Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help


  • Please log in to reply
1 reply to this topic

#1 den82

den82

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 11 January 2008 - 08:42 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.212.5:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = mail.local.h-r-z.hr;192.168.214.10;intranet.h-r-z.hr;intranet.local.h-r-z.hr;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A308F2E7-DFEB-47A3-A2F5-F089D5DD2314} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {AF3E9D68-DA3F-441E-B5E2-8CDEEC52AB90} - C:\WINDOWS\system32\dppsdcdo.dll (file missing)
O2 - BHO: {439f7cd8-f365-3fd9-ec24-79c4768c463d} - {d364c867-4c97-42ce-9df3-563f8dc7f934} - C:\WINDOWS\system32\bmpshovu.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [68bd0eae] rundll32.exe "C:\WINDOWS\system32\dvmssdsa.dll",b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161804475125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161804757187
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.h-r-z.hr
O17 - HKLM\Software\..\Telephony: DomainName = local.h-r-z.hr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local.h-r-z.hr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local.h-r-z.hr
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\Player\__CDS2.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
O20 - Winlogon Notify: opnmljk - C:\WINDOWS\SYSTEM32\opnmljk.dll
O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 8816 bytes
ComboFix 08-01-10.2 - djakopovic 2008-01-11 14:13:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1534 [GMT 1:00]
Running from: F:\nacionalno blago\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\abfwjtkn.ini
C:\WINDOWS\system32\asdssmvd.ini
C:\WINDOWS\system32\bpxxxhod.ini
C:\WINDOWS\system32\cfnljnye.ini
C:\WINDOWS\system32\dshhsjen.ini
C:\WINDOWS\system32\fispnxjy.ini
C:\WINDOWS\system32\fqdfeood.ini
C:\WINDOWS\system32\gdnxownj.ini
C:\WINDOWS\system32\gedjvebf.ini
C:\WINDOWS\system32\hdxvvnxd.ini
C:\WINDOWS\system32\ibmljhxf.ini
C:\WINDOWS\system32\ihtpqvgo.ini
C:\WINDOWS\system32\iixnlqoe.ini
C:\WINDOWS\system32\jennvppl.ini
C:\WINDOWS\system32\jlraspym.ini
C:\WINDOWS\system32\ldnnvttp.ini
C:\WINDOWS\system32\lsyjxehm.ini
C:\WINDOWS\system32\mjlrfsqn.ini
C:\WINDOWS\system32\ohadctch.ini
C:\WINDOWS\system32\poebipqx.ini
C:\WINDOWS\system32\qvahamsq.ini
C:\WINDOWS\system32\ropojwjd.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xkrcmbkm.ini
C:\WINDOWS\system32\yogmwahc.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 14:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-11 10:49 . 2008-01-11 10:49 <DIR> d-------- C:\SAV32CLI
2008-01-10 15:16 . 2008-01-10 15:16 79,424 --a------ C:\WINDOWS\system32\bmpshovu.dll
2008-01-10 15:13 . 2008-01-10 15:13 79,424 --a------ C:\WINDOWS\system32\kubsucwc.dll
2008-01-10 14:13 . 2008-01-10 14:13 79,424 --a------ C:\WINDOWS\system32\ptaexwta.dll
2008-01-10 13:16 . 2008-01-10 13:16 79,424 --a------ C:\WINDOWS\system32\wdqqhtlj.dll
2008-01-10 12:13 . 2008-01-10 12:13 79,424 --a------ C:\WINDOWS\system32\yibxckoh.dll
2008-01-10 11:07 . 2008-01-10 11:07 79,424 --a------ C:\WINDOWS\system32\lbgrkljm.dll
2008-01-10 10:07 . 2008-01-10 10:07 79,424 --a------ C:\WINDOWS\system32\fdqmiaqn.dll
2008-01-10 10:04 . 2008-01-10 10:04 79,424 --a------ C:\WINDOWS\system32\auxgaqkg.dll
2008-01-10 09:06 . 2008-01-10 09:06 79,424 --a------ C:\WINDOWS\system32\jqcvvgyb.dll
