59 143,360 --a------ C:\WINDOWS\system32\IpLib.dll
2007-10-07 20:59 13,532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys
2007-10-07 20:59 8,849 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2007-10-05 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-05 13:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-04 09:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-04 08:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-03 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-03 17:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-03 17:13 <DIR> d-------- C:\TEMP\Crack
2007-10-03 10:06 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-03 10:06 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-03 10:03 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-10-03 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-03 10:02 3,829,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-03 10:02 161,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-03 09:55 <DIR> d-------- C:\kav
2007-10-02 20:44 191,488 --a------ C:\TEMP\UnRAR.exe
2007-10-02 20:08 <DIR> dr-hs---- C:\Volume Information
2007-10-02 20:06 <DIR> d-------- C:\WINDOWS\Instant Lock
2007-10-02 20:06 <DIR> d-------- C:\Program Files\Instant Lock
2007-10-02 16:21 <DIR> d---s---- C:\Documents and Settings\Primoz\UserData
2007-10-02 14:50 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-02 14:39 <DIR> d-------- C:\Program Files\GiPo@Utilities
2007-10-02 14:39 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
2007-10-01 22:49 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-10-01 22:47 <DIR> d-------- C:\WINDOWS\ShellNew
2007-09-30 19:31 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-30 16:47 <DIR> d-------- C:\Program Files\TIS 2007
2007-09-30 16:44 <DIR> d-------- C:\Program Files\1hxh
2007-09-30 16:32 <DIR> d-------- C:\Program Files\PIRS 2007
2007-09-30 16:30 <DIR> d-------- C:\Documents and Settings\Primoz\Application Data\InstallShield
2007-09-30 16:07 <DIR> d-------- C:\TEMP
2007-09-29 22:58 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-29 22:58 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-09-29 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-29 21:14 <DIR> d-------- C:\Program Files\WinISO
2007-09-29 19:24 <DIR> d-------- C:\Program Files\Synaptics
2007-09-29 19:24 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-09-29 19:24 239,056 -ra------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-09-29 19:24 110,592 -ra------ C:\WINDOWS\system32\SynTPAPI.dll
2007-09-29 19:24 77,824 -ra------ C:\WINDOWS\system32\SynTPCoI.dll
2007-09-29 19:24 65,536 -ra------ C:\WINDOWS\system32\SynTPFcs.dll
2007-09-29 16:53 <DIR> d-------- C:\Documents and Settings\Primoz\Contacts
2007-09-29 16:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-29 16:52 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-29 16:38 <DIR> d-------- C:\Documents and Settings\Primoz\Application Data\BitTorrent
2007-09-29 16:37 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-09-29 16:37 <DIR> d-------- C:\Program Files\BitTorrent
2007-09-29 16:37 <DIR> d-------- C:\Documents and Settings\Primoz\Application Data\BitTorrent DNA
2007-09-29 16:36 <DIR> d-------- C:\DL Programi
2007-09-29 16:01 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-29 16:01 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-29 16:00 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-09-29 16:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-09-29 16:00 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-09-29 16:00 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-09-29 16:00 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-09-29 16:00 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-09-29 16:00 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 11:24 52,196 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-09 11:24 17,216 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-07 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-07 18:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-29 12:23 --------- d-----w C:\Program Files\microsoft frontpage
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FE7FD9D-4624-46EE-8103-4A85E3FB2B74}]
C:\WINDOWS\system32\qopno.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2001-08-03 05:52]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2001-08-03 05:51]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]
"RaConfig2500.EXE"="RaConfig2500.EXE" [2004-03-26 16:10 C:\WINDOWS\system32\RaConfig2500.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-29 16:37]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b477f460-cbce-11df-9c23-0090961d5fd8}]
AutoRun\command - TrueCrypt\TrueCrypt.exe
dismount\command - TrueCrypt\TrueCrypt.exe /q /d
start\command - TrueCrypt\TrueCrypt.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 13:27:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 13:35:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 13:35
.
--- E O F ---



And new Hijackthis LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:08, on 9.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RaConfig2500.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HjtNew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.najdi.si/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5FE7FD9D-4624-46EE-8103-4A85E3FB2B74} - C:\WINDOWS\system32\qopno.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RaConfig2500.EXE] RaConfig2500.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 5765 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 09 October 2007 - 11:17 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {5FE7FD9D-4624-46EE-8103-4A85E3FB2B74} - C:\WINDOWS\system32\qopno.dll (file missing)

Your log is clean :thumbsup:
If all's ok,please do the following:

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.


Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found in the link below,to help you prevent any possible future infections:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users