 |
 |
| Likely virus a couple error messages help! - hijack log |
| 
wumpus
New Member
Date Joined Nov 2008
Total Posts : 10
| Posted 11-9-2008 10:48 (GMT +1) |   | I have a blank screen at startup, I have to start explorer as a new task to get around that. IE is popping windows with ads(I use firefox)
I get this message after startup
RunDLL
Error loading C:\Windows\system32\jkkIYqnO.dll
The specified module could not be found.
(from HJ)
For some reason your system denied write access to the Hosts file. If any domains are in this file, Hijack may NOT be able to fix this.
I would appreciate any help, thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:35 AM, on 11/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\EXPLORER.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Erich\AppData\Local\Temp\winlogin.exe
C:\Users\Erich\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Erich\AppData\Local\Temp\winlogun.exe
C:\Users\Erich\AppData\Local\Temp\winlogin.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\MSCONFIG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Windows\server.exe"
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Windows\server.exe",
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkIYqnO.dll,#1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Erich\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Policies\Explorer\Run: [server] C:\Windows\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\Windows\system32\siejf93.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8136 bytes | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14325
| Posted 11-9-2008 11:58 (GMT +1) | | Hello 
You have a large number of infections, I´ll therefore suggest you proceed as follows ->
Download Bullguard trial Antivirus:
BG. Manual:
Install, update it. Run a completstemscan.
Reboot. Then ->
and save it on the desktop. Then double click on it (Fix_download.exe).
You may have to allow the program to download files from the web!
The program download the necessary cleaning programs. Once the program
is downloaded, there will be a folder on your desktop named
Fix. – if the instructions not automatically opens, so
double-click "FIX_manual.htm" in Fix folder.
Please follow the instructions and copy the logs here, in this Topic.
Note : Fix_download.exe is detected by some antivirus programs as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
| | Back to Top | | |
|
wumpus
New Member
Date Joined Nov 2008
Total Posts : 10
| Posted 11-10-2008 7:00 (GMT +1) | | I think I've got everything here
ComboFix 08-11-09.01 - Erich 2008-11-10 0:47:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.886 [GMT -5:00]
Running from: c:\users\Public\Desktop\FIX\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\server.exe
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.
2008-11-09 15:34 . 2008-11-09 15:42 <DIR> d-------- c:\users\Erich\AppData\Roaming\BullGuard
2008-11-09 15:34 . 2008-11-09 19:26 <DIR> d-------- c:\users\All Users\BullGuard
2008-11-09 15:34 . 2008-11-09 19:26 <DIR> d-------- c:\programdata\BullGuard
2008-11-09 15:33 . 2008-11-09 15:43 263,192 -ra------ c:\windows\System32\drivers\AfwCore.sys
2008-11-09 15:32 . 2008-11-09 15:32 <DIR> d-------- c:\program files\BullGuard Ltd
2008-11-09 15:32 . 2008-03-13 09:27 52,560 --a------ c:\windows\System32\drivers\BdFileSpy.sys
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\users\Erich\AppData\Roaming\Malwarebytes
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 04:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-09 04:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-09 04:54 . 2008-11-09 04:54 <DIR> d-------- c:\program files\CCleaner
2008-11-09 04:20 . 2008-11-09 04:20 <DIR> d-------- c:\program files\Alwil Software
2008-11-09 04:20 . 2008-07-19 10:36 51,280 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-11-09 03:41 . 2008-11-09 03:41 <DIR> d-------- c:\program files\Trend Micro
2008-11-09 00:24 . 2008-11-09 00:24 <DIR> d-------- c:\users\Erich\Famous Nudes
2008-11-09 00:24 . 2008-11-09 02:02 <DIR> d-------- c:\users\Erich\Dead
2008-11-08 16:50 . 2008-11-08 16:50 <DIR> d-------- c:\users\Erich\AppData\Roaming\GlarySoft
2008-11-08 16:48 . 2008-11-08 16:48 <DIR> d-------- c:\program files\Glary Registry Repair
2008-11-08 15:29 . 2008-11-08 15:29 <DIR> d-------- c:\program files\IESurfBar
2008-11-08 15:29 . 2008-11-08 15:29 527 --a------ c:\windows\System32\TDSSwqsc.dat
2008-11-08 15:28 . 2008-11-08 15:28 2 --a------ C:\-1328151924
2008-11-07 23:32 . 2008-11-07 23:32 <DIR> d-------- c:\users\Erich\AppData\Roaming\DAEMON Tools
2008-11-07 10:13 . 2008-11-07 10:13 <DIR> d-------- c:\users\Erich\.thumbnails
2008-11-07 10:11 . 2008-11-08 00:31 <DIR> d-------- c:\users\Erich\.gimp-2.4
