Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The log from ComboFix


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mlegnar

Mlegnar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 28 December 2008 - 02:31 AM

Hey guys. Thanks so much for that tutorial on how to get rid of the malware. Sorry I didnt contact you before i downloaded combofix and the system recover thing. But I was wondering if you could look this over? My email address is removed
Thank you so much

Mlegnar




ComboFix 08-12-26.03 - Matthew 2008-12-28 1:03:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.466 [GMT -6:00]
Running from: c:\documents and settings\Matthew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matthew\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Matthew\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Matthew\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Matthew\Application Data\gadcom
c:\documents and settings\Matthew\Application Data\GetModule
c:\documents and settings\Matthew\Application Data\GetModule\dicik.gz
c:\documents and settings\Matthew\Application Data\GetModule\kwdik.gz
c:\documents and settings\Matthew\Application Data\GetModule\ofadik.gz
c:\documents and settings\Matthew\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\GetModule
c:\program files\GetModule\GetModule32.exe
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\INSTALL.LOG
c:\windows\system32\~.exe
c:\windows\system32\cycuchfn.ini
c:\windows\system32\GMmllUvw.ini
c:\windows\system32\GMmllUvw.ini2
c:\windows\system32\nfhcucyc.dll
c:\windows\system32\vtUlIccc.dll
c:\windows\system32\wpv241229907513.cpx
c:\windows\system32\wvUllmMG.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.

2008-12-27 22:44 . 2008-12-27 22:44 5,943 --a------ c:\windows\system32\gdykmrhr.dll
2008-12-27 22:33 . 2008-12-27 22:33 45,056 --a------ c:\windows\system32\geBrrsPH.dll
2008-12-26 23:18 . 2008-12-26 23:18 <DIR> d-------- c:\program files\TeamViewer
2008-12-25 17:42 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2008-12-25 17:41 . 2008-12-25 17:42 <DIR> d-------- c:\program files\Common Files\Logishrd
2008-12-25 16:02 . 2005-03-09 20:50 46,592 --a------ c:\windows\system32\libusb0.dll
2008-12-25 16:02 . 2005-03-09 20:50 33,792 --a------ c:\windows\system32\drivers\libusb0.sys
2008-12-25 12:08 . 2008-12-25 12:08 <DIR> d-------- c:\documents and settings\Matthew\Application Data\Logitech
2008-12-25 12:05 . 2008-12-25 12:05 <DIR> d-------- c:\program files\Common Files\LogiShared
2008-12-25 12:05 . 2008-12-25 12:05 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-25 12:03 . 2008-12-25 12:03 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-25 12:03 . 2008-12-25 12:03 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-25 12:02 . 2007-06-22 12:34 1,419,232 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-12-25 12:02 . 2008-05-02 02:39 170,512 --a------ c:\windows\system32\kemutb.dll
2008-12-25 12:02 . 2008-05-02 02:39 145,936 --a------ c:\windows\system32\KemUtil.dll
2008-12-25 12:02 . 2008-05-02 02:40 117,264 --a------ c:\windows\system32\KemWnd.dll
2008-12-25 12:02 . 2008-05-02 02:40 84,496 --a------ c:\windows\system32\KemXML.dll
2008-12-25 12:02 . 2007-04-11 15:33 79,376 --a------ c:\windows\system32\drivers\LMouKE.Sys
2008-12-25 12:02 . 2008-02-29 03:12 76,304 --a------ c:\windows\KHALMNPR.Exe
2008-12-25 12:02 . 2007-04-11 15:32 63,248 --a------ c:\windows\system32\drivers\L8042mou.Sys
2008-12-25 12:02 . 2008-02-29 03:13 36,880 --a------ c:\windows\system32\drivers\LMouFilt.Sys
2008-12-25 12:02 . 2008-02-29 03:13 35,344 --a------ c:\windows\system32\drivers\LHidFilt.Sys
2008-12-25 12:01 . 2008-12-25 12:01 <DIR> d-------- c:\documents and settings\Matthew\Application Data\InstallShield
2008-12-25 12:01 . 2008-12-25 12:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-12-25 12:01 . 2008-12-25 12:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-12-21 21:34 . 2008-07-30 11:05 144,912 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-12-21 21:34 . 2008-07-30 11:05 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys
2008-12-21 21:34 . 2008-07-30 11:05 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2008-12-21 21:33 . 2008-12-21 21:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2008-12-21 21:32 . 2008-12-21 21:32 <DIR> d-------- c:\program files\Trend Micro™ Internet Security
2008-12-14 15:22 . 2008-12-14 15:22 <DIR> d-------- c:\documents and settings\Matthew\Application Data\DAEMON Tools Pro
2008-12-14 15:22 . 2008-12-14 15:22 <DIR> d-------- c:\documents and settings\Matthew\Application Data\DAEMON Tools
2008-12-14 15:20 . 2008-12-14 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-14 15:00 . 2008-12-14 16:40 <DIR> d-------- c:\documents and settings\Matthew\Application Data\DAEMON Tools Lite
2008-12-14 15:00 . 2008-12-14 15:00 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-13 22:50 . 2008-12-13 22:50 <DIR> d-------- c:\program files\QuickTime
2008-12-13 22:50 . 2008-12-04 20:21 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2008-12-13 22:50 . 2008-12-04 20:21 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-12-13 09:46 . 2008-12-17 05:44 5,128,344 --a------ C:\video.pass
2008-12-11 14:37 . 2008-12-11 14:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-10 22:45 . 2008-12-10 22:45 <DIR> d-------- c:\program files\Mass Downloader
2008-12-10 22:45 . 2008-12-10 22:45 <DIR> d-------- c:\documents and settings\Matthew\Application Data\MetaProducts
2008-12-10 21:46 . 2008-12-10 21:57 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-10 21:46 . 2008-12-10 21:57 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-10 16:12 . 2008-12-17 09:35 <DIR> d-------- C:\movie
2008-12-10 15:28 . 2008-12-16 22:37 67 --a------ c:\windows\#1 DVD Ripper.INI
2008-12-07 21:49 . 2008-12-07 21:49 <DIR> d-------- c:\program files\Dyyno
2008-12-07 21:49 . 2008-12-07 21:49 <DIR> d-------- c:\documents and settings\Matthew\Application Data\dyyno-vlc
2008-12-04 00:07 . 2008-12-04 00:07 268 --ah----- C:\sqmdata12.sqm
2008-12-04 00:07 . 2008-12-04 00:07 244 --ah----- C:\sqmnoopt12.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 07:19 --------- d-----w c:\documents and settings\Matthew\Application Data\Xfire
2008-12-28 04:24 --------- d-----w c:\documents and settings\Matthew\Application Data\LimeWire
2008-12-28 02:29 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-27 05:18 --------- d-----w c:\documents and settings\Matthew\Application Data\TeamViewer
2008-12-25 23:42 --------- d-----w c:\program files\Common Files\Logitech
2008-12-25 23:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 18:20 --------- d-----w c:\program files\Logitech
2008-12-22 03:34 --------- d-----w c:\program files\Trend Micro
2008-12-15 21:44 --------- d-----w c:\documents and settings\Matthew\Application Data\dvdcss
2008-12-11 03:55 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-09 22:27 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-13 04:58 --------- d-----w c:\program files\MSXML 4.0
2008-11-12 20:15 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-07 19:38 --------- d-----w c:\program files\Java
2008-10-31 17:36 22,328 ----a-w c:\documents and settings\Matthew\Application Data\PnkBstrK.sys
2006-02-23 20:52 280,576 ----a-w c:\windows\inf\TEW-421PC\MRV8335XP.sys
2006-02-23 20:52 280,576 ----a-w c:\windows\inf\TEW-421PC\MRV8335.sys
2006-02-23 20:52 212,992 ----a-w c:\windows\inf\TEW-421PC\CopyWHQLDriver.exe
2008-09-05 20:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090520080906\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-05-27 4269296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools Lite"="z:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"WireLessKeyboard"="c:\program files\Multimedia Keyboard & Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-06 8425472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-06 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-07 136600]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-30 970808]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-22 1126400]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2007-03-06 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-07-30 497008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-25 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-25 805392]
Wireless Configuration Utility HW.51.lnk - c:\windows\Installer\{29F15D3F-5B37-44DB-BB89-390B3AD1404E}\NewShortcut1.exe [2007-03-09 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.5\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.6\\cnc3game.dat"=
"c:\\games\\meteor2\\meteor2.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"z:\\Call of Duty 4\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"z:\\Program Files\\ModernRcon\\PBUCON\\pbucon.exe"=
"z:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1716:UDP"= 1716:UDP:americas army
"20045:TCP"= 20045:TCP:americas army 2
"1717:UDP"= 1717:UDP:Americas army