2008-01-10 08:07 . 2008-01-10 08:07 79,424 --a------ C:\WINDOWS\system32\bimjrcny.dll
2008-01-09 15:55 . 2008-01-09 15:55 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-09 15:48 . 2008-01-09 15:56 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-09 15:20 . 2008-01-09 15:20 79,936 --a------ C:\WINDOWS\system32\kibvhmdg.dll
2008-01-09 14:20 . 2008-01-09 14:20 79,936 --a------ C:\WINDOWS\system32\ffvxkqsc.dll
2008-01-09 13:20 . 2008-01-09 13:20 79,936 --a------ C:\WINDOWS\system32\nhegmbnk.dll
2008-01-09 12:14 . 2008-01-09 12:14 79,936 --a------ C:\WINDOWS\system32\dxhftyfv.dll
2008-01-09 11:14 . 2008-01-09 11:14 79,936 --a------ C:\WINDOWS\system32\ygrcvlab.dll
2008-01-09 10:14 . 2008-01-09 10:14 79,936 --a------ C:\WINDOWS\system32\lyjqaoll.dll
2008-01-09 09:08 . 2008-01-09 09:08 79,936 --a------ C:\WINDOWS\system32\vfjxfjqe.dll
2008-01-09 08:08 . 2008-01-09 08:08 79,936 --a------ C:\WINDOWS\system32\vnyjvdme.dll
2008-01-08 16:23 . 2008-01-08 16:23 77,888 --a------ C:\WINDOWS\system32\lexeqqud.dll
2008-01-08 16:20 . 2008-01-08 16:20 77,888 --a------ C:\WINDOWS\system32\bfbgcoju.dll
2008-01-08 15:28 . 2008-01-08 15:28 77,888 --a------ C:\WINDOWS\system32\skvmtgmi.dll
2008-01-08 14:22 . 2008-01-08 14:22 77,888 --a------ C:\WINDOWS\system32\gryxjlno.dll
2008-01-08 13:22 . 2008-01-08 13:22 77,888 --a------ C:\WINDOWS\system32\piswsojo.dll
2008-01-08 12:22 . 2008-01-08 12:22 77,888 --a------ C:\WINDOWS\system32\podhsglm.dll
2008-01-08 11:19 . 2008-01-08 11:19 77,888 --a------ C:\WINDOWS\system32\gsfifkan.dll
2008-01-08 10:16 . 2008-01-08 10:16 77,888 --a------ C:\WINDOWS\system32\takoxiow.dll
2008-01-08 09:13 . 2008-01-08 09:13 77,888 --a------ C:\WINDOWS\system32\khxqpawg.dll
2008-01-08 08:10 . 2008-01-08 08:10 77,888 --a------ C:\WINDOWS\system32\ucehadhi.dll
2008-01-07 14:46 . 2008-01-07 14:46 76,864 --a------ C:\WINDOWS\system32\muinimrd.dll
2008-01-07 13:46 . 2008-01-07 13:46 76,864 --a------ C:\WINDOWS\system32\ugfkuoev.dll
2008-01-07 13:37 . 2008-01-07 13:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Autodesk
2008-01-07 12:46 . 2008-01-07 12:46 76,864 --a------ C:\WINDOWS\system32\sgslpafr.dll
2008-01-07 11:15 . 2008-01-07 11:15 76,864 --a------ C:\WINDOWS\system32\varsncbj.dll
2008-01-07 10:12 . 2008-01-07 10:12 76,864 --a------ C:\WINDOWS\system32\mmredrey.dll
2008-01-07 09:15 . 2008-01-07 09:15 76,864 --a------ C:\WINDOWS\system32\ndflvifq.dll
2008-01-07 08:05 . 2008-01-07 08:05 76,864 --a------ C:\WINDOWS\system32\lsyrxiyi.dll
2008-01-07 08:03 . 2008-01-07 08:03 76,864 --a------ C:\WINDOWS\system32\toroluvn.dll
2008-01-04 15:27 . 2008-01-04 15:27 77,376 --a------ C:\WINDOWS\system32\lrivuwhf.dll
2008-01-04 14:21 . 2008-01-04 14:21 77,376 --a------ C:\WINDOWS\system32\covakfse.dll
2008-01-04 13:18 . 2008-01-04 13:18 77,376 --a------ C:\WINDOWS\system32\qarmylti.dll
2008-01-04 11:58 . 2008-01-04 11:58 <DIR> d-------- C:\Documents and Settings\denis\Application Data\Lavasoft
2008-01-04 11:56 . 2008-01-04 11:56 <DIR> d-------- C:\Documents and Settings\denis\Application Data\ATI
2008-01-04 11:55 . 2006-10-25 20:27 <DIR> d---s---- C:\Documents and Settings\denis\UserData
2008-01-04 11:55 . 2006-10-26 06:23 <DIR> d-------- C:\Documents and Settings\denis\Application Data\AdobeUM
2008-01-04 11:15 . 2008-01-04 11:15 77,376 --a------ C:\WINDOWS\system32\xnmuuetu.dll
2008-01-04 10:12 . 2008-01-04 10:12 77,376 --a------ C:\WINDOWS\system32\kqnubqfk.dll
2008-01-04 10:09 . 2008-01-04 10:09 90,176 --a------ C:\WINDOWS\system32\dvmssdsa.dll