2008-11-07 01:56 . 2008-11-07 01:56 <DIR> dr------- c:\users\Erich\Contacts
2008-11-05 23:31 . 2008-11-05 23:31 <DIR> d-------- c:\users\Erich\unifund
2008-11-05 23:31 . 2008-11-05 23:31 <DIR> d-------- c:\users\Erich\Talking Heads
2008-11-01 20:54 . 2008-11-09 16:52 <DIR> d-------- c:\users\Erich\AppData\Roaming\BitTorrent
2008-11-01 20:53 . 2008-11-01 20:54 <DIR> d-------- c:\program files\BitTorrent
2008-10-31 13:25 . 2008-10-31 13:25 <DIR> d-------- c:\users\Erich\AppData\Roaming\Move Networks
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\System32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\System32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 729,088 --a------ c:\windows\System32\divxdec.ax
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\System32\DivX.dll
2008-10-28 15:00 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 15:00 . 2008-09-17 23:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 15:00 . 2008-09-17 23:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-25 19:21 . 2008-10-25 19:21 <DIR> d-------- c:\program files\LitexMedia
2008-10-25 19:20 . 2008-10-25 19:20 <DIR> d-------- c:\program files\Crystal Software
2008-10-25 18:58 . 2008-10-25 18:58 <DIR> d-------- c:\users\Erich\AppData\Roaming\Media Player Classic
2008-10-25 18:57 . 2008-10-25 18:57 <DIR> d-------- c:\users\All Users\Real
2008-10-25 18:57 . 2008-10-25 18:57 <DIR> d-------- c:\program files\Real Alternative
2008-10-20 14:19 . 2008-10-20 14:19 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-20 14:12 . 2008-10-20 18:19 <DIR> d-------- c:\windows\System32\color
2008-10-20 14:12 . 2008-10-20 14:12 <DIR> d-------- c:\windows\System32\BWKDLogs
2008-10-20 14:11 . 2008-10-20 18:19 <DIR> d-------- c:\program files\Kodak
2008-10-20 14:04 . 2008-10-22 15:09 <DIR> d-------- c:\users\All Users\Kodak
2008-10-20 14:04 . 2008-10-22 15:09 <DIR> d-------- c:\programdata\Kodak
2008-10-20 12:29 . 2008-11-09 15:49 <DIR> dr------- c:\users\Public\Documents
2008-10-18 12:25 . 2008-10-20 08:12 <DIR> d-------- c:\users\Erich\101 S Lincoln
2008-10-17 14:24 . 2008-09-17 21:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-12 19:05 . 2008-10-12 19:05 <DIR> d-------- c:\users\Erich\Program Files
2008-10-10 17:16 . 2008-10-10 17:20 <DIR> d-------- c:\users\Erich\Conspiracy theory
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 05:45 --------- d-----w c:\users\Erich\AppData\Roaming\DNA
2008-11-09 20:43 28,696 ----a-r c:\windows\system32\drivers\Afw.sys
2008-11-09 09:56 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-08 21:24 --------- d-----w c:\program files\DNA
2008-11-08 21:19 --------- d-----w c:\program files\Lavasoft
2008-11-08 17:17 --------- d-----w c:\program files\DivX
2008-11-08 05:23 --------- d-----w c:\users\Erich\AppData\Roaming\gtk-2.0
2008-11-06 18:58 --------- d-----w c:\programdata\Roxio
2008-11-03 12:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-31 18:29 --------- d-----w c:\program files\QuickTime
2008-10-22 02:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 13:09 --------- d-----w c:\users\Erich\AppData\Roaming\Winamp
2008-10-17 21:27 --------- d-----w c:\program files\Windows Mail
2008-10-04 14:59 --------- d-----w c:\program files\Common Files\Apple
2008-10-04 14:58 --------- d-----w c:\programdata\Apple Computer
2008-10-04 14:57 --------- d-----w c:\programdata\Apple
2008-10-04 14:57 --------- d-----w c:\program files\Apple Software Update
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 20:40 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-30 15:39 174 --sha-w c:\program files\desktop.ini
2008-09-30 15:30 --------- d-----w c:\program files\Windows Sidebar
2008-09-30 15:30 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-30 15:30 --------- d-----w c:\program files\Windows Journal
2008-09-30 15:30 --------- d-----w c:\program files\Windows Defender
2008-09-30 15:30 --------- d-----w c:\program files\Windows Collaboration
2008-09-30 15:30 --------- d-----w c:\program files\Windows Calendar
2008-09-30 15:11 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-30 15:11 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-21 20:54 --------- d-----w c:\programdata\Lavasoft
2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-19 13:48 14,152 ----a-w c:\windows\System32\client_cc.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-14 14:45 --------- d-----w c:\program files\Microsoft Silverlight
