Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijacking - Hijack This attached


  • This topic is locked This topic is locked
4 replies to this topic

#1 jqjjq

jqjjq

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 02 May 2009 - 02:11 AM

Hi guys,
Having trouble with my google searches constantly being hijacked. I use Mozilla Firefox.
Gets redirected to random shopping or gaming places. Examples include:

clickcheck.ru
blinkx.com
google.com/undefined
abcjump.com

I am at my witts' end - having already tried Adaware, Spybot, MalWareBytes etc!
Any help is appreciated!

Simon

--------------------------------------------------------------

DDS 1:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Simon at 9:53:39.59 on 02/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.246.31 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Simon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.warwick.ac.uk/insite
uInternet Connection Wizard,ShellNext = hxxp://www.pcservicecall.co.uk/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\r1089qeb.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

S2 gupdate1c9b697345552f6;Google Update Service (gupdate1c9b697345552f6);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104]
S3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [2008-9-24 457856]

=============== Created Last 30 ================

2009-05-02 08:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-02 08:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 08:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-02 07:27 <DIR> --d----- c:\program files\TVCatchup Desktop Player
2009-05-01 17:39 60 a------- c:\windows\system32\SYSDRV.DAT
2009-05-01 17:21 0 a------- C:\SMINST
2009-05-01 12:25 248 a---h--- C:\aaw7boot.cmd
2009-05-01 11:22 <DIR> --d----- c:\program files\Lavasoft
2009-05-01 10:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-01 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-01 10:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-01 10:04 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-01 10:04 <DIR> --d----- c:\docume~1\simon\applic~1\SUPERAntiSpyware.com
2009-05-01 09:06 161,792 a------- c:\windows\SWREG.exe
2009-05-01 09:06 98,816 a------- c:\windows\sed.exe
2009-05-01 06:30 <DIR> --d----- c:\docume~1\simon\applic~1\Malwarebytes
2009-05-01 06:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-30 21:25 29,696 a------- C:\iwtqujsd.exe
2009-04-30 21:23 2 a------- C:\15546431
2009-04-29 12:36 <DIR> --d----- c:\docume~1\simon\applic~1\TVCatchup.F47A58FCBDA0B1DF5636B554101AB5C0E8252CDC.1

==================== Find3M ====================

2009-05-01 13:03 642 ac------ c:\docume~1\simon\applic~1\wklnhst.dat
2009-04-30 21:23 51,712 a--sh--- c:\windows\system32\savohofu.exe
2009-03-28 11:16 286,720 a------- c:\windows\iun506.exe
2009-02-28 19:30 39,516 ac--h--- c:\windows\system32\mlfcache.dat
2009-02-06 11:49 2,062,976 a------- c:\windows\system32\ntkrnlpa.exe
2003-08-28 00:19 36,963 a----r-- c:\program files\common files\SM1updtr.dll
2008-12-27 11:50 61 ---sh--- c:\windows\cnerolf.dat

============= FINISH: 9:54:29.46 ===============

----------------------------------------------------------------------------------

DDS2:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 26/03/1999 17:50:12
System Uptime: 05/02/2009 09:25:15 (2064 hours ago)

Motherboard: DIXONSXP | | DIXONSXP
Processor: Intel® Celeron® M CPU 420 @ 1.60GHz | U2E1 | 1600/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 33 GiB total, 8.379 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSLIMTYPE_DVDRW_SSW-8015S________________HV03____\5&282918DF&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: Slimtype DVDRW SSW-8015S
PNP Device ID: IDE\CDROMSLIMTYPE_DVDRW_SSW-8015S________________HV03____\5&282918DF&0&0.0.0
Service: cdrom

