Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trogan Vundo, Can't Remove, Please Help.


  • This topic is locked This topic is locked
11 replies to this topic

#1 domduv87

domduv87

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 16 June 2007 - 03:21 PM

Well, it does the typical, makes Norton keep saying i have two files which can't be Deleted, Quar, or Repaired.

The files names are

system32/opnkjif.dll
and
system32/gebyv.dll

It makes my PC run slow, makes iTunes and programs stop working after about 30 minutes. I have read threads about booting in safe mode and running the removal tool which brings me to my next problem. I get to pressing F8 and the menu but when i click boot in safe mode, i get get a bunch of numbers and codes, and it doesn't move anywhere from there.

Please help me remove this, thankyou.

I also ran Process Explorer and found both have 1 handle, which can be killed but then both are embedded in explorer.exe and winlogon and if i kill those processes, its just a system shutdown really.

I really need my PC working fine again, hope you can help me out.

Thanks

Edited by domduv87, 16 June 2007 - 03:22 PM.


BC AdBot (Login to Remove)

 


#2 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 17 June 2007 - 07:09 AM

Hey domduv87

Hijackthis Log

Please download HijackThis.exe (by Merijn). Save the file to your desktop. This is a very important step! This ensures Hijackthis stores backups should anything go wrong.

Double-click HijackThis.exe. Select Do a system scan and save a logfile.

Allow Hijackthis to scan your computer. When notepad opens up with your logfile, copy the contents back into your thread.

ComboFix

Please download ComboFix.exe (by sUBs)

Double click ComboFix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note : Do not mouseclick ComboFix's window whilst it's running! That may cause it to stall.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#3 domduv87

domduv87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 17 June 2007 - 04:35 PM

HiJackThis

--

Logfile of HijackThis v1.99.1
Scan saved at 22:23:20, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS\system32\ipv6monl.dll (file missing)
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - C:\PROGRA~1\orange4\orange4.dll
O2 - BHO: (no name) - {56A56219-EEEE-4CCD-843C-4AA379751FB9} - C:\WINDOWS\system32\gebyv.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aueompmb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A6017E9-C1B2-478B-83AD-F9DC4B418ED4} - C:\WINDOWS\system32\akcphamr.dll (file missing)
O2 - BHO: (no name) - {900C4E60-A7A8-A62F-D10E-F9ADA9E4259C} - C:\WINDOWS\system32\idebmfmo.dll (file missing)
O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - C:\WINDOWS\system32\opnkjif.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - C:\PROGRA~1\orange4\orange4.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nojehsjs.exe] C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [j3271130] rundll32 C:\WINDOWS\system32\j3271130.dll sook
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\wofxsbvd.dll",realset
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Imngx] "C:\Documents and Settings\Admin\My Documents\??sembly\??ool32.exe"
O4 - HKCU\..\Run: [Awhr] "C:\WINDOWS\system32\YMANTE~1\netdde.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE4\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebyv - C:\WINDOWS\system32\gebyv.dll
O20 - Winlogon Notify: opnkjif - C:\WINDOWS\SYSTEM32\opnkjif.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

#4 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 17 June 2007 - 05:23 PM

How about the combofix log I asked for?
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#5 domduv87

domduv87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 17 June 2007 - 05:50 PM

ComboFix

--

ComboFix 07-06-13.7 - C:\Documents and Settings\Admin\Desktop\ComboFix.exe
"Admin" - 2007-06-17 22:40:00 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Admin\APPLIC~1.\fnts~1
C:\DOCUME~1\Admin\Desktop\internet.lnk
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


