Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware guard infection


  • Please log in to reply
5 replies to this topic

#1 Jan Lim

Jan Lim

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 22 December 2008 - 10:09 AM

Hello. I was redirected from http://www.bleepingcomputer.com/forums/t/188186/hi-hijackthis-and-other-anti-mal-cant-install/.

I was told I had a lanmanserver/lanmanworkstation infection. I am unable to access help sites such as this one on the infected computer, and it does not let me run HijackThis. My windows firewall is on. I tried running RSIT without the firewall, but it still didn't download Hijackthis. I turned it back on now.

In advanced, thank you for all your help!!!

RSIT log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jan Lim at 2008-12-22 08:55:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (21%) free of 76 GB
Total RAM: 958 MB (47% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\agktjvgp.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D8560D00-EBDA-4B54-8259-33CCCEEC5713}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d433ef6-de0c-4ff8-aacf-fd3d55c77bd5}]
C:\WINDOWS\system32\xxyawtTn.dll [2008-12-18 290304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}]
C:\WINDOWS\system32\jkkIBUoP.dll [2008-12-18 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83b32321-67e2-439c-84f6-a2b43c7907cd}]
C:\WINDOWS\system32\vowobe.dll [2008-12-21 135680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-13 16871936]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"nwiz"=nwiz.exe /install []
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-09 86016]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-13 185896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe [2008-12-21 1007616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"gadcom"=C:\Documents and Settings\Jan Lim\Application Data\gadcom\gadcom.exe [2008-12-18 56832]
"SpeedRunner"=C:\Documents and Settings\Jan Lim\Application Data\SpeedRunner\SpeedRunner.exe [2008-12-20 218112]
"SfKg6wIP"=C:\Documents and Settings\Jan Lim\Application Data\Microsoft\Windows\jcglmbm.exe [2008-12-20 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-08-18 1271032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="vowobe.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
C:\WINDOWS\system32\crypts.dll [2008-12-18 33280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkIBUoP]
C:\WINDOWS\system32\jkkIBUoP.dll [2008-12-18 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
ieModule - {6412F7FA-1BB4-49CD-A319-3FF3737F6DBE} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll [2008-12-20 2688512]
InternetConnection - {7389E0EF-0930-427E-A95B-B4D52C136C59} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\akmjnfacpo.dll [2008-12-20 768000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\jkkIBUoP.dll [2008-12-18 37376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\xxyawtTn