2008-02-25 02:02 0 ----a-w c:\users\Erich\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6226BA26-C017-4007-928C-DE9715C6FA68}"= "c:\program files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll" [2008-06-07 2404352]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Erich\Program Files\DNA\btdna.exe" [2008-10-12 289088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-11-09 304456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-24 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-27 405504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-11-09 304456]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-24 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 10:21 648072 c:\windows\WindowsMobile\wmdc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8FE5C86D-11F0-46E8-83F8-247898A88B77}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{4ADB6C02-A06E-422C-A3A4-7C9887B6A223}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{2911B122-E1CC-4CF0-9E83-4CAB9DFB32C8}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D2D9CB01-BB61-46C2-B3F4-4AAB7D52E78B}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A8801FB3-4B24-4584-A530-F08D374612A5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9E11DDA6-F129-49BC-9910-2E04F7834D7A}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B392EDFB-C5A8-4627-BBA0-AC6E7B35A13C}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{AE97FEFA-FD9D-4FB6-8FA7-F68CA6301CBC}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{C11890E4-4ABE-475B-8C19-B2178B397D4F}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{B137D8CE-CC8B-4E57-B4A9-E146F933A065}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{E7580EB3-F841-4E9E-8B12-263D800BB866}c:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= UDP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"UDP Query User{075295F7-61F7-4346-A6C2-2F73AE2F8B49}c:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= TCP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"{FF31464F-BC2E-4FE6-A479-181061DF8E09}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{5C042806-7852-4467-9F3B-5248A53BFA88}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2008-11-09 28696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-27 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2008-03-13 52560]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\Drivers\AfwCore.sys [2008-11-09 263192]
R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Ltd\BullGuard\Reconn.sys [2008-07-29 16984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{05I41M56-QW07-U20F-YX8T-VB4U6TP4UX63}]
"c:\windows\server.exe"
.
- - - - ORPHANS REMOVED - - - -
HKCU-Explorer_Run-server - c:\windows\server.exe
ShellExecuteHooks-{49582D01-5592-4E9A-B672-FBABAB3B9A2C} - (no file)
MSConfigStartUp-jsg8jfgfdfhfhf - c:\users\Erich\AppData\Local\Temp\winlogun.exe
MSConfigStartUp-xsjfn83jkemfofght - c:\users\Erich\AppData\Local\Temp\winlogin.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\prkxfgoo.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - fark.com
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\users\Erich\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 00:52:29
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-10 0:54:32
ComboFix-quarantined-files.txt 2008-11-10 05:54:26
Pre-Run: 26,595,794,944 bytes free
Post-Run: 26,428,084,224 bytes free
249 --- E O F --- 2008-11-09 01:26:52
---------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.30
Database version: 1375
Windows 6.0.6001 Service Pack 1
11/10/2008 12:38:39 AM
mbam-log-2008-11-10 (00-38-39).txt
Scan type: Full Scan (C:\|)
Objects scanned: 188626
Time elapsed: 2 hour(s), 37 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:35 AM, on 11/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\EXPLORER.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Erich\AppData\Local\Temp\winlogin.exe
C:\Users\Erich\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Erich\AppData\Local\Temp\winlogun.exe
C:\Users\Erich\AppData\Local\Temp\winlogin.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\MSCONFIG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Windows\server.exe"
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Windows\server.exe",
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkIYqnO.dll,#1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Erich\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Policies\Explorer\Run: [server] C:\Windows\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\Windows\system32\siejf93.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8136 bytes | | Back to Top | | |
|
wumpus
New Member
Date Joined Nov 2008
Total Posts : 10
| Posted 11-10-2008 7:07 (GMT +1) | | I think I've got everything here
ComboFix 08-11-09.01 - Erich 2008-11-10 0:47:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.886 [GMT -5:00]
Running from: c:\users\Public\Desktop\FIX\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\server.exe
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.
