Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryp-tap-2 Infection


  • Please log in to reply
2 replies to this topic

#1 lorenzo76

lorenzo76

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 17 March 2008 - 11:07 AM

My pc seems to be affected by the cryp_tap-2 virus as indicated by my Trend Micro Office Scan antivirus.
The virus has infected some .dll files in the Windows\system32 folder.And the antivirus is unable to clean or delete the files.So i decided to try with several programs without success.
My pc is running much slower than normal & continuously get the following strange problems:

1.There always seems to be a iexplore.exe process running in the task manager. It closes when i end it but it returns back afer sometime.

2.And i also get this Visual C++ runtime error indicating about some buffer overrun which has corrupted explorer.exe....and the explorer stops.

Hopin for a quick reply!!!!


Below is the hijackthis log file for my system:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:59 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\mudspecialist\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.enirepsa.com/exchweb/bin/auth/...e/&reason=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.zajil.net:8080
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\tuvutqo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {b467b7ca-4023-7c08-2f64-352457e9352d} - {d2539e75-4253-46f2-80c7-3204ac7b764b} - C:\WINDOWS\system32\utfpbtct.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HAZON CLIC] C:\Program Files\Garzanti Linguistica\Hazon Clic\Hazon.exe -I
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [8013987e] rundll32.exe "C:\WINDOWS\system32\blkgsmpn.dll",b
O4 - HKLM\..\Run: [BM8320abe2] Rundll32.exe "C:\WINDOWS\system32\cyldannv.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [i-Handbook] C:\Program Files\Schlumberger\i-Handbook\i-Handbook.exe /i
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://tww.eni.it/ENI/apps/user/_metaframe...ents/wficat.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173352359109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177904943015
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EniRepSa.com
O17 - HKLM\Software\..\Telephony: DomainName = EniRepSa.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{777F4B70-8F5A-412D-A81D-7B3C049BDC60}: NameServer = 212.93.192.4,212.93.192.5
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EniRepSa.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EniRepSa.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvutqo - tuvutqo.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 8604 bytes

I read a lot of forum and I tryed to download Combofix. I followed all the istructions and I installed Windows Recovery Console.
I updated Java.

Followed I post the log file:

ComboFix 08-03-14.4 - Mudspecialist 2008-03-17 17:58:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.548 [GMT 3:00]
Running from: C:\Documents and Settings\mudspecialist\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-17 16:53 . 2008-03-17 16:53 <DIR> d--hs---- C:\System Recovery
2008-03-17 15:57 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-17 15:55 . 2008-03-17 15:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-17 15:49 . 2008-03-17 15:49 94,272 --a------ C:\WINDOWS\system32\blkgsmpn.dll
2008-03-16 20:22 . 2008-03-16 20:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 20:22 . 2008-03-16 20:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-16 18:35 . 2008-03-16 18:35 <DIR> d-------- C:\Documents and Settings\mudspecialist\Application Data\Comodo
2008-03-16 18:27 . 2008-03-16 20:08 <DIR> d-------- C:\Program Files\Comodo
2008-03-16 18:27 . 2007-03-08 14:26 211 --a------ C:\boot.ini.comodofirewall
2008-03-16 08:09 . 2008-03-16 08:09 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-15 18:43 . 2008-03-15 18:46 1,366,793 --ahs---- C:\WINDOWS\system32\npmsgklb.ini
2008-03-15 18:41 . 2008-03-15 18:41 63 --a------ C:\WINDOWS\system32\80138af0
2008-03-15 18:37 . 2008-03-15 18:37 2 --a------ C:\-2146199343
2008-03-15 18:36 . 2008-03-15 18:36 58,368 --a------ C:\onhtp.exe
2008-03-15 18:36 . 2008-03-15 18:36 14,848 --a------ C:\cysdos.exe
2008-03-11 21:26 . 2008-03-11 21:26 333 --a------ C:\WINDOWS\ECAutodiagnosi.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 12:57 --------- d-----w C:\Program Files\Java
2008-03-17 07:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-17 07:14 --------- d-----w C:\Documents and Settings\mudspecialist\Application Data\AVG7
2008-03-16 17:13 --------- d-----w C:\Program Files\Compaq
2008-03-16 06:03 --------- d-----w C:\Documents and Settings\mudspecialist\Application Data\Skype
2008-03-16 06:02 --------- d-----w C:\Documents and Settings\mudspecialist\Application Data\skypePM
2008-02-29 11:13 --------- d-----w C:\Program Files\Creative
2008-02-28 09:12 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-28 07:49 --------- d-----w C:\Program Files\Common Files\logishrd
2008-02-28 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-02-25 08:33 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-17 21:25 --------- d-----w C:\Program Files\DVDx
2008-02-11 13:35 --------- d-----w C:\Program Files\RheoTest
2008-01-29 19:53 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-11-23 18:07 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70AB0A8B-8A8A-496F-A339-4CD2F3352991}]
C:\WINDOWS\system32\tuvutqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2539e75-4253-46f2-80c7-3204ac7b764b}]
C:\WINDOWS\system32\utfpbtct.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i-Handbook"="C:\Program Files\Schlumberger\i-Handbook\i-Handbook.exe" [2006-05-24 09:56 9687040]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 16:48 98304]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 16:50 86016]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 16:47 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 20:26 16250880 C:\WINDOWS\RTHDCPL.exe]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2006-07-14 18:43 279576]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 23:01 525824]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 22:50 1138688]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-04-01 00:44 761856]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-04-24 20:42 888832]
"LayoutM"="KLayMgr.exe" [2004-08-17 06:46 45056 C:\WINDOWS\KLayMgr.exe]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2004-07-06 21:11 335872]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 10:00 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"HAZON CLIC"="C:\Program Files\Garzanti Linguistica\Hazon Clic\Hazon.exe" [2003-08-04 15:47 643072]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 19:44 20480]
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 20:01 32768]
"8013987e"="C:\WINDOWS\system32\blkgsmpn.dll" [2008-03-17 15:49 94272]
"BM8320abe2"="C:\WINDOWS\system32\cyldannv.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 09:59 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{70AB0A8B-8A8A-496F-A339-4CD2F3352991}"= C:\WINDOWS\system32\tuvutqo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvutqo]
tuvutqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2006-07-14 18:43]
R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 08:58]
R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 11:00]
R3 VirtDisk;XSS Virtual Disk Driver;C:\WINDOWS\SMINST\VirtDisk.sys [2006-05-06 02:34]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 13:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a6ed2d1-5d02-11dc-8769-000ffe6f555e}]
\Shell\AutoRun\command - H:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b269b5ca-e6ca-11dc-87a0-000ffe6f555e}]
\Shell\Auto\command - adp.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

*Newly Created Service* - SWPRV
*Newly Created Service* - VIRTDISK
*Newly Created Service* - VSS
.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 03:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 18:02:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pzqlp]
"ImagePath"="\??\C:\WINDOWS\Help\pzqlp.chm"
.
Completion time: 2008-03-17 18:04:34
.
2008-03-13 00:01:31 --- E O F ---

Please halp me

Lorenzo

BC AdBot (Login to Remove)

 


#2 lorenzo76

lorenzo76
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 18 March 2008 - 12:15 AM

Can nobody help me? :thumbsup:

please!!!!!! I am becoming crazy :blink:

Edited by lorenzo76, 18 March 2008 - 12:16 AM.


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 06 April 2008 - 05:56 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users