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Jan Lim\Local Settings\Temp\init.exe"="C:\Documents and Settings\Jan Lim\Local Settings\Temp\init.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-22 08:51:02 ----D---- C:\rsit
2008-12-21 19:12:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-21 19:12:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-21 19:09:32 ----SH---- C:\WINDOWS\system32\amnnjily.ini
2008-12-21 19:09:27 ----A---- C:\WINDOWS\system32\ylijnnma.dll
2008-12-21 19:09:25 ----A---- C:\WINDOWS\system32\vowobe.dll
2008-12-21 19:09:24 ----A---- C:\WINDOWS\system32\fnmvixfg.dll
2008-12-21 07:57:45 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 16:50:08 ----A---- C:\WINDOWS\system32\atmtd.dll._
2008-12-20 16:50:08 ----A---- C:\WINDOWS\system32\atmtd.dll
2008-12-20 16:49:59 ----SHD---- C:\WINDOWS\SmFu
2008-12-20 16:49:59 ----D---- C:\Program Files\Network Monitor
2008-12-20 16:49:59 ----A---- C:\WINDOWS\uninstall_nmon.vbs
2008-12-20 16:49:54 ----D---- C:\Program Files\InetGet2
2008-12-20 16:44:53 ----D---- C:\Documents and Settings\Jan Lim\Application Data\SpeedRunner
2008-12-20 16:38:07 ----SH---- C:\WINDOWS\system32\jmqavjyf.ini
2008-12-20 16:38:05 ----A---- C:\WINDOWS\system32\fyjvaqmj.dll
2008-12-20 16:35:37 ----A---- C:\WINDOWS\system32\winscenter.exe
2008-12-20 16:35:33 ----A---- C:\WINDOWS\vmreg.dll
2008-12-20 16:35:33 ----A---- C:\WINDOWS\sysexplorer.exe
2008-12-20 16:35:33 ----A---- C:\WINDOWS\syscert.exe
2008-12-20 16:35:33 ----A---- C:\WINDOWS\sys.com
2008-12-20 16:35:33 ----A---- C:\WINDOWS\spoolsystem.exe
2008-12-20 16:35:33 ----A---- C:\WINDOWS\reged.exe
2008-12-20 16:35:32 ----D---- C:\Program Files\Spyware Guard 2008
2008-12-20 16:35:20 ----A---- C:\Documents and Settings\All Users\Application Data\svhost.exe
2008-12-20 16:34:50 ----D---- C:\Program Files\Webtools
2008-12-20 16:32:06 ----A---- C:\WINDOWS\system32\xghhhr.dll
2008-12-20 16:32:05 ----A---- C:\WINDOWS\system32\chlnhjcy.dll
2008-12-20 16:30:08 ----D---- C:\Program Files\Mjcore
2008-12-18 17:57:28 ----A---- C:\WINDOWS\system32\nujwah.dll
2008-12-18 17:57:27 ----A---- C:\WINDOWS\system32\ehoprgdd.dll
2008-12-18 17:57:05 ----SH---- C:\WINDOWS\system32\tufxrmyx.ini
2008-12-18 17:56:32 ----A---- C:\WINDOWS\system32\e727a079-.txt
2008-12-18 17:55:52 ----ASH---- C:\WINDOWS\system32\nTtwayxx.ini2
2008-12-18 17:55:52 ----ASH---- C:\WINDOWS\system32\nTtwayxx.ini
2008-12-18 17:55:49 ----A---- C:\WINDOWS\system32\xxyawtTn.dll
2008-12-18 17:51:10 ----D---- C:\Documents and Settings\Jan Lim\Application Data\gadcom
2008-12-18 17:50:58 ----A---- C:\xohlv.exe
2008-12-18 17:50:55 ----A---- C:\uuyrv.exe
2008-12-18 17:50:50 ----N---- C:\smswdm.exe
2008-12-18 17:50:48 ----A---- C:\WINDOWS\system32\crypts.dll
2008-12-18 17:50:47 ----A---- C:\hdcv.exe
2008-12-18 17:50:46 ----A---- C:\WINDOWS\system32\ddcBUolj.dll
2008-12-18 17:50:44 ----A---- C:\WINDOWS\system32\jkkIBUoP.dll
2008-12-15 15:25:22 ----D---- C:\Program Files\Sun
2008-12-15 15:25:10 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-15 15:25:10 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-15 15:25:10 ----A---- C:\WINDOWS\system32\java.exe
2008-12-12 08:54:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 08:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 08:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 08:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-30 11:32:37 ----D---- C:\Program Files\Music Rescue
2008-11-30 11:30:03 ----RSD---- C:\WINDOWS\assembly
2008-11-30 11:29:10 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-30 11:26:21 ----D---- C:\Program Files\iPod
2008-11-30 11:26:16 ----D---- C:\Program Files\iTunes
2008-11-30 11:26:16 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 11:25:32 ----D---- C:\Program Files\Bonjour
2008-11-30 11:24:38 ----D---- C:\Program Files\QuickTime
2008-11-30 11:23:41 ----D---- C:\Program Files\Apple Software Update

