Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Trojan/Worm [44T38JJe.exe]


  • This topic is locked This topic is locked
1 reply to this topic

#1 bleed4yourart

bleed4yourart

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 05 November 2008 - 08:26 PM

I am not sure what the issue is with my computer.
I am currently running:
OS=XP.
Protection= Spyware Doctor, Malwarebytes and Super Anti Spyware.
Several days ago, our computer started to randomly go berserk.
Pop up ads & Sound ads.
Then a pop up notifying me that my computer is infected and Windows would like to install a program to prevent the
infection to go any further.
I ran several different programs to scan for viruses or anything thats harmful.
Malwarebytes, Spyware Doctor and Super Antispyware.
After finding several Trojans and adware, I quarantined and removed them all.
Thinking everything is ok, I shut the computer down, came back the next day and everything has returned.
It seems that every hour that I scan there's a new trojan under a different name.
Trojan-PWS.Bancos
Trojan.JS.IESlice
Trojan.Agent!sd5
I've checked my processes and 44T38JJe.exe is the only thing I am not familiar with.
This [44T38JJe.exe] is also returning every some odd hours after I've ended the process and manual deletion.
I am not sure if 44T38JJe.exe is the cause of everything or theres another program to blame.

After googling and looking up solutions.
I've tried combofix, following the directions.
Here is the last log:
ComboFix 08-11-04.02 - Compaq_Owner 2008-11-05 17:32:59.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1061 [GMT -5:00]Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Compaq_Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\bold.logc:\documents and settings\Compaq_Owner\Application Data\.#c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@10D4@B148E0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@10D4@B148F0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@16E4@B148E0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@16E4@B148F0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@6C0@B148E0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@6C0@B148F0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@6C8@B148E0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@6C8@B148F0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@8F8@B248E0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@8F8@B248F0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@A68@B14950.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@A68@B14960.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@A68@B14970.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@A68@B14D50.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@B4C@B148E0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@B4C@B148F0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@F00@B75270.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@F00@B75280.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@F00@B75290.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@F00@B75820.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@F98@B148E0.###c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@F98@B148F0.###c:\windows\system32\_000006_.tmp.dllc:\windows\system32\11V05LLg.dllc:\windows\system32\44T38JJe.exe.a_ac:\windows\system32\DelSelf.batc:\windows\system32\wini10254.exeD:\Autorun.inf.(((((((((((((((((((((((((   Files Created from 2008-10-05 to 2008-11-05  ))))))))))))))))))))))))))))))).2008-11-05 14:15 . 2008-11-05 14:14	41,474	--a------	c:\windows\system32\44T38JJe.exe_2008-11-05 14:15 . 2008-11-05 16:15	41,474	--a------	c:\windows\system32\44T38JJe.exe2008-11-04 21:15 . 2008-11-05 12:14	29,696	--a------	c:\windows\system32\11V05LLg.dl_2008-11-04 20:00 . 2008-11-05 15:17	<DIR>	d--------	c:\program files\Spyware Doctor2008-11-04 20:00 . 2008-08-25 12:36	81,288	--a------	c:\windows\system32\drivers\iksyssec.sys2008-11-04 20:00 . 2008-08-25 12:36	66,952	--a------	c:\windows\system32\drivers\iksysflt.sys2008-11-04 20:00 . 2008-08-25 12:36	40,840	--a------	c:\windows\system32\drivers\ikfilesec.sys2008-11-04 20:00 . 2008-06-02 16:19	29,576	--a------	c:\windows\system32\drivers\kcom.sys2008-11-04 18:16 . 2008-11-04 18:16	<DIR>	d--------	c:\documents and settings\NetworkService\Application Data\AdobeUM2008-11-04 00:17 . 2008-11-04 00:18	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Lavasoft2008-11-03 19:24 . 2008-11-03 19:24	<DIR>	d--------	c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes2008-11-03 19:24 . 2008-11-03 19:24	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes2008-11-03 18:32 . 2008-11-03 18:32	<DIR>	d--------	c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com2008-11-03 18:32 . 2008-11-03 18:32	<DIR>	d--------	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2008-11-02 19:55 . 2008-11-02 19:54	31,744	--a------	c:\windows\system32\GwmBI40I.exe2008-10-25 12:54 . 2008-11-04 14:39	<DIR>	d--------	c:\program files\Graal2008-10-24 03:14 . 2008-10-15 11:34	337,408	---------	c:\windows\system32\dllcache\netapi32.dll2008-10-22 04:35 . 2008-10-22 04:35	<DIR>	d--------	c:\program files\Common Files\eSellerate2008-10-22 04:29 . 2008-10-22 04:30	<DIR>	d--------	c:\documents and settings\Compaq_Owner\Application Data\Sony2008-10-22 04:29 . 