R2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys [2008-12-21 49680]
R2 TmPfw;Trend Micro Personal Firewall;"c:\program files\Trend Micro\Internet Security\TmPfw.exe" [2008-12-21 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-07-30 36368]
R2 TmProxy;Trend Micro Proxy Service;"c:\program files\Trend Micro\Internet Security\TmProxy.exe" [2008-12-21 677128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2008-07-30 334352]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 FXDRV;FXDRV;\??\c:\program files\SuperUtility\Fxdrv.sys [2007-03-06 13440]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-12-25 33792]
.
Contents of the 'Scheduled Tasks' folder

2008-12-28 c:\windows\Tasks\bcjjigih.job
- c:\windows\system32\rundll32.exe [2008-04-13 18:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{483CCDCD-9106-4582-A00B-8C9E321EBFDE} - c:\windows\system32\wvUllmMG.dll
HKCU-Run-GetModule32 - c:\program files\GetModule\GetModule32.exe
HKLM-Run-Lwinst Run Profiler - .\Lwtest.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ea.com/official/lordoftherings/rotwk/us/home.jsp
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: + &Mass Downloader: download this file - c:\program files\Mass Downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\Mass Downloader\Add_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {E266AE50-3747-44CD-AE73-3B70790F9191} = 192.168.0.1,205.171.3.65
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\qfd8v2pb.default\
FF - plugin: c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\qfd8v2pb.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 01:18:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Multimedia Keyboard & Mouse Driver\PS2USBKbdDrv.exe
c:\program files\Multimedia Keyboard & Mouse Driver\MouseDrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2008-12-28 1:22:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-28 07:21:57

Pre-Run: 9,881,288,704 bytes free
Post-Run: 21,870,931,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

287 --- E O F --- 2008-12-19 04:49:15




So far so good. No windows have popped up with spam once again thanks

Edited by Orange Blossom, 28 December 2008 - 02:35 AM.
Removed e-mail address to protect from spam-bots. ~ OB


BC AdBot (Login to Remove)

 


#2 Mlegnar

Mlegnar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 06 January 2009 - 12:55 PM

Actually, this didn't work. About 1 week later the virus came back. Now a pop up comes every time I change web pages. PLEASE HELP! its getting really annoying! However, it is blocked by Trend Micro Antivirus but I still have to close a window every time my web page changes.

Thanks,
Mlegnar

Edited by Mlegnar, 06 January 2009 - 12:57 PM.


#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:15 AM

Posted 09 January 2009 - 07:21 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:15 AM

Posted 19 January 2009 - 03:04 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users