Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crazy Annoying Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 dominus

dominus

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 02 August 2008 - 06:29 PM

I believe what I downloaded accidently was a malware called Trojan Dropper. I was just going to a completely innocent little forum I've been to a thousand times before and wasn't expecting trouble when it happened. The whole forum hosting site or something had been hijacked I think and it sent me to some weird japanesse text screen and the next thing I knew I had 2200 fishing programs on my computer.

It got past Norton, prevx, spyware doctor and windows defender.

Since then I have tried everything to get rid of the viruses. I used all of the above, plus spyware hunter, spybot search and destroy, super anti spyware, combo fix, and malwarebyte's anti-malware.

It seems okay now...

But I don't feel safe going on the internet yet. How can I tell if its really gone. I don't want all that malware I just got rid of to come right back.

Please help.

I have logs too.

ComboFix 08-08-01.05 - John 2008-08-02 18:37:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1619 [GMT -4:00]
Running from: C:Documents and SettingsJohnDesktopComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Documents and SettingsJohnApplication DataFunWebProducts
C:Documents and SettingsJohnApplication DataFunWebProductsDataJohnavatar.dat
C:Documents and SettingsJohnApplication DataFunWebProductsDataJohnregister.dat
C:Documents and SettingsJohnApplication DataFunWebProductsDataJohnzbucks.dat
C:Documents and SettingsJohnApplication DataFunWebProductsDataJohnzwinky.dat
C:VundoFix.txt
C:WINDOWSsystem32aliens.dll
C:windowssystem32explorer.exe
C:WINDOWSsystem32keyiftp.dll
C:WINDOWSsystem32lsprst7.dll
C:WINDOWSsystem32manleu.dll
C:WINDOWSsystem32MSINET.oca
C:WINDOWSsystem32o02PrEz
C:WINDOWSsystem32S0
C:WINDOWSsystem32S1
C:WINDOWSsystem32S4
C:WINDOWSsystem32S6
C:WINDOWSsystem32S7
C:WINDOWSsystem32ssprs.dll
C:WINDOWSsystem32win

Infected copy of C:WINDOWSexplorer.exe was found & disinfected
Restored copy from - C:WINDOWSsystem32dllcacheexplorer.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_NET_AGENT
-------Legacy_TNIDRIVER


