Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Combofix Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 dynamo

dynamo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 28 March 2008 - 08:50 AM

Hi there,

My Pc is infected with some spyware or malware.
Every time I turn the PC on a writting appears on the desktop : Warning: Spyware threat has been detected on your PC. Your PC has several fatal errors due to spyware activity.
Click here to scan your PC for spyware.
Also several popup windows and window security message.
Could you please check my combofix log file and advise me what action to take.
ComboFix 08-03-26.3 - George Aristidhi 2008-03-28 23:59:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.619 [GMT 11:00]
Running from: C:\Documents and Settings\George Aristidhi\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\companion wizard
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\sIJ2vt1Yk5wp.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\_000228_.tmp.dll
C:\WINDOWS\system32\CcEvtSvc.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTSVC
-------\Service_CcEvtSvc


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-29 00:03 . 2008-03-29 00:03 <DIR> d-------- C:\WINDOWS\PerfInfo
2008-03-28 09:51 . 2008-03-28 09:51 90,540 --a------ C:\Documents and Settings\LocalService\Application Data\1091120617.exe
2008-03-26 23:51 . 2008-03-27 00:01 <DIR> d-------- C:\hijeck
2008-03-26 10:31 . 2008-03-26 10:31 <DIR> d-------- C:\WINDOWS\FLEOK
2008-03-26 10:31 . 2008-03-26 10:31 <DIR> d-------- C:\Program Files\zango
2008-03-26 10:31 . 2008-03-26 10:31 <DIR> d-------- C:\Program Files\180solutions
2008-03-26 10:31 . 2008-03-26 10:31 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-26 09:51 . 2008-03-26 09:51 151,552 --a------ C:\Documents and Settings\LocalService\Application Data\951192718.exe
2008-03-26 09:51 . 2008-03-26 09:51 90,540 --a------ C:\Documents and Settings\LocalService\Application Data\1095839497.exe
2008-03-26 09:46 . 2008-03-26 09:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-26 09:46 . 2008-03-26 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-26 09:45 . 2008-03-26 09:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-24 14:23 . 2008-03-24 13:46 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-24 14:23 . 2008-03-24 14:23 2,552 --a------ C:\WINDOWS\unins000.dat
2008-03-24 14:19 . 2008-03-24 14:19 31,232 --a------ C:\WINDOWS\didduid.ini
2008-03-24 12:32 . 2008-03-24 12:32 151,552 --a------ C:\Documents and Settings\LocalService\Application Data\869715802.exe
2008-03-24 12:32 . 2008-03-24 12:32 90,540 --a------ C:\WINDOWS\system32\sbwltbxa.exe
2008-03-24 12:32 . 2008-03-24 12:32 90,540 --a------ C:\Documents and Settings\LocalService\Application Data\1095315177.exe
2008-03-22 00:22 . 2008-03-24 14:19 1,029 --a------ C:\WINDOWS\wininit.ini
2008-03-22 00:15 . 2008-03-22 00:15 90,550 --a------ C:\Documents and Settings\LocalService\Application Data\1099444196.exe
2008-03-22 00:02 . 2008-03-22 00:02 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-22 00:02 . 2008-03-22 00:02 <DIR> d-------- C:\Program Files\stc
2008-03-22 00:02 . 2008-03-22 00:02 <DIR> d-------- C:\Program Files\180search assistant
2008-03-21 01:55 . 2008-03-21 01:55 90,552 --a------ C:\WINDOWS\enafopin.exe
2008-03-21 01:55 . 2008-03-24 12:32 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-21 01:54 . 2008-03-21 01:54 58,880 --a------ C:\WINDOWS\xuransjs.dll
2008-03-21 01:54 . 2008-03-21 01:54 58,880 --a------ C:\Documents and Settings\All Users\Application Data\dudgxafq.dll
2008-03-21 01:53 . 2008-03-21 01:53 <DIR> d-------- C:\WINDOWS\roopqedb
2008-03-21 01:53 . 2008-03-21 01:53 188,416 --a------ C:\WINDOWS\utgxefml.dll
2008-03-21 01:52 . 2008-03-21 02:10 2,621,424 --a------ C:\WINDOWS\sIJ2vt1Yk5.exe.bak
2008-03-21 01:52 . 2008-03-21 01:52 36,864 --a------ C:\WINDOWS\nodojkvy.exe
2008-03-20 01:31 . 2008-03-20 01:31 107,008 --a------ C:\Documents and Settings\LocalService\Application Data\1193887337.exe
2008-03-19 10:44 . 2008-03-19 10:44 107,008 --a------ C:\Documents and Settings\LocalService\Application Data\1001789598.exe
2008-03-18 13:14 . 2008-03-22 00:15 147,456 --a------ C:\Documents and Settings\LocalService\Application Data\907608617.exe
2008-03-18 12:59 . 2008-03-18 12:59 74,240 --a------ C:\WINDOWS\system32\CbEvtSvc.exe