==== System Restore Points ===================

RP289: 01/02/2009 15:00:13 - System Checkpoint
RP290: 03/02/2009 13:00:00 - System Checkpoint
RP291: 06/02/2009 20:09:02 - System Checkpoint
RP292: 07/02/2009 20:47:09 - System Checkpoint
RP293: 09/02/2009 14:19:41 - System Checkpoint
RP294: 10/02/2009 19:06:27 - System Checkpoint
RP295: 11/02/2009 19:27:02 - System Checkpoint
RP296: 12/02/2009 01:20:34 - Software Distribution Service 3.0
RP297: 14/02/2009 14:42:00 - System Checkpoint
RP298: 16/02/2009 19:24:43 - System Checkpoint
RP299: 17/02/2009 20:27:35 - System Checkpoint
RP300: 18/02/2009 20:31:37 - System Checkpoint
RP301: 19/02/2009 20:47:36 - System Checkpoint
RP302: 21/02/2009 13:43:25 - System Checkpoint
RP303: 22/02/2009 14:00:42 - System Checkpoint
RP304: 23/02/2009 20:19:31 - System Checkpoint
RP305: 24/02/2009 19:18:18 - Software Distribution Service 3.0
RP306: 25/02/2009 20:47:13 - System Checkpoint
RP307: 26/02/2009 00:12:27 - Software Distribution Service 3.0
RP308: 27/02/2009 00:19:42 - Software Distribution Service 3.0
RP309: 28/02/2009 18:35:47 - System Checkpoint
RP310: 01/03/2009 08:10:45 - Installed ISO Recorder
RP311: 02/03/2009 12:23:25 - System Checkpoint
RP312: 04/03/2009 16:33:57 - System Checkpoint
RP313: 06/03/2009 01:08:24 - System Checkpoint
RP314: 07/03/2009 11:52:48 - System Checkpoint
RP315: 08/03/2009 12:21:50 - System Checkpoint
RP316: 09/03/2009 13:15:10 - System Checkpoint
RP317: 10/03/2009 13:34:54 - System Checkpoint
RP318: 11/03/2009 19:40:24 - System Checkpoint
RP319: 11/03/2009 22:32:23 - Software Distribution Service 3.0
RP320: 13/03/2009 13:23:59 - System Checkpoint
RP321: 14/03/2009 15:44:05 - System Checkpoint
RP322: 15/03/2009 17:43:34 - System Checkpoint
RP323: 17/03/2009 10:49:37 - System Checkpoint
RP324: 18/03/2009 11:47:12 - System Checkpoint
RP325: 20/03/2009 13:57:48 - System Checkpoint
RP326: 21/03/2009 14:38:59 - System Checkpoint
RP327: 22/03/2009 15:10:51 - System Checkpoint
RP328: 23/03/2009 15:36:16 - System Checkpoint
RP329: 24/03/2009 16:48:10 - System Checkpoint
RP330: 25/03/2009 17:04:32 - System Checkpoint
RP331: 26/03/2009 17:06:25 - System Checkpoint
RP332: 28/03/2009 16:48:52 - System Checkpoint
RP333: 30/03/2009 17:25:37 - System Checkpoint
RP334: 01/04/2009 10:19:16 - System Checkpoint
RP335: 05/04/2009 19:15:24 - System Checkpoint
RP336: 07/04/2009 20:03:36 - System Checkpoint
RP337: 08/04/2009 20:04:34 - System Checkpoint
RP338: 09/04/2009 21:57:04 - System Checkpoint
RP339: 11/04/2009 11:53:16 - System Checkpoint
RP340: 12/04/2009 12:32:29 - System Checkpoint
RP341: 13/04/2009 15:27:11 - System Checkpoint
RP342: 14/04/2009 16:07:07 - System Checkpoint
RP343: 15/04/2009 16:38:20 - System Checkpoint
RP344: 15/04/2009 22:37:53 - Software Distribution Service 3.0
RP345: 17/04/2009 10:46:00 - System Checkpoint
RP346: 18/04/2009 18:53:59 - System Checkpoint
RP347: 20/04/2009 10:29:21 - System Checkpoint
RP348: 21/04/2009 15:44:39 - System Checkpoint
RP349: 22/04/2009 16:00:45 - System Checkpoint
RP350: 23/04/2009 20:41:25 - System Checkpoint
RP351: 24/04/2009 21:18:44 - System Checkpoint
RP352: 25/04/2009 22:16:05 - System Checkpoint
RP353: 27/04/2009 11:03:23 - System Checkpoint
RP354: 28/04/2009 11:51:36 - System Checkpoint
RP355: 29/04/2009 13:08:25 - System Checkpoint
RP356: 30/04/2009 08:18:23 - Software Distribution Service 3.0
RP357: 01/05/2009 09:31:12 - Restore Operation
RP358: 01/05/2009 09:36:45 - Restore Operation
RP359: 01/05/2009 09:51:50 - Restore Operation
RP360: 01/05/2009 10:04:17 - Installed SUPERAntiSpyware Free Edition
RP361: 01/05/2009 10:43:30 - Removed SUPERAntiSpyware Free Edition
RP362: 01/05/2009 12:42:36 - Installed Windows Media Player 11
RP363: 01/05/2009 12:47:04 - Installed Windows XP MSCompPackV1.
RP364: 01/05/2009 12:48:18 - Installed Windows XP KB926239.
RP365: 01/05/2009 16:29:27 - Removed TVCatchup Desktop Player
RP366: 02/05/2009 07:27:09 - Removed TVCatchup Desktop Player