((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-08-02 18:37 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSngev.exe
2008-08-02 18:37 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSahbx.exe
2008-08-02 17:50 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSvcei.exe
2008-08-02 17:30 . 2008-08-02 17:30 <DIR> d-------- C:Program FilesMalwarebytes' Anti-Malware
2008-08-02 17:30 . 2008-08-02 17:30 <DIR> d-------- C:Documents and SettingsJohnApplication DataMalwarebytes
2008-08-02 17:30 . 2008-08-02 17:30 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-08-02 17:30 . 2008-07-30 20:15 38,472 --a------ C:WINDOWSsystem32driversmbamswissarmy.sys
2008-08-02 17:30 . 2008-07-30 20:15 17,144 --a------ C:WINDOWSsystem32driversmbam.sys
2008-08-02 16:48 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSdctl.exe
2008-08-02 16:14 . 2008-08-02 16:14 <DIR> d-------- C:Program FilesSpybot - Search & Destroy
2008-08-02 16:14 . 2008-08-02 16:18 <DIR> d--hs---- C:llk
2008-08-02 16:14 . 2008-08-02 16:14 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-08-02 14:18 . 2008-08-02 14:18 <DIR> d-------- C:Program FilesSUPERAntiSpyware
2008-08-02 14:17 . 2008-08-02 14:20 <DIR> d--hs---- C:feu
2008-08-02 14:12 . 2008-08-02 14:12 <DIR> d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-08-02 13:39 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSydym.exe
2008-08-02 13:35 . 2008-08-02 13:35 <DIR> d-------- C:Program FilesCCleaner
2008-08-02 12:31 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSatjj.exe
2008-08-01 18:21 . 2008-08-01 18:21 <DIR> d--hs---- C:tft
2008-08-01 17:33 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSqarm.exe
2008-08-01 17:33 . 2008-08-02 18:49 54,156 --ah----- C:WINDOWSQTFont.qfn
2008-08-01 17:33 . 2008-08-01 17:33 1,409 --a------ C:WINDOWSQTFont.for
2008-08-01 17:25 . 2008-08-02 16:17 24,576 --a------ C:WINDOWSsystem32jacknove.dll
2008-08-01 17:21 . 2008-08-01 17:41 <DIR> d--hs---- C:dek
2008-08-01 17:11 . 2008-08-01 17:41 <DIR> d--hs---- C:qgc
2008-08-01 13:54 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSnyuv.exe
2008-08-01 13:43 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSxtta.exe
2008-08-01 11:27 . 2008-08-01 13:54 <DIR> d--hs---- C:izh
2008-08-01 03:38 . 2008-08-01 13:54 <DIR> d--hs---- C:wrg
2008-07-31 16:55 . 2007-06-13 06:23 1,033,216 --a------ C:WINDOWSvnpn.exe
2008-07-31 16:48 . 2008-08-01 13:54 <DIR> d--hs---- C:fhw
2008-07-31 16:30 . 2008-08-01 13:54 <DIR> d--hs---- C:nav
2008-07-31 16:19 . 2008-07-31 16:28 <DIR> d--hs---- C:zjc
2008-07-31 15:58 . 2008-07-31 16:28 <DIR> d--hs---- C:qvy
2008-07-31 15:47 . 2008-07-31 16:05 <DIR> d--hs---- C:afn
2008-07-31 15:02 . 2008-07-31 16:05 <DIR> d--hs---- C:gaw
2008-07-31 14:42 . 2008-07-31 16:05 <DIR> d--hs---- C:daf
2008-07-31 14:34 . 2008-07-31 14:34 0 -ra------ C:WINDOWSsystem32driversTqaNTISYS.SYS
2008-07-31 14:33 . 2008-07-31 16:05 <DIR> d--hs---- C:ygo
2008-07-31 14:26 . 2008-07-31 14:27 24,576 --a------ C:WINDOWSsystem32irotiyy.dll
2008-07-31 14:25 . 2008-07-31 14:31 <DIR> d--hs---- C:azj
2008-07-31 14:24 . 2008-07-31 14:31 <DIR> d--hs---- C:lnz
2008-07-31 14:24 . 2008-07-31 14:24 7,712 --a------ C:WINDOWSjhut.exe
2008-07-28 13:09 . 2008-07-28 13:09 <DIR> d-------- C:Program FilesSmart Projects
2008-07-27 11:46 . 2008-07-27 11:46 <DIR> d-------- C:Program FilesSun
2008-07-13 18:00 . 2008-07-13 18:00 <DIR> d-------- C:Documents and SettingsAll UsersApplication DataSimCity Societies
2008-07-12 01:03 . 2008-07-12 01:04 <DIR> d-------- C:Program FilesUnlocker
2008-07-07 10:48 . 2008-07-07 11:48 <DIR> d-------- C:Program FilesAbacre Photo Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 22:49 --------- d---a-w C:Documents and SettingsAll UsersApplication DataTEMP
2008-08-02 22:49 --------- d-----w C:Program FilesCommon FilesSymantec Shared
2008-08-02 22:30 --------- d-----w C:Documents and SettingsJohnApplication DataU3
2008-08-02 20:45 --------- d-----w C:Program FilesSpywareDetector
2008-08-02 20:25 --------- d-----w C:Documents and SettingsAll UsersApplication DataPrevx
2008-08-02 20:21 --------- d-----w C:Program FilesPrevx2
2008-08-02 18:18 --------- d-----w C:Documents and SettingsJohnApplication DataSUPERAntiSpyware.com
2008-08-01 22:48 --------- d-----w C:Documents and SettingsAll UsersApplication DataGoogle Updater
2008-07-31 20:30 --------- d-----w C:Documents and SettingsJohnApplication DataPrevx