2007-06-17 22:26 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 22:04 124,436 --------- C:\WINDOWS\system32\wofxsbvd.dll
2007-06-17 22:00 880,028 --ahs---- C:\WINDOWS\system32\vybeg.ini2
2007-06-14 23:37 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-14 23:37 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-14 23:37 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-14 23:37 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-14 23:37 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-14 23:36 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-06-14 23:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\PC Tools
2007-06-14 23:35 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-14 23:35 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-14 11:31 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-06-13 21:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-07 16:28 <DIR> d-------- C:\Program Files\Total Video Converter
2007-06-05 00:33 1,101,076 --ahs---- C:\WINDOWS\system32\hfvbscgg.ini2
2007-06-03 20:36 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\DivX
2007-06-02 09:14 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\AdwareAlert
2007-06-01 22:12 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Google
2007-06-01 22:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-01 01:53 880,247 --ahs---- C:\WINDOWS\system32\vybeg.bak2
2007-06-01 00:45 <DIR> d-------- C:\Program Files\Google
2007-06-01 00:45 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-31 22:08 892,180 --ahs---- C:\WINDOWS\system32\vybeg.bak1
2007-05-31 22:08 263,220 --a------ C:\WINDOWS\system32\gebyv.dll
2007-05-31 21:58 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\nojehsjs.exe
2007-05-31 21:58 29,206 --a------ C:\WINDOWS\system32\opnkjif.dll
2007-05-31 21:56 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2007-05-31 21:24 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-05-31 21:24 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll
2007-05-31 21:24 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll
2007-05-31 21:24 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll
2007-05-31 21:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-05-31 21:24 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-05-31 21:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-05-31 21:24 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll
2007-05-31 21:24 <DIR> d-------- C:\Program Files\Ahead
2007-05-30 23:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-05-30 23:19 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-30 22:36 167 --a------ C:\WINDOWS\system32\1723.bat
2007-05-30 22:35 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2007-05-30 22:35 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-05-30 22:35 108,344 --a------ C:\WINDOWS\system32\app.exe
2007-05-29 20:45 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-05-28 00:03 <DIR> d-------- C:\Program Files\BitLord
2007-05-27 22:14 684 --a------ C:\WINDOWS\mozver.dat
2007-05-27 22:14 <DIR> d-------- C:\Program Files\DivX
2007-05-26 15:41 <DIR> d-------- C:\Program Files\iTunes
2007-05-26 15:40 <DIR> d-------- C:\Program Files\QuickTime
2007-05-26 15:39 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-26 15:07 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\TransRender
2007-05-26 15:07 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Temporary
2007-05-26 15:07 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Samsung
2007-05-26 15:07 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\ConvertTemp
2007-05-26 15:06 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-26 15:06 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-05-26 15:05 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-05-26 15:05 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-05-26 15:05 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-05-26 15:05 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-05-26 15:05 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-05-26 15:05 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-05-26 15:05 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-05-26 15:05 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-05-26 15:04 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-05-26 15:04 <DIR> d-------- C:\Program Files\Samsung
2007-05-26 14:44 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2007-05-26 14:44 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-05-26 14:44 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-05-26 14:44 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-05-26 14:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Syntrillium
2007-05-26 14:43 <DIR> d-------- C:\Program Files\coolpro2
2007-05-24 22:40 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-24 15:10 <DIR> d-------- C:\DOCUME~1\Admin\Incomplete
2007-05-24 15:07 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\LimeWire
2007-05-24 15:04 <DIR> d-------- C:\Program Files\LimeWire
2007-05-24 10:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-05-24 10:33 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
2007-05-24 10:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-24 10:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-24 10:31 <DIR> d-------- C:\Program Files\iPod
2007-05-24 10:01 <DIR> d-------- C:\Program Files\Soulseek
2007-05-24 09:57 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Help
2007-05-24 09:54 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-24 09:54 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-24 09:54 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-24 09:54 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-24 09:54 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-24 09:54 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-24 09:54 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-05-24 09:54 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-24 09:54 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-24 09:54 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-24 09:53 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-24 09:53 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-24 09:52 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-24 09:52 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-24 09:52 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-24 09:51 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-24 09:51 <DIR> d-------- C:\Program Files\Realtek Sound Manager