==== Installed Programs ======================

4oD
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Brescia Montichiari 2002
BVE 4
Critical Update for Windows Media Player 11 (KB959772)
Cuneo Levaldigi 2005
DivX
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DutchFlight Simulation Eindhoven New Terminal
EBCI2004 - Freeware Version
EditVoicepack
Flight Tracking System
Genova Sestri V.2
Google Earth
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB926239)
IFSD Irish Scenery
Intel® Graphics Media Accelerator Driver
iPod for Windows 2005-06-26
ISO Recorder
iTunes
Java™ 6 Update 3
LA ROCHELLE 2007 1.0
LAGO Bologna Scenery 2.00
Lexmark 640 Series
LimeWire 4.18.3
Lirp2005 ver. 2.00
Malwarebytes' Anti-Malware
Messenger Plus! Live
MGsim - RYANAIR 976
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
OCA Client history tool install
Power2Go 4.0
PowerDVD
PS Panels 737NG Version 1.1
QuickTime
Ralink Wireless LAN Card
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Remove UK2000 Bournemouth files
Remove UK2000 Gatwick FREE files
Roxio Burn Engine
Ryanair Bargains! 1.0
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB951376-v2)
Skype™ 3.8
SquawkBox
Torino Caselle
TVCatchup Desktop Player
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB951072-v2)
VGA USB Camera
VideoCAM Look
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
vroute.info
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP SP2 LIP update
WinRAR archiver
Zattoo 3.3.1 Beta

==== Event Viewer Messages From Past Week ========

02/05/2009 09:28:34, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
02/05/2009 09:25:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt Cdr4_xp CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp Imapi ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
02/05/2009 09:25:48, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
01/05/2009 15:07:10, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
01/05/2009 15:07:10, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
01/05/2009 15:07:05, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp Imapi
01/05/2009 15:07:05, error: Service Control Manager [7023] - The KService service terminated with the following error: Unspecified error
01/05/2009 15:07:05, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
01/05/2009 15:06:49, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0019DB045D3C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
01/05/2009 15:04:53, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
01/05/2009 12:27:57, error: PlugPlayManager [11] - The device Root\legacy_saskutil\0000 disappeared from the system without first being prepared for removal.
01/05/2009 12:27:57, error: PlugPlayManager [11] - The device Root\legacy_sasenum\0000 disappeared from the system without first being prepared for removal.
01/05/2009 10:43:55, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
01/05/2009 10:43:36, error: Service Control Manager [7000] - The sasdifsv service failed to start due to the following error: Cannot create a file when that file already exists.
01/05/2009 10:41:10, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019DB045D3C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
01/05/2009 09:49:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
01/05/2009 09:48:50, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
01/05/2009 09:48:50, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2009 09:48:50, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2009 09:48:50, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2009 09:48:50, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2009 09:48:50, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2009 09:48:50, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
01/05/2009 09:48:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
01/05/2009 08:49:08, error: System Error [1003] - Error code 100000d1, parameter1 e17d2000, parameter2 00000002, parameter3 00000000, parameter4 aa942cf1.

