Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups, Malware Problem - Hjt Log


  • This topic is locked This topic is locked
19 replies to this topic

#1 Dadoggy03

Dadoggy03

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 24 July 2008 - 05:32 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:28 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ahuij.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1182834522\ee\aolsoftware.exe
C:\desktop\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: targetedbanner browser optimizer - {ae0bf261-a1c7-89f9-04b1-f87934b405ac} - C:\WINDOWS\system32\uqjkzgcmiikue.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\ahuij.exe
O4 - HKLM\..\Run: [{321e1e1a-6ba2-c598-86cc-2c70c9d08921}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\uqjkzgcmiikue.dll" DllStart
O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\ahuij.exe
O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\ahuij.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\ahuij.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\iVideoCodec\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\iVideoCodec\pmsngr.exe
O4 - HKUS\S-1-5-18\..\Run: [IEUpdate] C:\WINDOWS\system32\ahuij.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [IEUpdate] C:\WINDOWS\system32\ahuij.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IEUpdate] C:\WINDOWS\system32\ahuij.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [IEUpdate] C:\WINDOWS\system32\ahuij.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)

--
End of file - 8236 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:08 AM

Posted 24 July 2008 - 06:35 PM

Hello Dadoggy03

Welcome to BleepingComputer :thumbsup:
========================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Dadoggy03

Dadoggy03
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 26 July 2008 - 11:42 AM

I downloaded dss but everytime I do a scan when it gets to "deleting Temporary files" it freezes up then I get the message "dss.exe has encountered a problem and needs to shut down." So I completely deleted dss, re-downloaded it, and tried to run it again but got the same problem again.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:08 AM

Posted 26 July 2008 - 12:44 PM

Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /config then hit ok.
Uncheck System Restore and Temp File cleanup then click on ok or scan.
Post those logs please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Dadoggy03

Dadoggy03
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 26 July 2008 - 09:26 PM

I added those files as attachments because they are both very long. If you want me to copy and paste everything let me know and I will edit this post.

Attached Files



#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:08 AM

Posted 27 July 2008 - 07:42 AM

It appears that your hard drive has some bad sectors in it.
Might want to get that replaced in the near future.
=================================
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
=====================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\uoyzsydz.exe
    C:\WINDOWS\system32\uqjkzgcmiikue.dll
    C:\WINDOWS\system32\ahuij.exe
    C:\Program Files\iVideoCodec
    c:\windows\portsv.exe 
    PlugPlayRPC <delete service>
    c:\windows\444.471
    MsSecurity1.209.4 <delete service>
    C:\WINDOWS\y.exe
    C:\WINDOWS\xplugin.dll
    C:\WINDOWS\x.exe
    C:\WINDOWS\winmgnt.exe
    C:\WINDOWS\window.exe
    C:\WINDOWS\winajbm.dll
    C:\WINDOWS\win64.exe
    C:\WINDOWS\win32e.exe
    C:\WINDOWS\waol.exe
    C:\WINDOWS\users32.exe
    C:\WINDOWS\time.exe
    C:\WINDOWS\systemcritical.exe
    C:\WINDOWS\systeem.exe
    C:\WINDOWS\svcinit.exe
    C:\WINDOWS\svchost32.exe
    C:\WINDOWS\sistem.exe
    C:\WINDOWS\searchword.dll
    C:\WINDOWS\rundll16.exe
    C:\WINDOWS\quicken.exe
    C:\WINDOWS\qttasks.exe
    C:\WINDOWS\olehelp.exe
    C:\WINDOWS\notepad32.exe
    C:\WINDOWS\mtwirl32.dll
    C:\WINDOWS\mswsc20.dll
    C:\WINDOWS\mswsc10.dll
    C:\WINDOWS\msupdate.exe
    C:\WINDOWS\mssys.exe
    C:\WINDOWS\msspi.dll
    C:\WINDOWS\msconfd.dll
    C:\WINDOWS\loader.exe
    C:\WINDOWS\internet.exe
    C:\WINDOWS\inetinf.exe
    C:\WINDOWS\iexplorer.exe
    C:\WINDOWS\iedll.exe
    C:\WINDOWS\helpcvs.exe
    C:\WINDOWS\gfmnaaa.dll
    C:\WINDOWS\funny.exe
    C:\WINDOWS\funniest.exe
    C:\WINDOWS\explorer32.exe
    C:\WINDOWS\explore.exe
    C:\WINDOWS\editpad.exe
    C:\WINDOWS\dnsrelay.dll
    C:\WINDOWS\directx32.exe
    C:\WINDOWS\ctrlpan.dll
    C:\WINDOWS\ctfmon32.exe
    C:\WINDOWS\cpan.dll
    C:\WINDOWS\clrssn.exe
    C:\WINDOWS\avpcc.dll
    C:\WINDOWS\accesss.exe
    C:\WINDOWS\system32\zytvuuottr.exe
    C:\WINDOWS\system32\hljwugsf.bin
    C:\WINDOWS\lfn.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IEUpdate
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\{321e1e1a-6ba2-c598-86cc-2c70c9d08921}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IEUpdate
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices\\IEUpdate
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\\IEUpdate
    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe 
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\isamonitor.exe
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\pmsngr.exe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe
    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IEUpdate
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{321e1e1a-6ba2-c598-86cc-2c70c9d08921}
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\PlugPlayRPC
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\MsSecurity1.209.4
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==================
PLease post these logs in your next reply:
OT Move it log
Mbam log
New dss log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 Dadoggy03