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4E7BD74F-2B8D-469E-A6FB-F862B587B57D}=C:\PROGRA~1\orange4\orange4.dll [2006-02-14 03:49]
{56A56219-EEEE-4CCD-843C-4AA379751FB9}=C:\WINDOWS\system32\gebyv.dll [2007-05-31 22:08]
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\aueompmb.dll []
{8A6017E9-C1B2-478B-83AD-F9DC4B418ED4}=C:\WINDOWS\system32\akcphamr.dll []
{900C4E60-A7A8-A62F-D10E-F9ADA9E4259C}=C:\WINDOWS\system32\idebmfmo.dll []
{B71FA585-B351-4E48-8DA8-22F6F705EC73}=C:\WINDOWS\system32\opnkjif.dll [2007-05-31 21:58]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-08-27 11:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 11:22]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 11:23]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-27 11:35]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-27 00:38]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-01 10:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 16:48]
"p2p networking"="p2pnetworking.exe" []
"nojehsjs.exe"="C:\Documents and Settings\All Users\Application Data\nojehsjs.exe" [2007-05-31 21:58]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-06-05 13:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-20 01:54]
"Imngx"="C:\Documents and Settings\Admin\My Documents\??sembly\??ool32.exe" []
"Awhr"="C:\WINDOWS\system32\YMANTE~1\netdde.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B71FA585-B351-4E48-8DA8-22F6F705EC73}"="C:\WINDOWS\system32\opnkjif.dll" [2007-05-31 21:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyv]
C:\WINDOWS\system32\gebyv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkjif]
opnkjif.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


Contents of the 'Scheduled Tasks' folder
2007-06-16 02:00:00 C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
2007-06-08 08:23:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-15 19:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
2007-06-17 21:54:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 22:53:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-17 22:58:54
C:\ComboFix-quarantined-files.txt ... 2007-06-17 22:58

--- E O F ---

#6 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 17 June 2007 - 10:01 PM

Hey domduv87

Safe Mode Repair

Please download SafeBootKeyRepair.exe (by sUBs)

Double click SafeBootKeyRepair.exe. When finished, it shall produce a log for you C:\SafeBoot_Repair.txt. Post that log in your next reply and let me know whether you can access safe mode or not.
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#7 domduv87

domduv87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 19 June 2007 - 07:27 AM

SafeMode

--

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sdcoreservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SYMTDI]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

#8 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 19 June 2007 - 07:30 AM

And...does safe mode work?
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#9 domduv87

domduv87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 19 June 2007 - 08:00 AM

When i tryed before i ran that it wouldn't work no, just aload of codes, etc, does that program you made me run, fix that problem? as i haven;t tryed since posting you that information

#10 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 19 June 2007 - 08:02 AM

The program I asked you to run is designed to fix the safe mode issues. That was my reasoning for running it and also why I asked you if it worked. Please could you just confirm whether or not it works :thumbsup:
My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image

#11 domduv87

domduv87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 19 June 2007 - 09:07 AM

No it doesn't.

I tryed Safe Mode and Safe Mode with Networking

I get this;

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\System32\Drivers\ [enter driver name here]

All down the screen

#12 jamielaw

jamielaw

    Malware Ass-Kicker!


  • Members
  • 878 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 20 June 2007 - 12:43 PM

Hey domduv87

I tryed Safe Mode and Safe Mode with Networking

I get this;

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\System32\Drivers\ [enter driver name here]

All down the screen


What happens after you get them? Does the computer continue to boot into safe mode? Does it stall? Does it restart? Do you get BSODs?

From your log it looks like you have an older version of an Symantect product installed - has the license expired?

==========

Install Firewall Software:

Please either download ZoneAlarm OR Outpost

Once you have downloaded the Firewall software you would like please install it.

Tutorials: ZoneAlarm / Outpost

==========

Update Java

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by malware so I strongly recommend you update it.

Please download Java Runtime Environment .

Install the update and restart your computer. Then remove any older versions from Add or Remove Programs in the Control Panel.

==========

Uninstall List

1. Open Hijackthis and select: Open the Misc Tools section.
2. Then choose: Open Uninstall Manager and click Save List.
3. Save the list to your computer.
4. Then copy the contents of the list back to your thread.

==========

Upload Files

You have a file(s) of interest to us. It would help the detection rates of the tools we use by getting hold of samples of these infections.