2008-10-22 04:29	<DIR>	d--------	c:\documents and settings\Compaq_Owner\Application Data\Publish Providers2008-10-22 04:23 . 2008-10-22 04:23	<DIR>	d--------	c:\program files\Sony2008-10-22 04:23 . 2008-10-22 04:23	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Sony2008-10-22 04:18 . 2008-10-22 04:18	<DIR>	d--------	c:\program files\Sony Setup2008-10-15 18:37 . 2008-08-14 05:11	2,189,184	---------	c:\windows\system32\dllcache\ntoskrnl.exe2008-10-15 18:37 . 2008-08-14 05:09	2,145,280	---------	c:\windows\system32\dllcache\ntkrnlmp.exe2008-10-15 18:37 . 2008-08-14 04:33	2,066,048	---------	c:\windows\system32\dllcache\ntkrnlpa.exe2008-10-15 18:37 . 2008-08-14 04:33	2,023,936	---------	c:\windows\system32\dllcache\ntkrpamp.exe2008-10-15 18:37 . 2008-09-15 07:12	1,846,400	---------	c:\windows\system32\dllcache\win32k.sys2008-10-15 18:37 . 2008-09-08 05:41	333,824	---------	c:\windows\system32\dllcache\srv.sys2008-10-14 07:47 . 2008-10-14 07:47	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Blizzard2008-10-11 09:25 . 2008-10-11 09:25	<DIR>	d--------	c:\program files\Ubisoft2008-10-05 10:04 . 2008-10-05 10:32	<DIR>	d--------	c:\program files\Belltech Greeting Card Designer2008-10-05 08:44 . 2008-10-05 08:44	<DIR>	d--------	c:\program files\Smilebox.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-05 22:32	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP2008-11-05 01:00	---------	d-----w	c:\documents and settings\Compaq_Owner\Application Data\PC Tools2008-11-04 18:34	---------	d-----w	c:\program files\World of Warcraft2008-11-03 05:15	---------	d-----w	c:\program files\PC Tools AntiVirus2008-11-03 03:25	---------	d-----w	c:\documents and settings\Compaq_Owner\Application Data\Yahoo!2008-10-28 07:06	1,960	---ha-w	c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat2008-10-22 09:23	---------	d-----w	c:\program files\VstPlugins2008-10-22 07:18	---------	d--h--w	c:\documents and settings\Compaq_Owner\Application Data\Azureus2008-10-19 21:29	---------	d-----w	c:\program files\CamStudio2008-10-15 18:54	---------	d-----w	c:\program files\Curse2008-10-11 14:25	---------	d--h--w	c:\program files\InstallShield Installation Information2008-10-11 14:24	---------	d--h--w	c:\documents and settings\Compaq_Owner\Application Data\InstallShield2008-10-11 01:55	---------	d-----w	c:\program files\Azureus2008-10-01 17:06	---------	d-----w	c:\program files\Ares2008-09-13 09:26	---------	d-----w	c:\program files\Yahoo!2008-09-13 08:49	---------	d-----w	c:\program files\CCleaner2008-09-13 08:31	---------	d-----w	c:\program files\Advanced Spyware Remover2008-09-12 04:07	---------	d-----w	c:\program files\HP2008-09-12 04:05	---------	d-----w	c:\documents and settings\Compaq_Owner\Application Data\WinBatch2008-09-08 22:18	---------	d-----w	c:\documents and settings\Compaq_Owner\Application Data\Roxio2008-09-08 10:41	333,824	----a-w	c:\windows\system32\drivers\srv.sys2005-09-30 18:34	14,208,000	-c--a-w	c:\program files\Graffiti4 AE.aex2001-11-30 16:09	49,152	-c--a-r	c:\program files\Common Files\HDvAvi.dll.<pre class='_prettyXprint _lang-auto _linenums:0'><pre>
-c--a-w		   291,928 2007-01-07 06:14:24  c:\documents and settings\Compaq_Owner\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
-c--a-w		   291,928 2007-01-07 07:14:24  c:\documents and settings\Compaq_Owner\My Documents\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre></pre>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]"Aim6"="" [N/A][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-06 180269]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-04-16 985440]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"RTHDCPL"="RTHDCPL.EXE" [2006-03-07 c:\windows\RTHDCPL.EXE]"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]"PCDrProfiler"="" [N/A]c:\documents and settings\Default User\Start Menu\Programs\Startup\Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-05-06 27136]c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-05-06 36903][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.DVSD"= pdvcodec.dll"midi5"= mapledxp.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]--a------ 2007-06-11 06:36 1074736 c:\program files\PC Tools AntiVirus\PCTAV.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]c:\program files\WhenUSearch\Search.exe [N/A][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]c:\program files\WhenUSearch\whse.exe [N/A][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="c:\\Program Files\\AIM6\\aim6.exe"="c:\\Program Files\\Ares\\Ares.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="c:\\Program Files\\Azureus\\Azureus.exe"="c:\\Program Files\\Curse\\CurseClient.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3724:TCP"= 3724:TCP:Blizzard Downloader"6112:TCP"= 6112:TCP:Blizzard DownloaderR1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.SYS [2004-04-05 24720]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]R3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [ ]S2 MKEMUSB;Panasonic Digital Palmcorder;c:\windows\system32\Drivers\Mkemusb.sys [2001-08-08 14308]S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;c:\windows\system32\Drivers\Mkeusbi.sys [2002-09-02 16640]S3 DCamUSBMke2;Panasonic USB Video Camera;c:\windows\system32\Drivers\Mkeusbi2.sys [2002-11-06 15872]S3 geebers12;geebers12;c:\documents and settings\Compaq_Owner\Desktop\buffy\nvid888.sys [ ]S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys [ ]S3 L6PODLV;PODxt Live Service;c:\windows\system32\Drivers\L6PODLV.sys [2006-09-29 472832]S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-07-19 513152]S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [ ].Contents of the 'Scheduled Tasks' folder2008-11-05 c:\windows\Tasks\At1.