==== End Of File ===========================

-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:08:43, on 02/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Simon\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warwick.ac.uk/insite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcservicecall.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b697345552f6) (gupdate1c9b697345552f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 4638 bytes

Edited by jqjjq, 02 May 2009 - 03:56 AM.


BC AdBot (Login to Remove)

 


#2 jqjjq

jqjjq
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 02 May 2009 - 03:22 AM

RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Simon at 2009-05-02 08:14:55
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 9 GB (25%) free of 34 GB
Total RAM: 246 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15:00, on 02/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Simon\Desktop\RSIT.exe
C:\Documents and Settings\Simon\Desktop\Simon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warwick.ac.uk/insite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcservicecall.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b697345552f6) (gupdate1c9b697345552f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 4683 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-09 Wadsyaname.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2008-08-12 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL_Demo]
C:\Applications\Tool\AOL Demo\DSGDemo.exe [2005-12-01 177178]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-12-08 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\mirc\mirc.exe"="C:\mirc\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Zattoo\zattood.exe"="C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood"
"C:\Program Files\Zattoo\Zattoo2.exe"="C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled: "
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\SquawkBox\squawkbox_fs.exe"="C:\Program Files\SquawkBox\squawkbox_fs.exe:*:Enabled:squawkbox_fs.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
""="c:\iwtqujsd.exe:*:Enabled:KL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98ffa5c5-a34a-11dd-b699-0019db045d3c}]
shell\AutoRun\command - E:\
shell\open\command - rundll32.exe .\\pkrfnet.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2044a21-6549-11da-a5a1-806d6172696f}]
shell\AutoRun\command - E:\Launch.exe


======List of files/folders created in the last 1 months======

2009-05-02 08:14:55 ----D---- C:\rsit
2009-05-02 07:27:40 ----D---- C:\Program Files\TVCatchup Desktop Player
2009-05-01 12:47:04 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-05-01 12:25:29 ----AH---- C:\aaw7boot.cmd
2009-05-01 11:22:31 ----D---- C:\Program Files\Lavasoft
2009-05-01 11:22:31 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-01 10:52:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-01 10:52:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-01 10:04:47 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-01 10:04:27 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-01 10:04:27 ----D---- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com
2009-05-01 09:28:06 ----SHD---- C:\RECYCLER
2009-05-01 09:27:37 ----D---- C:\WINDOWS\temp
2009-05-01 09:27:34 ----A---- C:\ComboFix.txt
2009-05-01 09:06:06 ----A---- C:\WINDOWS\zip.exe
2009-05-01 09:06:06 ----A---- C:\WINDOWS\vFind.exe
2009-05-01 09:06:06 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-01 09:06:06 ----A---- C:\WINDOWS\SWSC.exe
2009-05-01 09:06:06 ----A---- C:\WINDOWS\SWREG.exe
2009-05-01 09:06:06 ----A---- C:\WINDOWS\sed.exe
2009-05-01 09:06:06 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-01 09:06:06 ----A---- C:\WINDOWS\grep.exe
2009-05-01 09:05:55 ----D---- C:\WINDOWS\ERDNT
2009-05-01 09:05:46 ----D---- C:\Qoobox
2009-05-01 06:30:57 ----D---- C:\Documents and Settings\Simon\Application Data\Malwarebytes
2009-05-01 06:30:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-30 22:50:18 ----D---- C:\Program Files\Windows Live Safety Center
2009-04-30 21:27:34 ----D---- C:\WINDOWS\system32\796525
2009-04-30 21:25:20 ----A---- C:\okex.exe
2009-04-30 21:25:17 ----A---- C:\iwtqujsd.exe
2009-04-30 21:23:23 ----A---- C:\celkadaa.exe
2009-04-30 21:23:21 ----A---- C:\cqcsss.exe
2009-04-30 21:15:41 ----D---- C:\Documents and Settings\Simon\Application Data\pidle
2009-04-29 12:36:54 ----D---- C:\Documents and Settings\Simon\Application Data\TVCatchup.F47A58FCBDA0B1DF5636B554101AB5C0E8252CDC.1
2009-04-29 12:33:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-04-26 18:05:22 ----D---- C:\Documents and Settings\Simon\Application Data\dvdcss
2009-04-15 22:42:52 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 22:42:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 22:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 22:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 22:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 22:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-15 22:38:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-06 11:10:27 ----D---- C:\Documents and Settings\Simon\Application Data\Google
2009-04-06 11:07:09 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-06 11:07:02 ----D---- C:\Program Files\Google

