Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus: google results redirecting plus pop-ups


  • This topic is locked This topic is locked
4 replies to this topic

#1 Ted4418

Ted4418

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 08 December 2008 - 11:25 PM

I've been having google search results getting redirected to random other "search results websites" for a couple days. I am now starting to get Internet Explorer pop-ups (I use Firefox).

Also, and this is unrelated to this current virus, I have had another virus on my computer for over a year now. This other virus won't let me use Windows Media Player, AIM, or the Task Manager (it says it's been disabled by my Administrator). I think this virus originated with a "fake alert ID" virus I had before, and the fake alerts stopped popping up when I tried to fix it, but it still disables those functions. So maybe I can get rid of that virus too.

Here is the RSIT/Hijack this log. (Yes, the hard drive is sickeningly full of crap) I was wondering if there are known virus names on there that anyone can spot that I can remove. Thanks.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Ted Powell at 2008-12-08 21:16:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (5%) free of 95 GB
Total RAM: 894 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:50 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\DOCUME~1\TEDPOW~1\LOCALS~1\Temp\snapsnet.tmp
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\prunnet.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\VGVkIFBvd2VsbA\command.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\TEDPOW~1\LOCALS~1\Temp\snapsnet.tmp
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ted Powell\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Ted Powell.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {487B862A-958E-4739-B844-EB00DC55C885} -
C:\WINDOWS\system32\opnomlKA.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} -
C:\WINDOWS\VirtualDNS.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless
Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program
Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search
Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [Kjafuv] rundll32.exe "C:\WINDOWS\Lsubilo.dll",e
O4 - HKLM\..\Run: [Aramubonerav] rundll32.exe "C:\WINDOWS\odahakuc.dll",e
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [fc5cbaf2] rundll32.exe "C:\WINDOWS\system32\mxofimqp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
--force_start_minimized
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: efcBqOGv - C:\WINDOWS\SYSTEM32\efcBqOGv.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program
Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINDOWS\VGVkIFBvd2VsbA\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company,
L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network
Monitor\netmon.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program
Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7054 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\praeghoo.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{487B862A-958E-4739-B844-EB00DC55C885}]
C:\WINDOWS\system32\opnomlKA.dll [2008-12-08 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10
509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}]
CVirtualDNSObj Object - C:\WINDOWS\VirtualDNS.dll [2006-07-18 111616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-02-18
2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program
Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-23 737776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04
455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2005-04-11 339968]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless
Assistant.exe [2005-04-01 794624]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[2005-02-16 49152]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-09-18
29696]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[2006-09-29 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2007-10-07 185632]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2007-12-06
1069920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008-06-10 144784]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"Kjafuv"=C:\WINDOWS\Lsubilo.dll [2008-12-01 40448]
"Aramubonerav"=C:\WINDOWS\odahakuc.dll [2008-12-01 139264]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2008-12-08 94272]
"fc5cbaf2"=C:\WINDOWS\system32\mxofimqp.dll [2008-12-08 72704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007-09-07 68856]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe [2007-09-03 43008]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2008-12-08 94272]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\efcBqOGv]
C:\WINDOWS\system32\efcBqOGv.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObject
DelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExec
uteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\efcBqOGv.dll
[2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\opnomlKA

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\fi
rewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2r
es.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program
Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program
Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common
Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program
Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla
Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\BZinstall14L\bzone.exe"="C:\Program Files\BZinstall14L\bzone.exe:*:Enabled:bzone"
"C:\games\Battlezone II\bzone.exe"="C:\games\Battlezone
II\bzone.exe:*:Enabled:bzone"
"C:\Documents and Settings\Ted Powell\Local
Settings\Temp\~os8.tmp\ossproxy.exe"="C:\Documents and Settings\Ted Powell\Local
Settings\Temp\~os8.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Ruckus Player\Ruckus.exe"="C:\Program Files\Ruckus
Player\Ruckus.exe:*:Enabled:Ruckus - Download.com"
"C:\cygwin\usr\X11R6\bin\XWin.exe"="C:\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:X
Win"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program
Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program
Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Ted Powell\Application Data\Macromedia\Flash
Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and
Settings\Ted Powell\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for
Adobe Flash Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\fi
rewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2r
es.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoint
s2\Z]
shell\AutoRun\command - Z:\setup.exe
shell\dinstall\command - Z:\Setup\directx7\dxsetup.exe


