Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Being Hijaked


  • Please log in to reply
1 reply to this topic

#1 i8sme

i8sme

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 27 June 2008 - 02:44 PM

i have run trhe combofix and seem to uninistall it but the gxvpsafm toolbar on my ie cant seem to uninstall it any help would really be appreciated.if u need anything from me guys just tell me and ill try i get for you.thank u very much



ComboFix 08-06-20.4 - Ellan 2008-06-27 19:52:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.302 [GMT 1:00]
Running from: C:\Documents and Settings\Ellan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ellan\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1.exe
C:\Documents and Settings\Ellan\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\Ellan\Start Menu\Programs\Antivirus 2008 PRO
C:\Documents and Settings\Ellan\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Documents and Settings\VAIO\Desktop\Error Cleaner.url
C:\Documents and Settings\VAIO\Desktop\Privacy Protector.url
C:\Documents and Settings\VAIO\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\VAIO\Favorites\Error Cleaner.url
C:\Documents and Settings\VAIO\Favorites\Privacy Protector.url
C:\Documents and Settings\VAIO\Favorites\Spyware&Malware Protection.url
C:\Program Files\Antivirus 2008 PRO
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Antivirus 2008 PRO\vscan.tsi
C:\Program Files\Antivirus 2008 PRO\zlib.dll
C:\WINDOWS\eqwt.exe
C:\WINDOWS\privacy_danger