Dadoggy03
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 28 July 2008 - 04:15 PM

Hey I'm unable to get OTMoveIt2.exe to actually run. I downloaded it to my desktop, double clicked on it, selected "Run" but the program never opens. I get the cursor with the hourglass for a few seconds then it disapears and nothing happens. I deleted the program and re-downloaded it again but to no avail. I had a similar problem in my previous posts in a different forum section before it was moved to misplaced HJT logs.
http://www.bleepingcomputer.com/forums/t/158992/pop-ups-galore-and-cant-run-exe-files/

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:08 AM

Posted 28 July 2008 - 05:34 PM

Please do this right click on OT Moveit and choose Rename name it to kahdah then try to run it.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 Dadoggy03

Dadoggy03
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 29 July 2008 - 06:38 PM

Its amazing that you can get a program to work by just changing the name! I have all the logs for you as attachments.

Attached Files



#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:08 AM

Posted 29 July 2008 - 07:26 PM

Hi getting there can you post a new dss log the one you have attached is old.
Thanks :thumbsup:
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 Dadoggy03

Dadoggy03
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 29 July 2008 - 08:04 PM

Sorry about that, it only gave me one this time.

Attached Files

  • Attached File  main.txt   16.7KB   35 downloads


#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:08 AM

Posted 30 July 2008 - 03:34 AM

Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.

(Note:If the Recovery Console fails to install then do not proceed rather alert me and post back here we will continue)
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 Dadoggy03

Dadoggy03
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 30 July 2008 - 04:41 PM

Alright here are the two logs. ComboFix ran smoothly with no problems.

Attached Files



#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:08 AM

Posted 30 July 2008 - 08:03 PM

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\temp\itmp4
    C:\Program Files\moviepass Terms.html
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 Dadoggy03

Dadoggy03
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 31 July 2008 - 09:12 PM

Here is the scan


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 31, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 31, 2008 23:20:38
Records in database: 1036115
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 65871
Threat name: 4
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:49:32


File name / Threat name / Threats count
C:\_OTMoveIt\MovedFiles\07292008_135441\WINDOWS\444.471 Infected: Trojan-Downloader.Win32.Small.xpf 1
C:\_OTMoveIt\MovedFiles\07292008_135441\WINDOWS\portsv.exe Infected: Trojan.Win32.Agent.sdd 1
C:\_OTMoveIt\MovedFiles\07292008_135441\WINDOWS\system32\uoyzsydz.exe Infected: Hoax.Win32.Renos.vabt 1
C:\_OTMoveIt\MovedFiles\07292008_135705\WINDOWS\lfn.exe Infected: Hoax.Win32.Renos.vabt 1
C:\_OTMoveIt\MovedFiles\07292008_135705\WINDOWS\system32\zytvuuottr.exe Infected: Trojan-Downloader.NSIS.Agent.av 1

The selected area was scanned.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users