======List of files/folders modified in the last 1 months======

2009-05-02 08:15:00 ----D---- C:\WINDOWS\Prefetch
2009-05-02 07:52:47 ----D---- C:\Program Files\Mozilla Firefox
2009-05-02 07:27:54 ----SHD---- C:\WINDOWS\Installer
2009-05-02 07:27:40 ----RD---- C:\Program Files
2009-05-02 07:22:26 ----SD---- C:\WINDOWS\Tasks
2009-05-01 21:18:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-01 17:38:55 ----D---- C:\WINDOWS\OPTIONS
2009-05-01 17:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2009-05-01 17:36:13 ----D---- C:\Program Files\Outlook Express
2009-05-01 17:36:12 ----D---- C:\Program Files\Oca History Tool
2009-05-01 17:36:02 ----D---- C:\Program Files\Microsoft Works
2009-05-01 17:35:45 ----D---- C:\Program Files\Internet Explorer
2009-05-01 17:35:31 ----D---- C:\Program Files\Common Files\System
2009-05-01 17:35:26 ----D---- C:\ES
2009-05-01 17:33:49 ----D---- C:\WINDOWS\msagent
2009-05-01 17:32:54 ----RSD---- C:\WINDOWS\assembly
2009-05-01 17:32:52 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-01 17:32:52 ----D---- C:\WINDOWS\SMINST
2009-05-01 17:32:52 ----D---- C:\WINDOWS\Registration
2009-05-01 17:32:26 ----D---- C:\WINDOWS\Debug
2009-05-01 17:32:09 ----HDC---- C:\WINDOWS\$NtUninstallLIPSP2QFE$
2009-05-01 17:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-05-01 17:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB925486$
2009-05-01 17:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB925454$
2009-05-01 17:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-05-01 17:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-05-01 17:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-05-01 17:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2009-05-01 17:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-05-01 17:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$
2009-05-01 17:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-05-01 17:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2009-05-01 17:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-05-01 17:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2009-05-01 17:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-05-01 17:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2009-05-01 17:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2009-05-01 17:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-05-01 17:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-05-01 17:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-05-01 17:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-05-01 17:32:00 ----HDC---- C:\WINDOWS\$NtUninstallKB920214$
2009-05-01 17:32:00 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-05-01 17:32:00 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2009-05-01 17:32:00 ----HDC---- C:\WINDOWS\$NtUninstallKB918899$
2009-05-01 17:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-05-01 17:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-05-01 17:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2009-05-01 17:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2009-05-01 17:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2009-05-01 17:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB917159$
2009-05-01 17:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-05-01 17:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB916281$
2009-05-01 17:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB914906$
2009-05-01 17:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-05-01 17:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-05-01 17:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-05-01 17:31:52 ----HDC---- C:\WINDOWS\$NtUninstallKB913446$
2009-05-01 17:31:52 ----HDC---- C:\WINDOWS\$NtUninstallKB912945$
2009-05-01 17:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-05-01 17:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB912812$
2009-05-01 17:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-05-01 17:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB911567$
2009-05-01 17:31:46 ----HDC---- C:\WINDOWS\$NtUninstallKB911565$
2009-05-01 17:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-05-01 17:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-05-01 17:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-05-01 17:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB910728$
2009-05-01 17:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-05-01 17:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-05-01 17:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-05-01 17:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB905915$
2009-05-01 17:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-05-01 17:31:33 ----D---- C:\WINDOWS\system32\oobe
2009-05-01 17:31:20 ----D---- C:\WINDOWS\system32\RTCOM
2009-05-01 17:31:19 ----D---- C:\WINDOWS\system32\MsDtc
2009-05-01 17:30:59 ----RSD---- C:\WINDOWS\Fonts