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-12-27 12:06 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-12-27 12:06 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-12-27 12:06 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-12-27 12:06 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-12-27 12:06 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-12-27 12:06 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-27 10:35 . 2008-06-27 12:24 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-12-27 10:35 . 2008-06-27 12:24 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-12-27 10:34 . 2008-06-27 19:57 2,123,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-12-27 10:34 . 2008-06-27 19:57 144,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-12-27 10:34 . 2008-06-27 19:28 22,388 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-12-27 10:34 . 2008-06-27 19:28 14,180 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-12-27 04:10 . 2003-10-14 18:04 1,043,072 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2008-12-27 04:10 . 2003-10-14 18:05 679,808 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-12-27 04:10 . 2003-10-14 18:08 197,120 --a------ C:\WINDOWS\system32\drivers\HSFHWICH.sys
2008-12-27 04:10 . 2003-10-14 16:17 128,333 --a------ C:\WINDOWS\system32\drivers\Snyunif.cty
2008-12-27 04:10 . 2003-04-09 16:01 90,112 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2008-12-27 04:10 . 2003-08-07 12:17 27,786 --a------ C:\WINDOWS\system32\HSFCI007.dll
2008-12-27 04:10 . 2003-04-09 15:48 11,043 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-12-27 04:09 . 2005-01-07 01:01 52,736 --a------ C:\WINDOWS\system32\drivers\tifmsony.sys
2008-12-27 03:54 . 2003-09-29 14:31 94,601 --a------ C:\WINDOWS\system32\drivers\Apfiltr.sys
2008-12-27 03:54 . 2003-06-03 01:55 87,821 --a------ C:\WINDOWS\system32\Vxdif.dll
2008-12-27 03:49 . 2008-12-27 03:49 <DIR> d-------- C:\Documents and Settings\Ellan\Application Data\Sony Corporation
2008-12-27 03:49 . 2002-01-05 22:36 964,608 --a------ C:\WINDOWS\system32\mfc70u.dll
2008-12-27 03:48 . 2002-01-05 22:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-12-27 03:48 . 2002-01-05 21:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-12-27 03:48 . 2002-01-05 21:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-12-27 03:47 . 2008-12-27 03:47 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-12-27 03:46 . 2006-06-29 19:27 2,732,032 --a------ C:\WINDOWS\system32\Netw2r32.dll
2008-12-27 03:46 . 2006-06-29 19:49 2,206,720 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2008-12-27 03:46 . 2006-06-29 19:26 557,056 --a------ C:\WINDOWS\system32\Netw2c32.dll
2008-12-27 03:37 . 2008-12-27 03:37 <DIR> d-------- C:\Program Files\DIFX
2008-12-27 03:21 . 2008-06-13 12:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-12-27 03:21 . 2008-04-14 01:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-12-27 03:21 . 2008-04-13 19:51 101,120 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-12-27 03:21 . 2008-04-13 19:46 59,136 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008-12-27 03:21 . 2008-04-14 01:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-12-27 03:21 . 2008-04-13 19:46 18,944 --a------ C:\WINDOWS\system32\drivers\bthusb.sys
2008-12-27 03:21 . 2008-04-13 19:46 17,024 --a------ C:\WINDOWS\system32\drivers\bthenum.sys
2008-12-27 03:21 . 2008-04-14 01:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-12-27 03:15 . 2004-10-08 17:26 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-12-27 03:05 . 2008-12-27 03:26 <DIR> d-------- C:\Documents and Settings\Ellan
2008-12-27 03:04 . 2008-12-27 03:04 <DIR> d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY
2008-12-27 03:04 . 2008-12-27 03:04 <DIR> d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY
2008-12-27 03:04 . 2008-12-27 03:04 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-12-27 03:01 . 2008-04-14 01:11 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-12-27 03:00 . 2001-08-23 13:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-12-27 02:59 . 2008-04-14 01:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-12-27 02:58 . 2001-08-23 13:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-12-27 02:57 . 2001-08-23 13:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll
2008-12-27 02:57 . 2001-08-23 13:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-12-27 02:57 . 2001-08-23 13:00 19,968 --a--c--- C:\WINDOWS\system32\dllcache\inetsloc.dll
2008-12-27 02:57 . 2001-08-23 13:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe
2008-12-27 02:57 . 2001-08-23 13:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-12-27 02:57 . 2001-08-23 13:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-12-27 02:57 . 2001-08-23 13:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\iisrstap.dll
2008-12-27 02:57 . 2008-12-27 02:57 2,577 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-12-27 02:57 . 2008-12-27 02:57 0 --a------ C:\WINDOWS\control.ini
2008-12-27 02:56 . 2008-06-27 16:54 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-12-27 02:56 . 2008-06-27 17:24 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-12-27 02:56 . 2008-06-27 17:24 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-12-27 02:54 . 2001-08-23 13:00 4,399,505 --a--c--- C:\WINDOWS\system32\dllcache\nls302en.lex
2008-12-27 02:54 . 2008-12-27 02:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-12-27 02:54 . 2008-12-27 02:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-12-27 02:54 . 2008-12-27 02:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-12-27 02:54 . 2008-12-27 02:54 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-12-27 02:54 . 2008-12-27 02:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-12-27 02:54 . 2008-12-27 02:54 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-27 02:54 . 2008-12-27 02:54 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-12-27 02:54 . 2008-12-27 02:54 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-27 02:52 . 2008-12-27 02:52 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-12-27 02:51 . 2008-12-27 02:51 37 --a------ C:\WINDOWS\vbaddin.ini
2008-12-27 02:51 . 2008-12-27 02:51 36 --a------ C:\WINDOWS\vb.ini
2008-12-27 02:49 . 2008-04-14 01:11 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2008-12-27 02:46 . 2008-04-13 19:40 57,600 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-12-27 02:46 . 2008-04-13 19:36 10,240 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-12-27 02:46 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-12-27 02:45 . 2003-06-18 17:12 114,688 --a------ C:\WINDOWS\system32\SonyPI.dll
2008-12-27 02:45 . 2003-06-18 17:12 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-12-27 02:45 . 2003-06-18 17:12 71,961 --a------ C:\WINDOWS\system32\drivers\SonyPI.sys
2008-12-27 02:45 . 2003-06-18 17:12 71,961 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2008-12-27 02:45 . 2001-08-17 13:51 20,752 --a------ C:\WINDOWS\system32\drivers\SonyNC.sys