2008-01-04 09:09 . 2008-01-04 09:09 77,376 --a------ C:\WINDOWS\system32\wrgliwus.dll
2008-01-04 08:08 . 2008-01-04 08:08 77,376 --a------ C:\WINDOWS\system32\vejnjadq.dll
2008-01-03 16:26 . 2008-01-03 16:26 79,936 --a------ C:\WINDOWS\system32\hxdpkrvx.dll
2008-01-03 15:23 . 2008-01-03 15:23 79,936 --a------ C:\WINDOWS\system32\bspqmpgo.dll
2008-01-03 15:20 . 2008-01-03 15:20 79,936 --a------ C:\WINDOWS\system32\wfpdmbng.dll
2008-01-03 14:52 . 2008-01-03 14:55 <DIR> d-------- C:\pebuilder3110
2008-01-03 14:20 . 2008-01-03 14:20 79,936 --a------ C:\WINDOWS\system32\jltjatsm.dll
2008-01-03 13:20 . 2008-01-03 13:20 79,936 --a------ C:\WINDOWS\system32\uxqclxfe.dll
2008-01-03 12:17 . 2008-01-03 12:17 79,936 --a------ C:\WINDOWS\system32\jebfggtf.dll
2008-01-03 11:17 . 2008-01-03 11:17 79,936 --a------ C:\WINDOWS\system32\hbkuewrb.dll
2008-01-03 10:14 . 2008-01-03 10:14 79,936 --a------ C:\WINDOWS\system32\hgskembk.dll
2008-01-03 09:11 . 2008-01-03 09:11 79,936 --a------ C:\WINDOWS\system32\xxxgqysh.dll
2008-01-03 08:11 . 2008-01-03 08:11 79,936 --a------ C:\WINDOWS\system32\hsknbijr.dll
2008-01-02 15:25 . 2008-01-02 15:25 78,400 --a------ C:\WINDOWS\system32\tivgbvae.dll
2008-01-02 14:21 . 2008-01-02 14:21 78,400 --a------ C:\WINDOWS\system32\eqqyhkth.dll
2008-01-02 13:15 . 2008-01-02 13:15 78,400 --a------ C:\WINDOWS\system32\parpnehn.dll
2008-01-02 13:12 . 2008-01-02 13:12 78,400 --a------ C:\WINDOWS\system32\mwdujwcg.dll
2008-01-02 12:13 . 2008-01-02 12:13 78,400 --a------ C:\WINDOWS\system32\gejdeqhg.dll
2008-01-02 12:10 . 2008-01-02 12:10 78,400 --a------ C:\WINDOWS\system32\bdjlhqwl.dll
2008-01-02 11:50 . 2008-01-02 11:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FastStone
2008-01-02 11:10 . 2008-01-02 11:10 78,400 --a------ C:\WINDOWS\system32\ghcaibiq.dll
2008-01-02 11:07 . 2008-01-02 11:07 78,400 --a------ C:\WINDOWS\system32\sohwhepu.dll
2008-01-02 10:11 . 2008-01-02 10:11 78,400 --a------ C:\WINDOWS\system32\mvhbhlhb.dll
2008-01-02 09:11 . 2008-01-02 09:11 78,400 --a------ C:\WINDOWS\system32\yhlscujy.dll
2008-01-02 08:08 . 2008-01-02 08:08 78,400 --a------ C:\WINDOWS\system32\mlwuecjb.dll
2007-12-19 13:47 . 2007-12-19 13:49 <DIR> d-------- C:\Program Files\AutoCAD LT 2008
2007-12-19 13:45 . 2007-12-19 13:45 <DIR> d-------- C:\Program Files\Autodesk
2007-12-19 11:01 . 2007-08-21 19:46 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-12-19 10:53 . 2007-12-19 10:53 <DIR> d-------- C:\Program Files\TinyPDF
2007-12-18 15:35 . 2007-12-18 15:35 40,448 --a------ C:\WINDOWS\system32\opnmljk.dll
2007-12-18 14:39 . 2007-12-18 14:40 <DIR> d-------- C:\Program Files\New Folder
2007-12-18 12:33 . 2007-12-18 12:33 <DIR> d-------- C:\Program Files\Trymedia
2007-12-18 12:32 . 2007-12-18 12:33 <DIR> d-------- C:\Downloads
2007-12-17 11:02 . 2007-12-17 11:05 <DIR> d-------- C:\Program Files\Super Mario Blue Twilight DX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 07:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-09 09:24 --------- d-----w C:\Documents and Settings\djakopovic\Application Data\Wildfire
2008-01-09 08:01 --------- d-----w C:\Program Files\OPENXTRA
2008-01-07 12:25 --------- d-----w C:\Documents and Settings\djakopovic\Application Data\Autodesk
2008-01-07 12:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-12-19 12:48 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-28 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-16 08:54 39,488 ----a-w C:\WINDOWS\system32\drivers\Pcouffin.sys