2008-11-09 15:34 . 2008-11-09 15:42 <DIR> d-------- c:\users\Erich\AppData\Roaming\BullGuard
2008-11-09 15:34 . 2008-11-09 19:26 <DIR> d-------- c:\users\All Users\BullGuard
2008-11-09 15:34 . 2008-11-09 19:26 <DIR> d-------- c:\programdata\BullGuard
2008-11-09 15:33 . 2008-11-09 15:43 263,192 -ra------ c:\windows\System32\drivers\AfwCore.sys
2008-11-09 15:32 . 2008-11-09 15:32 <DIR> d-------- c:\program files\BullGuard Ltd
2008-11-09 15:32 . 2008-03-13 09:27 52,560 --a------ c:\windows\System32\drivers\BdFileSpy.sys
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\users\Erich\AppData\Roaming\Malwarebytes
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 04:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-09 04:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-09 04:54 . 2008-11-09 04:54 <DIR> d-------- c:\program files\CCleaner
2008-11-09 04:20 . 2008-11-09 04:20 <DIR> d-------- c:\program files\Alwil Software
2008-11-09 04:20 . 2008-07-19 10:36 51,280 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-11-09 03:41 . 2008-11-09 03:41 <DIR> d-------- c:\program files\Trend Micro
2008-11-09 00:24 . 2008-11-09 00:24 <DIR> d-------- c:\users\Erich\Famous Nudes
2008-11-09 00:24 . 2008-11-09 02:02 <DIR> d-------- c:\users\Erich\Dead
2008-11-08 16:50 . 2008-11-08 16:50 <DIR> d-------- c:\users\Erich\AppData\Roaming\GlarySoft
2008-11-08 16:48 . 2008-11-08 16:48 <DIR> d-------- c:\program files\Glary Registry Repair
2008-11-08 15:29 . 2008-11-08 15:29 <DIR> d-------- c:\program files\IESurfBar
2008-11-08 15:29 . 2008-11-08 15:29 527 --a------ c:\windows\System32\TDSSwqsc.dat
2008-11-08 15:28 . 2008-11-08 15:28 2 --a------ C:\-1328151924
2008-11-07 23:32 . 2008-11-07 23:32 <DIR> d-------- c:\users\Erich\AppData\Roaming\DAEMON Tools
2008-11-07 10:13 . 2008-11-07 10:13 <DIR> d-------- c:\users\Erich\.thumbnails
2008-11-07 10:11 . 2008-11-08 00:31 <DIR> d-------- c:\users\Erich\.gimp-2.4
2008-11-07 01:56 . 2008-11-07 01:56 <DIR> dr------- c:\users\Erich\Contacts
2008-11-05 23:31 . 2008-11-05 23:31 <DIR> d-------- c:\users\Erich\unifund
2008-11-05 23:31 . 2008-11-05 23:31 <DIR> d-------- c:\users\Erich\Talking Heads
2008-11-01 20:54 . 2008-11-09 16:52 <DIR> d-------- c:\users\Erich\AppData\Roaming\BitTorrent
2008-11-01 20:53 . 2008-11-01 20:54 <DIR> d-------- c:\program files\BitTorrent
2008-10-31 13:25 . 2008-10-31 13:25 <DIR> d-------- c:\users\Erich\AppData\Roaming\Move Networks
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\System32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\System32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 729,088 --a------ c:\windows\System32\divxdec.ax
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\System32\DivX.dll
2008-10-28 15:00 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 15:00 . 2008-09-17 23:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 15:00 . 2008-09-17 23:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-25 19:21 . 2008-10-25 19:21 <DIR> d-------- c:\program files\LitexMedia
2008-10-25 19:20 . 2008-10-25 19:20 <DIR> d-------- c:\program files\Crystal Software
2008-10-25 18:58 . 2008-10-25 18:58 <DIR> d-------- c:\users\Erich\AppData\Roaming\Media Player Classic
2008-10-25 18:57 . 2008-10-25 18:57 <DIR> d-------- c:\users\All Users\Real
2008-10-25 18:57 . 2008-10-25 18:57 <DIR> d-------- c:\program files\Real Alternative
2008-10-20 14:19 . 2008-10-20 14:19 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-20 14:12 . 2008-10-20 18:19 <DIR> d-------- c:\windows\System32\color
2008-10-20 14:12 . 2008-10-20 14:12 <DIR> d-------- c:\windows\System32\BWKDLogs
2008-10-20 14:11 . 2008-10-20 18:19 <DIR> d-------- c:\program files\Kodak
2008-10-20 14:04 . 2008-10-22 15:09 <DIR> d-------- c:\users\All Users\Kodak
2008-10-20 14:04 . 2008-10-22 15:09 <DIR> d-------- c:\programdata\Kodak
2008-10-20 12:29 . 2008-11-09 15:49 <DIR> dr------- c:\users\Public\Documents
2008-10-18 12:25 . 2008-10-20 08:12 <DIR> d-------- c:\users\Erich\101 S Lincoln