2008-07-31 13:47 --------- d-----w C:Program FilesSpyware Doctor
2008-07-28 16:58 --------- d-----w C:Documents and SettingsJohnApplication DatauTorrent
2008-07-27 15:46 --------- d-----w C:Program FilesJava
2008-07-25 17:11 107,888 ----a-w C:WINDOWSsystem32CmdLineExt.dll
2008-07-14 18:28 --------- d-----r C:Program FilesAvid
2008-07-12 18:00 --------- d-----w C:Program FilesuTorrent
2008-06-26 22:40 --------- d-----w C:Program FilesMeadCo Neptune
2008-06-26 22:39 --------- d-----w C:Documents and SettingsJohnApplication DataLudia
2008-06-26 21:51 --------- d-----w C:Documents and SettingsAll UsersApplication DataLudia
2008-06-26 21:50 --------- d-----w C:Program FilesTrymedia
2008-06-21 08:08 --------- d-----w C:Program FilesSpeedFan
2008-06-21 08:07 --------- d-----w C:Program FilesGame_Maker7
2008-06-21 07:42 --------- d-----w C:Documents and SettingsAll UsersApplication DataPCPitstop
2008-06-20 17:41 245,248 ----a-w C:WINDOWSsystem32mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:WINDOWSsystem32driverstcpip.sys
2008-06-20 10:44 138,368 ----a-w C:WINDOWSsystem32driversafd.sys
2008-06-20 09:52 225,920 ----a-w C:WINDOWSsystem32driverstcpip6.sys
2008-06-13 13:10 272,128 ------w C:WINDOWSsystem32driversbthport.sys
2008-06-11 19:24 --------- d-----w C:Documents and SettingsAll UsersApplication DataMinnetonka Audio Software
2008-06-09 19:21 --------- d-----w C:Program FilesRm To AVI VCD SVCD DVD MPEG Converter
2008-06-09 19:18 --------- d-----w C:Program FilesAviSynth 2.5
2008-06-06 21:45 --------- d-----w C:Program FilesMagicDVDRipper
2008-06-06 21:24 3,400 -csha-w C:WINDOWSsystem32KGyGaAvL.sys
2008-05-16 03:21 151,552 ----a-w C:WINDOWSsystem32nvRegDev.dll
2008-05-07 05:18 1,287,680 ----a-w C:WINDOWSsystem32quartz.dll
2008-02-10 17:21 1 ----a-w C:Documents and SettingsJohnSI.bin
2004-12-07 19:58 32 -csha-w C:WINDOWS{89475F1E-BBFE-414C-82EB-1C855E2CA9C2}.dat
2004-12-06 06:58 56 --sh--r C:WINDOWSsystem32361EA238FE.sys
2004-12-07 19:58 32 -csha-w C:WINDOWSsystem32{381B6774-28DD-477B-8D2E-8E08031BFD61}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-04-01 21:37 68856]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 08:00 15360]
"WMPNSCFG"="C:Program FilesWindows Media PlayerWMPNSCFG.exe" [2006-10-18 21:05 204288]
"SUPERAntiSpyware"="C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2004-10-29 17:50 4620288]
"PCMService"="C:Program FilesLogitechMediaLifeMediaLifeService.exe" [2004-04-28 16:10 73728]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 12:50 155648]
"DigidesignMMERefresh"="C:Program FilesAvidDigidesignDriversMMERefresh.exe" [2004-08-16 01:56 27648]
"CTSysVol"="C:Program FilesCreativeSBAudigy2ZSSurround MixerCTSysVol.exe" [2003-09-17 11:43 57344]
"CTDVDDET"="C:Program FilesCreativeSBAudigy2ZSDVDAudioCTDVDDet.EXE" [2003-06-18 02:00 45056]
"SBDrvDet"="C:Program FilesCreativeSB Drive DetSBDrvDet.exe" [2002-12-03 19:06 45056]
"ccApp"="C:Program FilesCommon FilesSymantec SharedccApp.exe" [2003-12-02 17:11 54296]
"ccRegVfy"="C:Program FilesCommon FilesSymantec SharedccRegVfy.exe" [2003-12-02 17:11 58392]
"Advanced Tools Check"="C:PROGRA~1NORTON~1AdvToolsADVCHK.EXE" [2002-08-26 23:35 79480]
"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [2004-10-29 17:50 86016]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_07binjusched.exe" [2008-06-10 04:27 144784]
"Symantec NetDriver Monitor"="C:PROGRA~1SYMNET~1SNDMon.exe" [2006-11-29 16:26 95960]
"Google Desktop Search"="C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" [2007-12-06 03:38 29744]
"WinampAgent"="C:Program FilesWinampwinampa.exe" [2007-05-14 18:22 35328]
"CanonSolutionMenu"="C:Program FilesCanonSolutionMenuCNSLMAIN.exe" [2007-04-03 21:00 644696]
"CanonMyPrinter"="C:Program FilesCanonMyPrinterBJMyPrt.exe" [2007-04-03 21:50 1603152]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2008-04-01 02:41 185896]
"ISTray"="C:Program FilesSpyware DoctorpctsTray.exe" [2008-02-01 12:55 1103240]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [2008-03-30 10:36 267048]
"PrevxOne"="C:Program FilesPrevx2PXConsole.exe" [2008-01-23 12:32 1997880]
"UnlockerAssistant"="C:Program FilesUnlockerUnlockerAssistant.exe" [2008-05-02 00:15 15872]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:WINDOWSsystem32nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 17:10 61952 C:WINDOWSsystem32Hdaudpropshortcut.exe]
"CTHelper"="CTHELPER.EXE" [2003-10-06 02:57 24576 C:WINDOWSsystem32CTHELPER.EXE]