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At10.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At11.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At12.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At13.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At14.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At15.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At16.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At17.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At18.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-04 c:\windows\Tasks\At19.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At2.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At20.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At21.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At22.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At23.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At24.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At3.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At4.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At5.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At6.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At7.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At73.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At74.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At75.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At76.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At77.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At78.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At79.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At8.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At80.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At81.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At82.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At83.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At84.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At85.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At86.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At87.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At88.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At89.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At9.job- c:\windows\system32\GwmBI40I.exe [2008-11-02 19:54]2008-11-05 c:\windows\Tasks\At90.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At91.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At92.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At93.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At94.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At95.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-11-05 c:\windows\Tasks\At96.job- c:\windows\system32\44T38JJe.exe [2008-11-05 16:15]2008-05-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job- c:\program files\Microsoft IntelliType Pro\itype.exe [2007-08-31 14:13].- - - - ORPHANS REMOVED - - - -URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file).------- Supplementary Scan -------.FireFox -: Profile - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\hssubsyn.default\FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officialFF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dllFF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dllFF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dllFF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-11-05 17:37:44Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\system32\nvsvc32.exec:\program files\PC Tools AntiVirus\PCTAVSvc.exec:\program files\Microsoft IntelliType Pro\dpupdchk.exec:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe.**************************************************************************.Completion time: 2008-11-05 17:47:41 - machine was rebootedComboFix-quarantined-files.txt  2008-11-05 22:47:38Pre-Run: 54,243,033,088 bytes freePost-Run: 54,611,554,304 bytes free324	--- E O F ---	2008-10-25 07:01:10

However, After the reboot that STUPID 44T38JJe.exe STILL SHOWS.
After another scan, Theres still trojans showing up.
I don't know the exact origins of these files or trojans considering this is a shared computer.
I do know that no one has used it, other than I, in the past 3-4 days because of these issues.
The only thing I have been doing is looking up solutions to this.
Is it replicating itself? Or allowing these ads/trojans to keep reinstalling itself onto my computer?
I don't know what to do anymore. I'm lost. Hopefully, this post will aid me in some way.
Or just give me ways to prevent this from ever happening again.

BC AdBot (Login to Remove)

 


#2 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:09:52 AM

Posted 05 November 2008 - 08:47 PM

Hello bleed4yourart.

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I infected? What do I do? forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff/TMacK
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users