Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This And Combofix


  • This topic is locked This topic is locked
2 replies to this topic

#1 L_user

L_user

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 28 April 2008 - 04:23 PM

I thought that I was able to load the console utility but had nothing to compare it to from the windows environment. I got this pernicious bug softwarereferal.com/jump in IE also had these popups with system alert and spyware alert that were part of the problem?

anyhow I used like everything and then started... tried to follow the directions to use combofix and I just ended up running it from windows...not on purpose. It got rid of everything except for when the PC loads I get a quickset.exe in the banner with a message that says failed to load 0xc0000022 press ok to quit the serevice. Everything seems to run ok after I just say ok quit. I find a lot of conflicting sites saying what quickset.exe is. Yes I do have a dell latitude D820 here is the dump from the log file.
Thanks for any help. :thumbsup:


ComboFix 08-04-27.3 - Jerry 2008-04-28 10:21:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1442 [GMT -7:00]
Running from: C:\Documents and Settings\Jerry\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jerry\Desktop\Error Cleaner.url
C:\Documents and Settings\Jerry\Desktop\Privacy Protector.url
C:\Documents and Settings\Jerry\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Jerry\Favorites\Error Cleaner.url
C:\Documents and Settings\Jerry\Favorites\Privacy Protector.url
C:\Documents and Settings\Jerry\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\bdkpfxqw.dll
C:\WINDOWS\qadovnel.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\spwoqbmv.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\awtuttQj.dll
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\CLkkQXyb.ini
C:\WINDOWS\system32\CLkkQXyb.ini2
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\pmnoNGxy.dll
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\wwowfbol.ini
C:\WINDOWS\wxdbpfvo.dll
C:\WINDOWS\xbaqktfv.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-27 20:51 . 2008-04-28 10:30 616,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 20:51 . 2008-04-28 10:28 8,276 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-27 20:48 . 2008-04-27 20:48 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-27 20:46 . 2008-04-27 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-27 20:46 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-27 20:46 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-27 20:46 . 2008-04-27 20:49 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 20:45 . 2008-04-27 20:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-27 20:44 . 2008-04-28 10:30 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-27 12:15 . 2008-04-27 12:15 <DIR> d-------- C:\Documents and Settings\Jerry\Application Data\TrojanHunter
2008-04-27 12:14 . 2008-04-27 14:36 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-27 11:33 . 2008-04-27 11:33 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-04-27 11:29 . 2008-04-27 11:43 141,162 --a------ C:\WINDOWS\hpoins14.dat
2008-04-27 11:29 . 2007-09-19 18:14 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-04-27 09:07 . 2008-04-27 09:07 102,400 --a------ C:\WINDOWS\system32\ijinelcl.exe
2008-04-27 08:40 . 2008-04-27 22:23 <DIR> d-------- C:\Documents and Settings\Jerry\Application Data\TmpRecentIcons
2008-04-27 08:37 . 2008-04-27 09:17 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-04-27 08:17 . 2007-12-24 17:37 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-27 08:17 . 2007-12-24 17:37 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-27 08:16 . 2008-04-27 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-27 08:08 . 2008-04-27 08:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-26 22:17 . 2008-04-26 23:00 <DIR> d-------- C:\Documents and Settings\Default User\.housecall6.6
2008-04-26 20:30 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-26 19:48 . 2008-04-27 07:27 <DIR> d-------- C:\Documents and Settings\Jerry\.housecall6.6
2008-04-26 19:11 . 2008-04-26 19:11 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-26 19:01 . 2008-04-26 19:01 <DIR> d-------- C:\Program Files\CCleaner
2008-04-26 18:44 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-26 18:44 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-26 18:44 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-26 18:44 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-26 18:05 . 2008-04-27 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\snyjytcj