C:Documents and SettingsJohnStart MenuProgramsStartup
Stardock ObjectDock.lnk - C:Program FilesStardockObjectDockObjectDock.exe [2004-12-08 19:48:12 1167360]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Google Updater.lnk - C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe [2006-12-18 07:11:30 125624]
Logitech SetPoint.lnk - C:Program FilesLogitechSetPointKEM.exe [2004-12-06 01:41:49 573440]

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:Program FilesSUPERAntiSpywareSASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2007-04-19 13:41 294912 C:Program FilesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"VIDC.I420"= i420vfw.dll
"vidc.AVRn"= AvidAVICodec.dll
"MIDI1"= diomidi.dll
"wave1"= Digi32.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"C:Program FilesLogitechDesktop Messenger8876480ProgrambackWeb-8876480.exe"=
"C:WINDOWSliveupd.exe"=
"C:Program FilesMSN Messengermsnmsgr.exe"=
"C:Program FilesInterVideoDVD6WinDVD.exe"=
"C:Program FilesuTorrentutorrent.exe"=
"%windir%Network Diagnosticxpnetdiag.exe"=
"C:WINDOWSsystem32dpvsetup.exe"=
"C:Program FilesYahoo!MessengerYahooMessenger.exe"=
"C:Program FilesYahoo!MessengerYServer.exe"=
"C:Program FilesAtariNeverwinter Nights 2nwn2main.exe"=
"C:Program FilesAtariNeverwinter Nights 2nwn2main_amdxp.exe"=
"C:Program FilesAtariNeverwinter Nights 2nwupdate.exe"=
"C:Program FilesAtariNeverwinter Nights 2nwn2server.exe"=
"C:Program FilesiTunesiTunes.exe"=
"C:Program FilesFiraxis GamesSid Meier's Civilization 4Civilization4.exe"=
"C:Program FilesFiraxis GamesSid Meier's Civilization 4WarlordsCiv4Warlords.exe"=
"C:Program FilesFiraxis GamesSid Meier's Civilization 4WarlordsCiv4Warlords_PitBoss.exe"=
"C:Program FilesFiraxis GamesSid Meier's Civilization 4Beyond the SwordCiv4BeyondSword.exe"=
"C:Program FilesFiraxis GamesSid Meier's Civilization 4Beyond the SwordCiv4BeyondSword_PitBoss.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 Daemon;Daemon;C:WINDOWSsystem32DRIVERSdaemon.sys [2002-01-19 03:44]
R0 DigiFilter;DigiFilter;C:WINDOWSsystem32driversDigiFi~1.sys [2004-08-16 01:18]
R0 iteraid;ITERAID_Service_Install;C:WINDOWSsystem32DRIVERSiteraid.sys [2004-10-29 12:21]
R0 ub1394;Unibrain 1394 Class Driver;C:WINDOWSsystem32DRIVERSub1394.sys [2004-06-01 08:51]
R0 ubsbm;Unibrain 1394 SBM Driver;C:WINDOWSsystem32DRIVERSubsbm.sys [2004-06-01 08:51]
R1 ANVIOCTL;ANVIOCTL;C:WINDOWSsystem32DRIVERSanvioctl.sys [2004-05-24 11:27]
R2 nvTUNEP;nVidia WDM TVTuner;C:WINDOWSsystem32DRIVERSnvtunep.sys [2004-04-06 06:30]
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:WINDOWSsystem32DRIVERSnvtvsnd.sys [2004-04-06 06:31]
R2 PfDetNT;PfDetNT;C:WINDOWSsystem32driversPfModNT.sys [2003-03-05 03:07]
R2 ubumapi;Unibrain 1394 FireAPI Driver;C:WINDOWSsystem32DRIVERSubumapi.sys [2004-06-01 08:51]
R3 cmudax;C-Media High Definition Audio Interface;C:WINDOWSsystem32driverscmudax.sys [2004-07-27 12:06]
R3 iLokDrvr;iLok;C:WINDOWSsystem32DRIVERSiLokDrvr.sys [2003-07-07 14:26]
R3 ubohci;Unibrain 1394 OHCI Driver;C:WINDOWSsystem32DRIVERSubohci.sys [2004-06-01 08:50]
R3 ubsbp2;Unibrain SBP2 Bus Driver;C:WINDOWSsystem32DRIVERSubsbp2.sys [2004-06-01 08:50]
S3 dalwdmservice;dal service;C:WINDOWSsystem32driversdalwdm.sys [2004-08-16 00:02]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2007-12-06 03:38]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;C:WINDOWSsystem32DRIVERSmrv8ka51.sys [2004-08-02 18:04]
S4 Updvc60snnu;Updvc60snnu;C:WINDOWSsystem32lpr.exe [2004-08-04 08:00]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D]
ShellAutoRuncommand - D:Autorun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2F]
ShellAutoRuncommand - F:LaunchU3.exe -a