2008-10-17 14:24 . 2008-09-17 21:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-12 19:05 . 2008-10-12 19:05 <DIR> d-------- c:\users\Erich\Program Files
2008-10-10 17:16 . 2008-10-10 17:20 <DIR> d-------- c:\users\Erich\Conspiracy theory
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 05:45 --------- d-----w c:\users\Erich\AppData\Roaming\DNA
2008-11-09 20:43 28,696 ----a-r c:\windows\system32\drivers\Afw.sys
2008-11-09 09:56 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-08 21:24 --------- d-----w c:\program files\DNA
2008-11-08 21:19 --------- d-----w c:\program files\Lavasoft
2008-11-08 17:17 --------- d-----w c:\program files\DivX
2008-11-08 05:23 --------- d-----w c:\users\Erich\AppData\Roaming\gtk-2.0
2008-11-06 18:58 --------- d-----w c:\programdata\Roxio
2008-11-03 12:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-31 18:29 --------- d-----w c:\program files\QuickTime
2008-10-22 02:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-20 13:09 --------- d-----w c:\users\Erich\AppData\Roaming\Winamp
2008-10-17 21:27 --------- d-----w c:\program files\Windows Mail
2008-10-04 14:59 --------- d-----w c:\program files\Common Files\Apple
2008-10-04 14:58 --------- d-----w c:\programdata\Apple Computer
2008-10-04 14:57 --------- d-----w c:\programdata\Apple
2008-10-04 14:57 --------- d-----w c:\program files\Apple Software Update
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 20:40 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-30 15:39 174 --sha-w c:\program files\desktop.ini
2008-09-30 15:30 --------- d-----w c:\program files\Windows Sidebar
2008-09-30 15:30 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-30 15:30 --------- d-----w c:\program files\Windows Journal
2008-09-30 15:30 --------- d-----w c:\program files\Windows Defender
2008-09-30 15:30 --------- d-----w c:\program files\Windows Collaboration
2008-09-30 15:30 --------- d-----w c:\program files\Windows Calendar
2008-09-30 15:11 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-30 15:11 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-21 20:54 --------- d-----w c:\programdata\Lavasoft
2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-19 13:48 14,152 ----a-w c:\windows\System32\client_cc.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-14 14:45 --------- d-----w c:\program files\Microsoft Silverlight
2008-02-25 02:02 0 ----a-w c:\users\Erich\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6226BA26-C017-4007-928C-DE9715C6FA68}"= "c:\program files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll" [2008-06-07 2404352]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Erich\Program Files\DNA\btdna.exe" [2008-10-12 289088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-11-09 304456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-24 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-27 405504]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-11-09 304456]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-24 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 10:21 648072 c:\windows\WindowsMobile\wmdc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8FE5C86D-11F0-46E8-83F8-247898A88B77}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{4ADB6C02-A06E-422C-A3A4-7C9887B6A223}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{2911B122-E1CC-4CF0-9E83-4CAB9DFB32C8}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D2D9CB01-BB61-46C2-B3F4-4AAB7D52E78B}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{A8801FB3-4B24-4584-A530-F08D374612A5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9E11DDA6-F129-49BC-9910-2E04F7834D7A}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B392EDFB-C5A8-4627-BBA0-AC6E7B35A13C}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{AE97FEFA-FD9D-4FB6-8FA7-F68CA6301CBC}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{C11890E4-4ABE-475B-8C19-B2178B397D4F}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{B137D8CE-CC8B-4E57-B4A9-E146F933A065}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{E7580EB3-F841-4E9E-8B12-263D800BB866}c:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= UDP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"UDP Query User{075295F7-61F7-4346-A6C2-2F73AE2F8B49}c:\\program files\\kodak\\kodak software updater\\7288971\\program\\kodak software updater.exe"= TCP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater
"{FF31464F-BC2E-4FE6-A479-181061DF8E09}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{5C042806-7852-4467-9F3B-5248A53BFA88}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2008-11-09 28696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-27 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2008-03-13 52560]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\Drivers\AfwCore.sys [2008-11-09 263192]
R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Ltd\BullGuard\Reconn.sys [2008-07-29 16984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{05I41M56-QW07-U20F-YX8T-VB4U6TP4UX63}]
"c:\windows\server.exe"
.
- - - - ORPHANS REMOVED - - - -
HKCU-Explorer_Run-server - c:\windows\server.exe
ShellExecuteHooks-{49582D01-5592-4E9A-B672-FBABAB3B9A2C} - (no file)
MSConfigStartUp-jsg8jfgfdfhfhf - c:\users\Erich\AppData\Local\Temp\winlogun.exe
MSConfigStartUp-xsjfn83jkemfofght - c:\users\Erich\AppData\Local\Temp\winlogin.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Erich\AppData\Roaming\Mozilla\Firefox\Profiles\prkxfgoo.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - fark.com
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\users\Erich\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 00:52:29
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-10 0:54:32
ComboFix-quarantined-files.txt 2008-11-10 05:54:26
Pre-Run: 26,595,794,944 bytes free
Post-Run: 26,428,084,224 bytes free
249 --- E O F --- 2008-11-09 01:26:52
---------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.30
Database version: 1375
Windows 6.0.6001 Service Pack 1
11/10/2008 12:38:39 AM
mbam-log-2008-11-10 (00-38-39).txt
Scan type: Full Scan (C:\|)
Objects scanned: 188626
Time elapsed: 2 hour(s), 37 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:35 AM, on 11/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\EXPLORER.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Erich\AppData\Local\Temp\winlogin.exe
C:\Users\Erich\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Erich\AppData\Local\Temp\winlogun.exe
C:\Users\Erich\AppData\Local\Temp\winlogin.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\MSCONFIG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Windows\server.exe"
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Windows\server.exe",
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkIYqnO.dll,#1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Erich\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Policies\Explorer\Run: [server] C:\Windows\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\Windows\system32\siejf93.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8136 bytes | | Back to Top | | |
|
wumpus
New Member
Date Joined Nov 2008
Total Posts : 10
| Posted 11-10-2008 8:25 (GMT +1) | | Fresh HJ
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:35 AM, on 11/9/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\EXPLORER.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Erich\AppData\Local\Temp\winlogin.exe
C:\Users\Erich\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Erich\AppData\Local\Temp\winlogun.exe
C:\Users\Erich\AppData\Local\Temp\winlogin.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\MSCONFIG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Windows\server.exe"
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Windows\server.exe",
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkIYqnO.dll,#1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Erich\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Policies\Explorer\Run: [server] C:\Windows\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: lke3iemrl490kgfgdsfd - {C5AF42A3-94F3-42BD-F434-3604832C897D} - C:\Windows\system32\siejf93.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8136 bytes | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14325