======List of files/folders modified in the last 1 months======

2008-12-22 08:48:47 ----D---- C:\Program Files\Mozilla Firefox
2008-12-22 08:44:23 ----D---- C:\WINDOWS\Prefetch
2008-12-22 08:44:20 ----D---- C:\WINDOWS\Temp
2008-12-22 08:44:17 ----D---- C:\WINDOWS
2008-12-21 22:41:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 19:12:47 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 19:12:40 ----RD---- C:\Program Files
2008-12-21 19:09:37 ----D---- C:\WINDOWS\system32
2008-12-20 16:35:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 19:51:20 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-18 19:11:05 ----D---- C:\Documents and Settings\Jan Lim\Application Data\uTorrent
2008-12-18 18:28:47 ----SD---- C:\Documents and Settings\Jan Lim\Application Data\Microsoft
2008-12-18 17:51:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 17:50:47 ----SD---- C:\WINDOWS\Tasks
2008-12-18 16:03:06 ----A---- C:\WINDOWS\lexstat.ini
2008-12-18 15:01:25 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 14:59:03 ----D---- C:\Documents and Settings\Jan Lim\Application Data\Audacity
2008-12-18 13:19:06 ----HD---- C:\WINDOWS\inf
2008-12-18 13:18:53 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 20:36:40 ----D---- C:\Program Files\Lexmark X1100 Series
2008-12-15 15:46:20 ----SHD---- C:\WINDOWS\Installer
2008-12-15 15:25:10 ----D---- C:\Program Files\Java
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 08:55:02 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 08:54:49 ----A---- C:\WINDOWS\win.ini
2008-12-12 08:54:02 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-30 11:32:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-30 11:30:06 ----D---- C:\WINDOWS\WinSxS
2008-11-30 11:27:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-30 11:26:19 ----D---- C:\Program Files\Common Files\Apple
2008-11-28 13:10:20 ----D---- C:\WINDOWS\Help
2008-11-27 15:23:37 ----D---- C:\WINDOWS\OvtCam

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSX_DP;HSX_DP; C:\WINDOWS\System32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\System32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-13 4754944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 ovt519;PS2 EyeToy SLEH-00030 Webcam; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-05-06 163072]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsx;winachsx; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 axot6urn;axot6urn; C:\WINDOWS\system32\drivers\axot6urn.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PD0620VID;Creative WebCam Instant; C:\WINDOWS\system32\DRIVERS\P0620Vid.sys [2004-07-28 91577]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchinjdrv;mchinjdrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdservice;Command Service; C:\WINDOWS\SmFu\command.exe [2005-08-02 293888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-10-26 1524512]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 network monitor;Network Monitor; C:\Program Files\Network Monitor\netmon.exe [2006-01-04 94208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:27 AM

Posted 30 December 2008 - 01:01 PM

hi Jan Lim,

Your log is several days old. If you still need help, simply reply to the post. Use the computer in question as little as possible and when not in use I would remove it from the router and/or turn off the modem so there is no connectivity (network) to the computer. If you cant get to certain web sites, will it be possible for you to transfer files via usb flash drive?

How Can I Reduce My Risk to Malware?


#3 Jan Lim

Jan Lim
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 31 December 2008 - 06:29 PM

Thanks for the reply,

Yes, I can use a usb drive to transfer files.

Thank you in advanced for any help you can give me.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:27 AM

Posted 31 December 2008 - 10:13 PM

hi Jan Lim

ok if you have internet connectivity on the machine you can download directly to it. we will be getting Combofix. There is a guide you can read through before using it. download it and follow the prompts, dont forget to disable any AV, anti-spyware and firewall before running combofix.
post the combofix log in your reply please.

the guide to read:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

How Can I Reduce My Risk to Malware?


#5 Jan Lim

Jan Lim
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 03 January 2009 - 12:47 AM

My computer is not letting me create the Windows Recovery Console. When I drag the Microsoft file onto Combofix nothing happens. I tried renaming renaming the Combofix.exe :thumbsup:

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:27 AM

Posted 03 January 2009 - 02:12 PM

hi,

ok go ahead and run it without installing the ms recovery console. or try this first:

farther along during the combofix prompts you will be asked if you want combofix to download and install the recovery console for you. you can chose to do so, requires a internet connection of course. if you look farther down in the guide you will see this explained.

guide:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users