Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

First Hijackthis run


  • Please log in to reply
31 replies to this topic

#1 SDIT

SDIT

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 24 March 2009 - 11:51 PM

Hi guys,

I have finally decided to give Hijackthis a try... I am hoping you guys can help. Besides the report, I also wanted to know if anybody knows how to properly uninstall the SBC Self Support Tool (not listed in the add remove list) and a Sony Memory Stick/Floppy adaptor software (it wont uninstall!!).

Ok, so here's the report and thank you in advance!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:15 PM, on 3/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Updater.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MemStick-FD1\MSstat.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\mauricio\LOCALS~1\Temp\xhpjs0g.exe
O4 - HKCU\..\Run: [v3iw4v4t51azi7n66mk0lcei45iar5029seed2294owft] C:\DOCUME~1\mauricio\LOCALS~1\Temp\sez8n0jnlq.exe
O4 - HKCU\..\Run: [c3pg7beh66mez636j340qb7tc] C:\DOCUME~1\mauricio\LOCALS~1\Temp\sk7z67.exe
O4 - HKCU\..\Run: [vffpkt06gvo7h5uavrimjaabz2qzoidmk00] C:\DOCUME~1\mauricio\LOCALS~1\Temp\phzeqbcsxf59.exe
O4 - HKCU\..\Run: [gx6pic9atcpeduofrfe4hxhu0atg0g8lr2lbfkr5muvdx52] C:\DOCUME~1\mauricio\LOCALS~1\Temp\szn4wky.exe
O4 - HKCU\..\Run: [nqdk405o5] C:\DOCUME~1\mauricio\LOCALS~1\Temp\ebqhohyp1btb.exe
O4 - HKCU\..\Run: [flj2m43vfprgmaymu156gyjsvz6tgoaowwl7csuw] C:\DOCUME~1\mauricio\LOCALS~1\Temp\mm3dd8ea.exe
O4 - HKCU\..\Run: [qb4b4u9mixqsjdoblp22aeplsqtzk7r0xue6080dg2ee0ycd] C:\DOCUME~1\mauricio\LOCALS~1\Temp\x4n8ys0a5e.exe
O4 - HKCU\..\Run: [tn83ii1bsdv57dgltxqveaiky] C:\DOCUME~1\mauricio\LOCALS~1\Temp\ft22g8r6x.exe
O4 - HKCU\..\Run: [j1nds1mk35fmr4n0iwhm2hu83ym7fga8uf4nqex] C:\DOCUME~1\mauricio\LOCALS~1\Temp\r7cu3m.exe
O4 - HKCU\..\Run: [vcx5b67mwmvp6ep7x9u09tmqtsx9rv984o850zt8up92w550x] C:\DOCUME~1\mauricio\LOCALS~1\Temp\lhjl4ro8ui9jv.exe
O4 - HKCU\..\Run: [dnnbyj0pjw5mafei8i6szlwipuzuhx] C:\DOCUME~1\mauricio\LOCALS~1\Temp\dzql3zcsofws.exe
O4 - HKCU\..\Run: [csmjukdben8rrlsd4fxrdxihf] C:\DOCUME~1\mauricio\LOCALS~1\Temp\bkbc03c7yjao.exe
O4 - HKCU\..\Run: [g2bmaeov2yf3y2u1qj] C:\DOCUME~1\mauricio\LOCALS~1\Temp\q2or5kq.exe
O4 - HKCU\..\Run: [z7bqocp1b3hqviyk] C:\DOCUME~1\mauricio\LOCALS~1\Temp\u87cbyw8w22.exe
O4 - HKCU\..\Run: [fi98xt8b1od7mpha73nzef3qrbow51ayxzo5cogj7susl29] C:\DOCUME~1\mauricio\LOCALS~1\Temp\vn8rw9.exe
O4 - HKCU\..\Run: [eyxbyyqej0ccf4jbchuk1zv9rhp] C:\DOCUME~1\mauricio\LOCALS~1\Temp\di6uax5xr.exe
O4 - HKCU\..\Run: [usigwqul2ll3uinri9b3b6i8twyq5n9eb1f81qn2zdau] C:\DOCUME~1\mauricio\LOCALS~1\Temp\w5ithjgzba.exe
O4 - HKCU\..\Run: [miox00l79] C:\DOCUME~1\mauricio\LOCALS~1\Temp\jn9vf24w1tf4v.exe
O4 - HKCU\..\Run: [lrg1fchwk7piu2ru2pqephxxaeotemqy] C:\DOCUME~1\mauricio\LOCALS~1\Temp\ha8yja.exe
O4 - HKCU\..\Run: [eomh35f28vu859f32dzvstkc8gcejjwy1eqc] C:\DOCUME~1\mauricio\LOCALS~1\Temp\o9yj2mxb7sl1.exe
O4 - HKCU\..\Run: [ow4ycj4tad0hmahiznl3] C:\DOCUME~1\mauricio\LOCALS~1\Temp\y6coqd3q9gs.exe
O4 - HKCU\..\Run: [wehqkujehi7k5eb6xazpl91swi3e5] C:\DOCUME~1\mauricio\LOCALS~1\Temp\a260d8y23s3.exe
O4 - HKCU\..\Run: [axtfkmhnfhoimo4skdv38d2ic9x19vmsgmv6gv9hocr] C:\DOCUME~1\mauricio\LOCALS~1\Temp\i6zge37bkyr.exe
O4 - HKCU\..\Run: [st7gskehxfnayezpjx2] C:\DOCUME~1\mauricio\LOCALS~1\Temp\hfuinmn0j4.exe
O4 - HKUS\S-1-5-19\..\Run: [marokayobo] Rundll32.exe "C:\WINDOWS\system32\miratuni.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [marokayobo] Rundll32.exe "C:\WINDOWS\system32\miratuni.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MemStick-FD1\MSstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://game3.pogo.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downlo..._2/axofupld.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://pogoclub.oberon-media.com/online2/p...mjolauncher.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2534ab2e-585e-4f89-9747-d1a332237050} - (no file)
O20 - AppInit_DLLs: NVDESK32.DLL C:\WINDOWS\system32\jayuweli.dll C:\WINDOWS\system32\sabekava.dll eifghl.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17183 bytes