[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
C:WINDOWSsystem32msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}
.
Contents of the 'Scheduled Tasks' folder

2008-07-07 C:WINDOWSTasksAppleSoftwareUpdate.job
- C:Program FilesApple Software UpdateSoftwareUpdate.exe [2008-04-11 17:57]

2008-08-02 C:WINDOWSTasksMP Scheduled Scan.job
- C:Program FilesWindows DefenderMpCmdRun.exe [2006-11-03 19:20]

2008-08-02 C:WINDOWSTasksSymantec NetDetect.job
- C:Program FilesSymantecLiveUpdateNDETECT.EXE [2004-07-19 18:26]

2008-03-02 C:WINDOWSTasksUniblue SpyEraser Nag.job
- C:Program FilesUniblueSpyEraserSpyEraser.exe []

2007-11-13 C:WINDOWSTasksUniblue SpyEraser.job
- C:Program FilesUniblueSpyEraserSpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SpyHunter Security Suite - C:Program FilesEnigma Software GroupSpyHunterSpyHunter3.exe
ShellExecuteHooks-{C362D1C3-313C-41C8-A0C7-45458CD8D9A9} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:Documents and SettingsJohnApplication DataMozillaFirefoxProfilesm4inmmb6.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 18:49:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:WINDOWSTEMPTMP0000003F3DD6A8ABEE0945D3

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:WINDOWSexplorer.exe
-> C:Program FilesStardockObjectDockDockShellHook.dll
-> C:Program FilesUnlockerUnlockerHook.dll
-> C:Program FilesLogitechSetPointlgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
C:Program FilesWindows DefenderMsMpEng.exe
C:Program FilesCommon FilesSymantec SharedCCEVTMGR.EXE
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSasuskbservice.exe
C:WINDOWSsystem32AvidSDMService.exe
C:WINDOWSsystem32CTSVCCDA.EXE
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesNorton AntiVirusNAVAPSVC.EXE
C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesPrevx2PXAgent.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesLogitechSetPointKHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-08-02 18:56:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-02 22:55:46

Pre-Run: 31,130,562,560 bytes free
Post-Run: 31,178,403,840 bytes free

299 --- E O F --- 2008-08-01 15:29:54
-----------------
Is what I posted above helpful in figuring out if I am still infected?

Merged posts. ~ OB

Edited by Orange Blossom, 02 August 2008 - 10:23 PM.


BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:09:09 PM

Posted 10 August 2008 - 11:32 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

NOTE: Please do not use Combofix unless asked by an HJT Team member.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
SNOWHITE
Posted Image

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:09:09 PM

Posted 21 August 2008 - 04:29 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users