2009-05-01 17:30:59 ----D---- C:\WINDOWS\Help
2009-05-01 15:07:07 ----D---- C:\WINDOWS
2009-05-01 15:06:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-01 15:06:26 ----D---- C:\WINDOWS\AppPatch
2009-05-01 12:48:57 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-01 12:48:26 ----HD---- C:\WINDOWS\inf
2009-05-01 12:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-05-01 12:47:10 ----A---- C:\WINDOWS\imsins.BAK
2009-05-01 12:47:04 ----D---- C:\WINDOWS\system32
2009-05-01 12:46:14 ----D---- C:\Program Files\Windows Media Player
2009-05-01 12:46:09 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-05-01 12:44:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-01 12:44:26 ----D---- C:\WINDOWS\system32\drivers
2009-05-01 12:44:12 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-05-01 12:27:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-01 11:22:17 ----D---- C:\WINDOWS\WinSxS
2009-05-01 10:43:43 ----D---- C:\Program Files\Common Files
2009-05-01 09:47:31 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-05-01 09:28:45 ----D---- C:\WINDOWS\system32\Restore
2009-05-01 09:21:28 ----A---- C:\WINDOWS\system.ini
2009-05-01 09:18:34 ----D---- C:\WINDOWS\system32\config
2009-05-01 08:53:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-01 08:48:06 ----D---- C:\WINDOWS\Minidump
2009-04-30 21:23:07 ----ASH---- C:\WINDOWS\system32\savohofu.exe
2009-04-30 00:36:19 ----D---- C:\Documents and Settings\Simon\Application Data\Skype
2009-04-30 00:08:39 ----D---- C:\Documents and Settings\Simon\Application Data\skypePM
2009-04-29 12:33:29 ----D---- C:\Documents and Settings\Simon\Application Data\Adobe
2009-04-21 15:25:00 ----SD---- C:\Documents and Settings\Simon\Application Data\Microsoft
2009-04-18 08:52:04 ----D---- C:\mirc
2009-04-16 17:17:56 ----A---- C:\WINDOWS\LEXSTAT.INI
2009-04-13 13:15:48 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-19 20747]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-12-08 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-08 4225920]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-03-08 255232]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-08 81408]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-12-08 862340]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-04-03 43392]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-04-03 24576]
S2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys []
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-02-03 41504]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 snpstd2;VideoCAM Look; C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 334080]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
S2 gupdate1c9b697345552f6;Google Update Service (gupdate1c9b697345552f6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-06 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-06 183280]
S2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

#3 jqjjq

jqjjq
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 02 May 2009 - 03:32 AM

Malwarebytes log:

Malwarebytes' Anti-Malware 1.36
Database version: 2067
Windows 5.1.2600 Service Pack 2

02/05/2009 09:23:42
mbam-log-2009-05-02 (09-23-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 248117
Time elapsed: 59 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Simon\Application Data\pidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\796525 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\celkadaa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP356\A0136704.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP356\A0136706.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP356\A0136707.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP356\A0136723.exe (Backdoor.Tinxy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP356\A0136726.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP356\A0136727.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP360\A0137873.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3645F337-2EB4-4D2C-81FB-5451D08365B1}\RP360\A0137874.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dalihopu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\DL32.exe.vir (Backdoor.Tinxy) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthctelmeaaymhmtoqbirjmndttdaqcewvr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthqrscjvvblxbbfnrpvhiesqioixkpyppg.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\prnet.tmp.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vogekomu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthxmljoliqlqmykiewxducfaqovxalupmt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\okex.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\cqcsss.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:48 AM

Posted 16 May 2009 - 05:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:48 AM

Posted 20 May 2009 - 02:59 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users