| Posted 11-10-2008 8:41 (GMT +1) | |
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
F2 - REG:system.ini: Shell=explorer.exe "C:\Windows\server.exe"
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Windows\server.exe",
O2 - BHO: C:\Windows\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jsne87fidgf.dll
O4 - HKLM\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkIYqnO.dll,#1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Erich\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\Users\Erich\AppData\Local\Temp\winlogun.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\Erich\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Policies\Explorer\Run: [server] C:\Windows\server.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript
and Save it on the desktop
Killall::
Snapshot::
File::
C:\Windows\server.exe
C:\Windows\system32\jsne87fidgf.dll
C:\Users\Erich\AppData\Local\Temp\winlogun.exe
C:\Users\Erich\AppData\Local\Temp\winlogin.exe
C:\Windows\system32\siejf93.dll
Folder::
C:\Program Files\Viewpoint
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Logitech Desktop Messenger.lnk=-
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report, along with new hijackthis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
| | Back to Top | | |
|
wumpus
New Member
Date Joined Nov 2008
Total Posts : 10
| Posted 11-10-2008 4:40 (GMT +1) | | The ComboFix log took a couple tries. The first few scans didn't give me a log after restart. So far you've fixed the blank screen startup and random IE ads. thanks
ComboFix 08-11-09.04 - Erich 2008-11-10 10:19:46.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1202 [GMT -5:00]
Running from: c:\users\Public\Desktop\FIX\ComboFix.exe
Command switches used :: c:\users\Public\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\users\Erich\AppData\Local\Temp\winlogin.exe
c:\users\Erich\AppData\Local\Temp\winlogun.exe
c:\windows\server.exe
c:\windows\system32\jsne87fidgf.dll
c:\windows\system32\siejf93.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.
2008-11-09 15:34 . 2008-11-10 02:39 <DIR> d-------- c:\users\Erich\AppData\Roaming\BullGuard
2008-11-09 15:34 . 2008-11-10 10:10 <DIR> d-------- c:\users\All Users\BullGuard
2008-11-09 15:34 . 2008-11-10 10:10 <DIR> d-------- c:\programdata\BullGuard
2008-11-09 15:33 . 2008-11-09 15:43 263,192 -ra------ c:\windows\System32\drivers\AfwCore.sys
2008-11-09 15:32 . 2008-11-09 15:32 <DIR> d-------- c:\program files\BullGuard Ltd
2008-11-09 15:32 . 2008-03-13 09:27 52,560 --a------ c:\windows\System32\drivers\BdFileSpy.sys
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\users\Erich\AppData\Roaming\Malwarebytes
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-09 04:58 . 2008-11-09 04:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 04:58 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-09 04:58 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-09 04:54 . 2008-11-09 04:54 <DIR> d-------- c:\program files\CCleaner
2008-11-09 04:20 . 2008-11-09 04:20 <DIR> d-------- c:\program files\Alwil Software
2008-11-09 04:20 . 2008-07-19 10:36 51,280 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-11-09 03:41 . 2008-11-09 03:41 <DIR> d-------- c:\program files\Trend Micro
2008-11-09 00:24 . 2008-11-09 02:02 <DIR> d-------- c:\users\Erich\Dead
2008-11-08 16:50 . 2008-11-08 16:50 <DIR> d-------- c:\users\Erich\AppData\Roaming\GlarySoft
2008-11-08 16:48 . 2008-11-08 16:48 <DIR> d-------- c:\program files\Glary Registry Repair
2008-11-08 15:29 . 2008-11-08 15:29 <DIR> d-------- c:\program files\IESurfBar
2008-11-08 15:29 . 2008-11-08 15:29 527 --a------ c:\windows\System32\TDSSwqsc.dat
2008-11-08 15:28 . 2008-11-08 15:28 2 --a------ C:\-1328151924
2008-11-07 23:32 . 2008-11-07 23:32 <DIR> d-------- c:\users\Erich\AppData\Roaming\DAEMON Tools
2008-11-07 10:13 . 2008-11-07 10:13 <DIR> d-------- c:\users\Erich\.thumbnails
2008-11-07 10:11 . 2008-11-08 00:31 <DIR> d-------- c:\users\Er | |
| |