Best,
SDIT. :thumbup2:

BC AdBot (Login to Remove)

 


#2 SDIT

SDIT
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 25 March 2009 - 11:47 AM

Any ideas anyone?

#3 SDIT

SDIT
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 26 March 2009 - 01:03 AM

while we are at it... I was wondering if somebody can explain how to properly update Java... I have several versions of the runtime environment and several updates of Java 6... How do I properly take care of this?

Thanks.

#4 SDIT

SDIT
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 26 March 2009 - 10:45 PM

So... anybody?

#5 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:41 AM

Posted 03 April 2009 - 02:05 PM

Hello SDIT,

Welcome to Bleeping Computer.

My name is Tokek and I will be helping you with your Malware problem.

I apologize for the delay in replying to your post, the forum have been extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Please give me some time to look over your log, I will post the reply as soon as they are approved.


Since the HJT log is a few days old, can you post a new HJT log please.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#6 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:41 AM

Posted 04 April 2009 - 04:56 AM

Hello SDIT,

1.

Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


2.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Please post the MBAM log and DDS log.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#7 SDIT

SDIT
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 04 April 2009 - 03:53 PM

Hello Totek:

I will run the programs you require and I will post the information as soon as possible.
Thank you for the help.

#8 SDIT

SDIT
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 07 April 2009 - 09:53 PM

Hello!

Before I specify what I have done, please note the first link you posted for DDS is not working :) (DDS.com) At least my browser said "page not found" The second did (DDS.src). I should also point out I ran Kaspersky 2009 once before you posted on the thread and eliminated some things. unfortunately I do not have a record of what exactly it found. Sorry!

I have attached the DDS reports, the Malaware Bytes report and a new hijackthis report. I will wait for your instructions.
Thank you in advance!!!

SDIT :thumbup2:

Attached Files



#9 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:41 AM

Posted 09 April 2009 - 03:07 AM

Hi SDIT,

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new DDS log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#10 SDIT

SDIT
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 16 April 2009 - 11:42 PM

Hi Tokek:

I have tried to run Combofix several times but it opens and only a cursos blinking shows.... then nothing happens.
I had no windows open and no antivirus/malaware detection software running.

Any ideas?
SDIT.

Edited by SDIT, 16 April 2009 - 11:42 PM.


#11 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:41 AM

Posted 17 April 2009 - 01:46 AM

Hi SDIT,

Please try to run ComboFix in Safe Mode.

This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

If that doesn't work, please rename ComboFix.exe to FixMe.exe and try that way.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#12 SDIT

SDIT
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 18 April 2009 - 02:52 AM

Hi Tokek:

I ran ComboFix on Safe Mode, after it rebooted it crashed. I have attached a screen capture of it.
I cannot even shut it down.

What now?
SDIT.

Attached Files



#13 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:41 AM

Posted 20 April 2009 - 04:22 AM

Hi SDIT,

We're going to try to remove the bad files manually for now.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Reboot into safe mode

Use Windows Explorer to find and delete these files:
c:\windows\system32\jayuweli.dll
c:\windows\system32\sabekava.dll
c:\windows\system32\drivers\a01c42fc.sys
c:\windows\system32\dllcache\userinit.exe
c:\windows\system32\uniq.tll
c:\windows\system32\sikometo.dll
c:\windows\system32\dukotova.exe
c:\windows\system32\jehizemu.exe
c:\windows\system32\redegani.exe
c:\windows\system32\zijabidu.exe
c:\windows\system32\zohijiho.exe

And these folders:
C:\1888905527

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Reboot into normal mode

Please post a new DDS log (copy and paste them into the reply, not attach as files) and description of any remaining problems.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#14 SDIT

SDIT
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 21 April 2009 - 12:13 AM

We have a problem.... The ComboFix crashed and now my computer is not working. I turn it on and it will log me on and then automatically log me off.... Why is this happening? I cannot even log on in Safe Mode.

Why is this happening? And how do I fix it?

#15 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:12:41 AM

Posted 21 April 2009 - 02:08 PM

Hi SDIT,

We will use the Recovery Console to bring your PC back to its pre-ComboFix state.

Please read this page for tutorial in installing and starting the Recovery Console. It should already be installed as part of the steps in ComboFix.

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\subs

6. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:

exit

Windows will now begin loading.


Please let me know if you are successful or if you encounter any problems.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users