2008-03-11 23:53 . 2008-03-11 23:53 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-03-09 22:27 . 2008-03-09 22:27 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-03-09 22:15 . 2008-03-09 22:15 <DIR> d-------- C:\Program Files\Common Files\Nullsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 12:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-24 03:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-24 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-18 23:40 --------- d-----w C:\Program Files\Common Files\Real
2008-03-18 12:45 --------- d-----w C:\Documents and Settings\George Aristidhi\Application Data\AdobeUM
2008-02-23 14:08 --------- d-----w C:\Documents and Settings\George Aristidhi\Application Data\LimeWire
2008-02-22 13:43 --------- d-----w C:\Program Files\ErrorSmart
2008-02-19 01:46 --------- d-----w C:\Documents and Settings\George Aristidhi\Application Data\ErrorSmart
2008-02-19 01:41 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2008-02-19 01:38 --------- d-----w C:\Program Files\MP3 Player Utilities 3.66
2008-02-11 14:45 --------- d-----w C:\Program Files\LimeWire
2007-08-19 07:10 81,920 ----a-w C:\Documents and Settings\George Aristidhi\Application Data\ezpinst.exe
2007-08-19 07:10 47,360 ----a-w C:\Documents and Settings\George Aristidhi\Application Data\pcouffin.sys
2007-02-06 13:50 18,704 ----a-w C:\Documents and Settings\George Aristidhi\Application Data\GDIPFONTCACHEV1.DAT
2006-03-16 14:21 28,672 ----a-w C:\Documents and Settings\George Aristidhi\atwbxdet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8b9b3b58-1dd2-11b2-a689-cc0eb0371a2b}]
2008-03-21 01:54 58880 --a------ C:\WINDOWS\xuransjs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f7d40011-29bb-43eb-9c97-875ce89e9e36}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]
"Error Safe"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 23:16 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 21:15 106496]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:38 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2004-07-01 09:40 233472]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-08 02:25 1400944]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-21 01:35 155648]
"Cmaudio"="cmicnfg.cpl" []
"BO1HelperStartUp"="C:\PROGRA~1\BUTTER~1\BO1HEL~1.exe" [ ]
"Desktop Service Centre"="C:\Program Files\OptusNet DSL Internet\DSC.exe" [2005-11-30 13:21 2919831]
"Winsystems"="C:\WINDOWS\system32\Winsysteml\Freevideo-go.exe" [ ]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-06-19 13:37 262144]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 15:52 675840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-01 19:12 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 90112 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-05 00:00 79224]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 08:22 3739648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 23:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-01-09 22:00:23 282624]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-14 23:16:39 124912]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-01-16 19:08:09 286720]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-01-04 18:02:15 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"sIJ2vt1Yk5"= rundll32.exe "C:\WINDOWS\utgxefml.dll",DllCleanServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]
C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 CbEvtSvc;CbEvtSvc;C:\WINDOWS\System32\CbEvtSvc.exe [2008-03-18 12:59]
S2 grande48;grande48;C:\WINDOWS\system32\drivers\grande48.sys []
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-07 10:34]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-05-13 14:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 22:25:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-03-11 12:53:49 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 00:04:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-29 0:07:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-28 13:07:02
Pre-Run: 106,387,451,904 bytes free
Post-Run: 106,388,656,128 bytes free
.
2008-03-26 12:49:37 --- E O F ---

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:34 PM

Posted 10 April 2008 - 04:24 PM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:34 PM

Posted 17 April 2008 - 10:51 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users