======List of files/folders created in the last 1 months======

2008-12-08 21:16:48 ----D---- C:\rsit
2008-12-08 20:58:35 ----D---- C:\WINDOWS\LastGood
2008-12-08 20:53:51 ----A---- C:\WINDOWS\system32\mlJAqOFu.dll
2008-12-08 20:51:37 ----SH---- C:\WINDOWS\system32\pqmifoxm.ini
2008-12-08 20:51:37 ----A---- C:\WINDOWS\system32\vjbkau.dll
2008-12-08 20:51:37 ----A---- C:\WINDOWS\system32\cxiriwre.dll
2008-12-08 20:51:34 ----A---- C:\WINDOWS\system32\mxofimqp.dll
2008-12-08 20:51:05 ----A---- C:\WINDOWS\system32\f77f7e8c-.txt
2008-12-08 20:50:21 ----ASH---- C:\WINDOWS\system32\AKlmonpo.ini2
2008-12-08 20:50:21 ----ASH---- C:\WINDOWS\system32\AKlmonpo.ini
2008-12-08 20:50:18 ----A---- C:\WINDOWS\system32\opnomlKA.dll
2008-12-08 20:45:45 ----A---- C:\WINDOWS\system32\atmtd.dll._
2008-12-08 20:45:45 ----A---- C:\WINDOWS\system32\atmtd.dll
2008-12-08 20:45:29 ----SHD---- C:\WINDOWS\VGVkIFBvd2VsbA
2008-12-08 20:45:29 ----D---- C:\Program Files\Network Monitor
2008-12-08 20:45:29 ----A---- C:\WINDOWS\uninstall_nmon.vbs
2008-12-08 20:45:14 ----A---- C:\WINDOWS\system32\awtsTNfE.dll
2008-12-08 20:45:11 ----D---- C:\WINDOWS\system32\ki3
2008-12-08 20:45:11 ----D---- C:\WINDOWS\system32\in
2008-12-08 20:45:11 ----D---- C:\WINDOWS\system32\C
2008-12-08 20:45:04 ----D---- C:\Temp
2008-12-08 20:44:57 ----A---- C:\WINDOWS\system32\efcBqOGv.dll
2008-12-08 20:44:47 ----A---- C:\WINDOWS\system32\prunnet.exe
2008-12-01 20:39:45 ----A---- C:\WINDOWS\odahakuc.dll
2008-12-01 20:27:20 ----A---- C:\WINDOWS\Lsubilo.dll
2008-12-01 20:27:14 ----A---- C:\WINDOWS\system32\~.exe
2008-11-12 03:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-08 21:01:03 ----D---- C:\WINDOWS\Temp
2008-12-08 20:59:40 ----HD---- C:\WINDOWS\inf
2008-12-08 20:59:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-08 20:59:28 ----D---- C:\WINDOWS\system32
2008-12-08 20:59:22 ----D---- C:\WINDOWS
2008-12-08 20:58:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-08 20:45:29 ----RD---- C:\Program Files
2008-12-08 20:45:20 ----SD---- C:\WINDOWS\Tasks
2008-12-08 20:05:45 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 05:53:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-07 20:38:35 ----D---- C:\WINDOWS\Prefetch
2008-12-05 17:07:12 ----SHD---- C:\WINDOWS\Installer
2008-12-02 16:17:49 ----D---- C:\Program Files\Winamp
2008-11-28 11:39:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 08:49:05 ----D---- C:\Documents and Settings\Ted Powell\Application
Data\Move Networks
2008-11-23 23:59:59 ----D---- C:\WINDOWS\Help
2008-11-12 03:04:28 ----HD---- C:\Config.Msi
2008-11-12 03:03:56 ----D---- C:\WINDOWS\system32\drivers
2008-11-12 03:03:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:03:15 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 03:01:26 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,
4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11
39424]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;
C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys
[2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-11
1035264]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver;
C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys
[2004-12-23 1337850]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys
[2005-02-18 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18
349696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;
C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;
C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15
200192]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13
61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;
C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys
[2005-02-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;
C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13
59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;
C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S1 termddd;termddd; C:\WINDOWS\System32\drivers\termddd.sys [2008-12-08 86272]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys
[2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04
12160]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);
C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys [2003-03-10 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;
C:\WINDOWS\system32\DRIVERS\qcusbser.sys [2003-03-10 59632]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver;
C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);
C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
[2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 usbccgp;Microsoft USB Generic Parent Driver;
C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys
[2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;
C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc23E.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,
3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05
116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe
[2005-04-11 360448]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe
[2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe [2004-12-23 254007]
R2 cmdService;Command Service; C:\WINDOWS\VGVkIFBvd2VsbA\command.exe [2005-08-02
293888]
R2 Network Monitor;Network Monitor; C:\Program Files\Network Monitor\netmon.exe
[2006-01-04 94208]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program
Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program
Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;
C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\shared\hpqwmi.exe [2005-03-04
98304]
S3 aspnet_state;ASP.NET State Service;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24
33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe [2007-09-09 138680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft
Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program
Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe
[2008-09-08 536872]
S4 Remote Procedure Call (RPC) (RpcSs) ;Remote Procedure Call (RPC) (RpcSs) ;
C:\Program Files\TinyProxy\TinyProxy.exe []

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 09 December 2008 - 04:31 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Ted4418

Ted4418
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 09 December 2008 - 07:45 PM

It froze up when I tried to boot it in safe mode using F8. When I try it from the start menu it doesn't work either:

"Windows cannot find 'C:\WINDOWS\system32\bootsafe.exe' "

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 10 December 2008 - 10:15 AM

Download SafeBootKeyRepair.exe by sUBs and save to your desktop.
  • Double-click on it and follow the instructions.
  • When finished, see if you can access safe mode.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:25 PM

Posted 27 December 2008 - 11:52 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users