2008-12-27 02:45 . 2008-04-13 19:36 14,208 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-12-27 02:45 . 2008-04-13 19:36 13,952 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2008-12-27 02:45 . 2001-08-17 14:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-12-27 02:45 . 2008-04-13 19:40 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-12-27 02:44 . 2008-04-14 01:12 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-12-27 02:42 . 2008-06-27 19:34 471,326 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-27 02:42 . 2008-06-27 17:26 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-12-27 02:40 . 2004-08-04 01:57 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2008-12-27 02:40 . 2004-08-04 02:03 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT
2008-12-27 02:40 . 2004-08-04 02:03 1,042,903 -ra------ C:\WINDOWS\SET3.tmp
2008-12-27 02:40 . 2001-08-23 13:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-12-27 02:40 . 2001-08-23 13:00 399,645 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-12-27 02:40 . 2001-08-23 13:00 37,484 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT
2008-12-27 02:40 . 2004-08-04 01:58 13,753 -ra------ C:\WINDOWS\SET8.tmp
2008-12-27 02:40 . 2001-08-23 13:00 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-12-27 02:40 . 2001-08-23 13:00 8,574 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-12-27 02:40 . 2001-08-23 13:00 7,382 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-12-27 02:40 . 2004-07-17 11:45 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat
2008-12-27 02:39 . 2008-06-27 12:45 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS
2008-12-27 02:39 . 2008-06-27 12:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS
2008-12-27 02:38 . 2008-12-27 03:03 584 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-12-26 04:05 . 2008-12-26 04:05 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-27 19:33 . 2008-06-27 19:33 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-27 17:11 . 2008-04-23 05:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-27 17:11 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-27 17:11 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-27 17:11 . 2008-04-23 05:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-27 17:11 . 2008-04-23 05:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-27 17:11 . 2008-04-23 05:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-27 17:11 . 2008-04-23 05:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-27 17:11 . 2008-04-23 05:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-27 17:11 . 2008-04-22 08:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-27 17:07 . 2008-06-27 09:06 303,104 --a------ C:\WINDOWS\gfetqaxsvgb.dll
2008-06-27 17:07 . 2008-06-27 09:06 229,376 --a------ C:\WINDOWS\pntqkflv.dll
2008-06-27 17:07 . 2008-06-27 09:06 180,224 --a------ C:\WINDOWS\qegbdmwf.dll
2008-06-27 17:07 . 2008-06-27 09:06 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-27 17:06 . 2008-06-27 09:06 151,552 --a------ C:\WINDOWS\gxvpsafm.dll
2008-06-27 17:05 . 2008-06-27 19:28 <DIR> d-------- C:\Documents and Settings\Ellan\Application Data\mIRC
2008-06-27 13:30 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-27 13:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-27 13:28 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-27 13:27 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-06-27 13:27 . 2008-04-14 01:11 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 02:54 --------- d-----w C:\Program Files\Apoint
2008-12-27 02:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Intel
2008-06-27 18:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-27 16:23 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-27 11:25 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-23 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 23:20 --------- d-----w C:\Program Files\LimeWire
2008-05-30 10:02 --------- d-----w C:\Program Files\Google
2008-05-26 16:41 --------- d-----w C:\Documents and Settings\VAIO\Application Data\Sonic
2008-05-26 16:40 --------- d-----w C:\Documents and Settings\VAIO\Application Data\Leadertech
2008-05-25 22:33 --------- d-----w C:\Program Files\Netopia
2008-05-24 21:24 --------- d-----w C:\Program Files\Sony
2008-05-24 20:40 --------- d-----w C:\Documents and Settings\VAIO\Application Data\AVGTOOLBAR
2008-05-24 20:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-05-24 18:08 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-24 18:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-24 17:39 --------- d-----w C:\Program Files\Photo Story 3 for Windows
2008-05-24 17:17 --------- d-----w C:\Program Files\dvd43
2008-05-24 17:15 --------- d-----w C:\Program Files\iTunes
2008-05-24 17:15 --------- d-----w C:\Program Files\iPod
2008-05-24 17:14 --------- d-----w C:\Program Files\QuickTime
2008-05-24 17:12 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-24 16:58 --------- d-----w C:\Program Files\Java
2008-05-24 16:56 --------- d-----w C:\Program Files\Common Files\Java
2008-05-24 16:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-24 16:14 --------- d-----w C:\Program Files\MoodLogic
2008-05-24 16:13 --------- d-----w C:\Program Files\Quicken
2008-05-24 00:51 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-24 00:51 --------- d-----w C:\Program Files\AVG
2008-05-23 23:09 --------- d-----w C:\Program Files\Microsoft Works
2008-05-23 21:53 --------- d-----w C:\Program Files\InterVideo
2008-05-23 21:53 --------- d-----w C:\Program Files\InterMute
2008-05-23 21:52 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-05-23 21:38 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-05-23 21:28 --------- d-----w C:\Program Files\Sonic
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA00DCFD-75B6-48F2-889A-56595E335AA1}]
2008-06-27 09:06 303104 --a------ C:\WINDOWS\gfetqaxsvgb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{01DC360B-6DEB-4B33-9329-F12E9CD8FB24}"= "C:\WINDOWS\gxvpsafm.dll" [2008-06-27 09:06 151552]

[HKEY_CLASSES_ROOT\clsid\{01dc360b-6deb-4b33-9329-f12e9cd8fb24}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{D6317914-D4A0-4625-B9C9-3F365F46094E}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 17:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 17:27 126976]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 06:48 122880]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 23:12 32768]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 01:18 184320]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 18:21 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pntqkflv"= {D62482BF-D30E-4CF1-9DA7-155D54B8E63F} - C:\WINDOWS\pntqkflv.dll [2008-06-27 09:06 229376]
"qegbdmwf"= {97493ED8-490E-4AE3-88A9-14F8E75D133F} - C:\WINDOWS\qegbdmwf.dll [2008-06-27 09:06 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 17:12]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 19:57:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
antivirus-2008pro.exe = C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe???????????????????????????????????????????????????????????????????????????????????????????????????e???????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-27 19:59:09
ComboFix-quarantined-files.txt 2008-06-27 18:59:06

Pre-Run: 43,239,538,688 bytes free
Post-Run: 43,538,747,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

300 --- E O F --- 2008-06-27 18:33:46

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 20 July 2008 - 03:36 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users