2007-11-16 08:54 --------- d-----w C:\Program Files\CloneDVD
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 07:12 --------- d-----w C:\Program Files\Sophos
2007-11-13 07:12 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-11-13 07:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sophos
2007-11-13 07:11 33,408 ----a-w C:\WINDOWS\system32\drivers\savonaccessfilter.sys
2007-11-13 07:11 101,120 ----a-w C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2007-07-26 11:36 22,328 ----a-w C:\Documents and Settings\djakopovic\Application Data\PnkBstrK.sys
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-02-20 11:50 8,456 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A308F2E7-DFEB-47A3-A2F5-F089D5DD2314}]
C:\WINDOWS\system32\pmkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF3E9D68-DA3F-441E-B5E2-8CDEEC52AB90}]
C:\WINDOWS\system32\dppsdcdo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d364c867-4c97-42ce-9df3-563f8dc7f934}]
2008-01-10 15:16 79424 --a------ C:\WINDOWS\system32\bmpshovu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-27 16:17 8740864]
"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe" [2004-12-16 23:38 290816]
"68bd0eae"="C:\WINDOWS\system32\dvmssdsa.dll" [2008-01-04 10:09 90176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
"RunLogonScriptSync"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]
C:\WINDOWS\system32\awtqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmljk]
opnmljk.dll 2007-12-18 15:35 40448 C:\WINDOWS\system32\opnmljk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=C:\WINDOWS\pss\AutoUpdate Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Commander.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Commander.lnk
backup=C:\WINDOWS\pss\Commander.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
C:\WINDOWS\system32\bynalkon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"DllRunning"=rundll32.exe "C:\WINDOWS\system32\cchnfyji.dll",setvm
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"

R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-11-13 08:11]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-11-13 08:11]
R2 AcuWVSScheduler;Acunetix WVS Scheduler;C:\Program Files\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe [2007-01-29 10:05]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
S3 1f0eaeb6-6d86-4378-aff9-df1602b50685;1f0eaeb6-6d86-4378-aff9-df1602b50685;E:\Player\cds300.dll []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33278bde-7e1b-11dc-a349-001676db180a}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{378a92fe-8ed9-11db-b7ae-806d6172696f}]
\Shell\AutoRun\command - E:\SETUP.EXE

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 16:16:19 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 14:20:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"C:\Program Files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
Completion time: 2008-01-11 14:23:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 13:23:04
.
2008-01-09 14:58:05 --- E O F ---

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:00 AM

Posted 11 January 2008 - 08:45 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do not run a scan just yet. We will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.
    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware scan report along with a new combofix log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users