Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Infected


  • Please log in to reply
3 replies to this topic

#1 amazinggrace

amazinggrace

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 09 January 2008 - 09:27 AM

Please Help!
Thanks,
Gracie









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:23 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [28fb7642] rundll32.exe "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cgcjeuxv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\ICROSO~1.NET\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe

--
End of file - 7958 bytes

BC AdBot (Login to Remove)

 


#2 amazinggrace

amazinggrace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 09 January 2008 - 12:38 PM

I finally got DP reloaded and this was the result of the scan


C:\WINDOWS\system32\fsjxnmxe.exe is a Trojan-Downloader
fsjxmxe.exe\fsjxnmxe.exe object could not be disimfected
C:\WINDOWS\system32\fsjxnmxe.exe object could not be disinfected
C:\WINDOWS\SYSTEM32\FSJXNMXE.EXE is a Trojan-Downloader
HKEY_LOCAL_MACHINE\SYSTEM\CurrentContorlSet\Srevices\Do...is infected with a virus S...
C:\WINDOWS\SYSTEM32\FSJXNMXE.EXE object could not be disinfected
HKEY-LOCAL-MACHINE\SYSTEM\CurrentSet\Services\Do... object could not be didinfected

#3 amazinggrace

amazinggrace
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 09 January 2008 - 02:15 PM

Ran ComboFix

Results

ComboFix 08-01-09.2 - HP_Owner 2008-01-09 12:22:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.52 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\mantec~1
C:\Program Files\icroso~1.net
C:\Program Files\icroso~1.net\??sks\
C:\Program Files\outerinfo
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive8.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\akwchylt.dll
C:\WINDOWS\system32\bnmgkivf.ini
C:\WINDOWS\system32\dgnkamks.ini
C:\WINDOWS\system32\gkdfqrdd.dll
C:\WINDOWS\system32\gkdhkiqv.ini
C:\WINDOWS\system32\hkgghowh.dll
C:\WINDOWS\system32\ltowhngs.ini
C:\WINDOWS\system32\mdpefjrj.dll
C:\WINDOWS\system32\ofkpiqei.ini
C:\WINDOWS\system32\qfjloxtd.ini
C:\WINDOWS\system32\qosliedv.dll
C:\WINDOWS\system32\qregtoar.ini
C:\WINDOWS\system32\qttknxac.ini
C:\WINDOWS\system32\rothrwji.ini
C:\WINDOWS\system32\skmakngd.dll
C:\WINDOWS\system32\tlyhcwka.ini
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ualhdpwh.ini
C:\WINDOWS\system32\ubhqvite.ini
C:\WINDOWS\system32\ufwkopti.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\wcmpvgmp.dll
C:\WINDOWS\system32\wintsvcc32.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-09 12:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 09:26 . 2008-01-09 11:12 3,120 --a------ C:\WINDOWS\system32\HAF9SE8J.ocx
2008-01-09 09:26 . 2008-01-09 11:12 3,120 --a------ C:\WINDOWS\D9H7ADHB.ocx
2008-01-09 09:23 . 2008-01-09 10:48 <DIR> d-------- C:\Program Files\Defender Pro Anti Spam
2008-01-09 09:21 . 2008-01-09 09:21 <DIR> d-------- C:\Program Files\Defender Pro
2008-01-09 09:21 . 2008-01-09 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Defender Pro Anti-Virus
2008-01-09 09:01 . 2008-01-09 09:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-09 08:59 . 2008-01-09 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 08:59 . 2008-01-09 09:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-08 15:36 . 2008-01-08 19:35 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-08 15:36 . 2008-01-08 17:17 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 15:36 . 2008-01-08 17:17 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 15:36 . 2008-01-08 17:17 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 12:40 . 2008-01-08 12:40 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-08 09:31 . 2008-01-08 09:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-08 09:23 . 2008-01-08 21:19 <DIR> d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-01-08 08:29 . 2005-11-10 12:54 402,944 -ra------ C:\WINDOWS\system32\drivers\BLKWGU.sys
2008-01-08 08:07 . 2008-01-08 08:07 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-08 08:05 . 2008-01-08 08:05 <DIR> d-------- C:\Program Files\Belkin
2008-01-06 22:03 . 2008-01-06 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-06 21:50 . 2008-01-06 21:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 21:16 . 2008-01-06 21:16 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\PCToolsFirewallPlus
2008-01-06 21:06 . 2008-01-06 21:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-06 21:00 . 2008-01-09 13:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-06 20:54 . 2008-01-08 07:25 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-01-06 20:54 . 2008-01-06 20:54 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-01-06 20:54 . 2007-11-09 16:00 209,816 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-01-06 20:54 . 2007-11-02 09:15 120,832 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2008-01-06 20:54 . 2007-11-09 16:00 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys
2008-01-06 20:54 . 2007-11-09 16:00 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys
2008-01-06 20:52 . 2008-01-06 21:33 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-06 20:52 . 2008-01-06 21:33 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-06 20:52 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-06 20:52 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-06 20:51 . 2008-01-08 19:39 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-06 20:51 . 2008-01-06 20:51 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
2008-01-06 20:51 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-06 19:58 . 2008-01-08 19:36 <DIR> d-------- C:\Program Files\RcvSystem
2008-01-06 19:17 . 2008-01-06 19:17 75,840 --a------ C:\WINDOWS\system32\csnnwcku.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 18:38 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-08 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 18:37 --------- d-----w C:\Program Files\Google
2007-12-04 03:09 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
2007-12-04 02:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-04 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-04 02:19 --------- d-----w C:\Program Files\Yahoo!
2007-11-21 06:45 --------- d-----w C:\Program Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{371109A7-5258-4839-B1B5-AF16D1A6C911}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{773819cb-fa39-47ee-92f2-c5860ee00b4f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 03:40 218032]
"Srro"="C:\PROGRA~1\ICROSO~1.NET\csrss.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 20:05 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 03:40 218032]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-11 22:08 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-28 11:17 180269]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-11-09 16:00 2598808]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"28fb7642"="C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cgcjeuxv.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkifg]
qomkifg.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28fb7642]
C:\WINDOWS\system32\skmakngd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ahjflla]
C:\Program Files\Common Files\??mantec\d?xplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 19:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 19:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule10]
C:\Program Files\QdrModule\QdrModule10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
C:\Program Files\QdrPack\QdrPack11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-15 20:05 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 12:59:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1240

**************************************************************************
.
Completion time: 2008-01-09 13:11:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 19:10:09
.
2008-01-09 16:33:40 --- E O F ---

#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:05 PM

Posted 24 January 2008 - 12:44 PM

Hello amazinggrace and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. Running ComboFix without guided help is not suggested as you can seriously harm your pc if you use this tool incorrectly.

If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.
Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users