1. Please download Suspicious File Packer.
2. Then restart your computer in safe mode.
3. Double-click Suspicious File Packer. Then copy and paste this list of files:

C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\opnkjif.dll
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\j3271130.dll
C:\WINDOWS\system32\wofxsbvd.dll
C:\Documents and Settings\Admin\My Documents\??sembly\??ool32.exe
C:\WINDOWS\system32\YMANTE~1\netdde.exe
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\hfvbscgg.ini2
C:\WINDOWS\system32\vybeg.bak2
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\1723.bat
C:\WINDOWS\system32\setup9x.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\drivers\ss_mdm.sys
C:\WINDOWS\system32\drivers\ss_mdfl.sys
C:\WINDOWS\system32\drivers\ss_cmnt.sys
C:\WINDOWS\system32\drivers\ss_cm.sys
C:\WINDOWS\system32\drivers\ss_bus.sys
C:\WINDOWS\system32\drivers\ss_whnt.sys
C:\WINDOWS\system32\drivers\ss_wh.sys
C:\WINDOWS\system32\drivers\StarOpen.sys


4. Then click Continue. Close the program down.
5. Restart your computer in normal mode.
6. In the same folder as Suspicious File Packer should be a file like this: requested-files[2007-06-20_15_36].cab.
7. Open up Submit Files!
8. Then fill in the details:

Link: http://www.bleepingcomputer.com/forums/t/96235/trogan-vundo-cant-remove-please-help/
File: Locate your file: requested-files[2007-06-20_15_36].cab

9. Then click Send File.

==========

Fix these Hijackthis Items

1. Open HijackThis and select the Do a system scan only option.
2. Place a check next to the following items:

O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS\system32\ipv6monl.dll (file missing)
O2 - BHO: (no name) - {56A56219-EEEE-4CCD-843C-4AA379751FB9} - C:\WINDOWS\system32\gebyv.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\aueompmb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A6017E9-C1B2-478B-83AD-F9DC4B418ED4} - C:\WINDOWS\system32\akcphamr.dll (file missing)
O2 - BHO: (no name) - {900C4E60-A7A8-A62F-D10E-F9ADA9E4259C} - C:\WINDOWS\system32\idebmfmo.dll (file missing)
O2 - BHO: (no name) - {B71FA585-B351-4E48-8DA8-22F6F705EC73} - C:\WINDOWS\system32\opnkjif.dll
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [nojehsjs.exe] C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
O4 - HKLM\..\Run: [j3271130] rundll32 C:\WINDOWS\system32\j3271130.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\wofxsbvd.dll",realset
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [Imngx] "C:\Documents and Settings\Admin\My Documents\??sembly\??ool32.exe"
O4 - HKCU\..\Run: [Awhr] "C:\WINDOWS\system32\YMANTE~1\netdde.exe" -vt ndrv
O20 - Winlogon Notify: gebyv - C:\WINDOWS\system32\gebyv.dll
O20 - Winlogon Notify: opnkjif - C:\WINDOWS\SYSTEM32\opnkjif.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)

3. Close all open browsers and windows, except HijackThis. Then select fix checked . Then close HijackThis.

==========

Delete Files

Please download KillBox.exe (by Option^Explicit)

Note : In the event you already have Killbox, this is a new version that I need you to download.

Double-click Killbox.exe to run it. Select Delete on Reboot, then select All Files. Then copy and paste this list of files:

C:\Documents and Settings\All Users\Application Data\nojehsjs.exe
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\opnkjif.dll
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\j3271130.dll
C:\WINDOWS\system32\wofxsbvd.dll
C:\Documents and Settings\Admin\My Documents\??sembly\??ool32.exe
C:\WINDOWS\system32\YMANTE~1\netdde.exe
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\hfvbscgg.ini2
C:\WINDOWS\system32\vybeg.bak2
C:\WINDOWS\system32\vybeg.bak1


Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

Note : Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!)

==========

Clean Out Temporary Files

Please download ATF Cleaner (by Atribune)

Double-click ATF-Cleaner.exe to run it.

Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
Note : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
Note : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

==========

Kaspersky Online Scanner

Go to Lhttp://www.kaspersky.com/virusscanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post with another HJT log.
==========

Edited by jamielaw, 20 June 2007 - 01:33 PM.

My Website!

"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther King, Jr.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users