2008-04-21 08:21 . 2008-04-21 08:21 <DIR> d-------- C:\Documents and Settings\Jerry\Application Data\HP
2008-04-21 08:12 . 2008-04-21 08:12 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-04-21 08:09 . 2008-04-21 08:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\HP
2008-04-21 07:59 . 2007-03-17 09:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-04-21 07:59 . 2007-03-07 21:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-04-21 07:59 . 2007-03-07 21:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-04-21 07:59 . 2007-03-17 09:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-04-21 07:58 . 2007-03-17 09:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-04-21 07:58 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-21 07:58 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-20 10:20 . 2008-04-20 10:22 107,424 --a------ C:\WINDOWS\hpqins11.dat
2008-04-20 10:16 . 2008-04-27 11:16 140,514 --------- C:\WINDOWS\hpoins14.dat.temp
2008-04-20 10:16 . 2007-09-19 18:14 2,000 --------- C:\WINDOWS\hpomdl14.dat.temp
2008-04-17 16:17 . 2008-04-17 16:17 <DIR> d-------- C:\Documents and Settings\Jerry\Application Data\HPAppData
2008-04-17 12:13 . 2008-04-17 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-04-17 12:11 . 2008-04-17 12:11 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-04-17 12:11 . 2008-04-17 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-04-17 12:10 . 2008-04-17 12:10 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-17 12:10 . 2008-04-27 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-17 12:09 . 2008-04-17 12:09 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-17 12:08 . 2008-04-17 12:11 <DIR> d-------- C:\Program Files\HP
2008-04-17 12:07 . 2008-04-17 12:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-17 12:07 . 2007-03-07 21:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-04-17 12:07 . 2007-03-07 21:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-04-17 12:06 . 2007-03-30 08:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-04-17 12:06 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-04-17 12:06 . 2007-03-07 21:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-04-17 12:01 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-17 12:01 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-15 08:38 . 2008-04-15 08:38 <DIR> d-------- C:\Documents and Settings\Jerry\Application Data\System Tweaker
2008-04-14 17:43 . 2008-04-26 20:04 <DIR> d-------- C:\Program Files\Uniblue
2008-04-14 17:43 . 2008-04-14 17:43 <DIR> d-------- C:\Documents and Settings\Jerry\Application Data\Uniblue
2008-04-13 21:13 . 2008-04-13 21:13 <DIR> d-------- C:\log
2008-04-11 16:35 . 2008-04-11 16:35 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-11 16:35 . 2006-11-05 22:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8O.DLL
2008-04-11 15:49 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-11 15:49 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-10 16:04 . 2008-04-10 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SkyGolf
2008-04-10 16:03 . 2008-04-10 16:03 <DIR> d-------- C:\Program Files\SkyGolf
2008-04-10 16:03 . 2008-04-10 16:15 <DIR> d-------- C:\Program Files\SG2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 17:28 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Wave Systems Corp
2008-04-28 17:17 --------- d-----w C:\Documents and Settings\Jerry\Application Data\Skype
2008-04-28 17:12 --------- d-----w C:\Documents and Settings\Jerry\Application Data\Wave Systems Corp
2008-04-27 19:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-27 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-27 01:33 --------- d-----w C:\Program Files\LingvoSoft
2008-04-22 19:30 --------- d-----w C:\Program Files\Java
2008-04-15 16:39 --------- d-----w C:\Documents and Settings\Jerry\Application Data\U3
2008-04-02 05:51 --------- d-----w C:\Program Files\Macromedia
2007-02-01 04:15 104 -c--a-w C:\Program Files\My Bluetooth Places.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB6EF78-FFC8-4F7A-BD2C-09DA1169A4B5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E604DAA-B6E9-4D51-827C-558054C8A0E7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-27 20:48 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 03 May 2008 - 03:34 PM

Hi

You haven't posted a hijackthis log ...

& you've only posted part of the Combofix log ...

Post both logs in full, then I may be able to assist you ...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 19 May 2008 - 02:32 PM

Locked due to lack of feedback.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users