Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP ME! I HAVE A WHOLE BUNCH OF SPYWARE STUFF [RESOLVED]


  • This topic is locked This topic is locked

#16
helpme?

helpme?

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
um i used opera to do the scan and it wont let me so i used internet explorer and it has an error everything after i go to install activex


my computer seem to be going good :)
  • 0

Advertisements


#17
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
erm.. can you do this?


Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient




If you still see the error, then tell me :)
  • 0

#18
helpme?

helpme?

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Result: 7 malware found
Hoax.Win32.Renos (virus)
System
Hoax.Win32.Renos.vasi (virus)
C:\WINDOWS\SYSTEM32\IEDFIX.EXE
Trojan.Win32.Dialer (virus)
System
Trojan.Win32.Dialer.qn (virus)
C:\WINDOWS\SYSTEM32\DRVTOJ.DLL
Trojan.Win32.Obfuscated (virus)
System
Trojan.Win32.Obfuscated.gx (virus)
C:\WINDOWS\HIXCTINY.DLL
Vundo.gen38 (virus)
C:\DOCUMENTS AND SETTINGS\ACOUNT OF DEATH\MY DOCUMENTS\COMPUTER FIXING STUFF\OTSCANIT\MOVEDFILES\04252008_141421\WINDOWS\SYSTEM32\NLQUMJCW.INI (Submitted)
Statistics
Scanned:
Files: 37273
System: 3491
Not scanned: 26
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 7
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\034715BFCB7BEAF4C9CB49771DAE09B1_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C96C7E6135C766543DA4920050F7B58_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1507739842D7463BC6EA79C61AADAF03_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FB8C585E52C9CC6029590A63A54908D_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E4262AD3C96C0F5170FADD49EC4E6DF_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\33D6D9C52D3839EC02EEA6E6300BE46D_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\469E140F38B04D490FAB606C8B33CB3B_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E35266F1A72A7ABFBFE1D5CED9B8D27_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58D235B50F0816F11F843C0DD663C9FE_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7136F51C68DAAE6BB99769B2D6EA8EC2_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B51DC702C5C7A6ABED624BF5D2E3AB27_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4BD9551DE1775B987EB9EE0AC226A72_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2B61E998B55F6D0E55BA80AB9B8B3B5_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0BD8629C20FA7C2AECB34F557D1A866_D69FCBFC-AFDB-4061-8DFE-2E2AED49254B
C:\DOCUMENTS AND SETTINGS\ACOUNT OF DEATH\LOCAL SETTINGS\APPLICATION DATA\OPERA\OPERA\PROFILE\VPS\0000\URL.AX
C:\DOCUMENTS AND SETTINGS\ACOUNT OF DEATH\LOCAL SETTINGS\APPLICATION DATA\OPERA\OPERA\PROFILE\VPS\0000\W.AX
C:\DOCUMENTS AND SETTINGS\ACOUNT OF DEATH\APPLICATION DATA\OPERA\OPERA\MAIL\LEXICON\LEXICON.AX
C:\DOCUMENTS AND SETTINGS\ACOUNT OF DEATH\APPLICATION DATA\OPERA\OPERA\MAIL\INDEXER\INDEXER.AX
C:\DOCUMENTS AND SETTINGS\ACOUNT OF DEATH\APPLICATION DATA\OPERA\OPERA\MAIL\INDEXER\MESSAGE_ID
Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-08-27
F-Secure AVP: 7.0.171, 2008-08-26
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
  • 0

#19
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\SYSTEM32\DRVTOJ.DLL 
C:\WINDOWS\HIXCTINY.DLL

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#20
helpme?

helpme?

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
COMBO FIX LOG:
********************
ComboFix 08-08-24.03 - Acount Of Death 2008-08-26 12:11:43.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.868 [GMT -7:00]
Running from: C:\Documents and Settings\Acount Of Death\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Acount Of Death\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\HIXCTINY.DLL
C:\WINDOWS\SYSTEM32\DRVTOJ.DLL
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Acount Of Death\Application Data\macromedia\Flash Player\#SharedObjects\9KXD4MAE\interclick.com
C:\Documents and Settings\Acount Of Death\Application Data\macromedia\Flash Player\#SharedObjects\9KXD4MAE\interclick.com\ud.sol
C:\Documents and Settings\Acount Of Death\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Acount Of Death\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-26 15:54 . 2008-08-26 15:54 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-26 08:36 . 2008-08-26 08:36 <DIR> d-------- C:\fsaua.data
2008-08-26 07:10 . 2008-08-26 07:10 <DIR> d-------- C:\Documents and Settings\Acount Of Death\Application Data\AVSMedia
2008-08-26 06:38 . 2008-08-26 06:38 <DIR> d-------- C:\Program Files\AVSMedia
2008-08-26 06:38 . 2003-05-22 13:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-08-26 06:38 . 2003-06-05 18:30 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-26 06:38 . 2003-05-22 13:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-08-26 02:45 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 02:45 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 22:20 . 2008-08-25 22:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-25 21:45 . 2008-08-25 21:45 <DIR> d-------- C:\Program Files\ERUNT
2008-08-25 03:30 . 2008-08-25 03:30 268 --ah----- C:\sqmdata10.sqm
2008-08-25 03:30 . 2008-08-25 03:30 244 --ah----- C:\sqmnoopt10.sqm
2008-08-24 23:11 . 2008-08-24 23:13 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-19 00:46 . 2008-08-22 22:27 <DIR> d-------- C:\Program Files\the new magix one that works
2008-08-18 05:59 . 2008-08-18 05:59 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-18 05:59 . 2008-08-18 05:59 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-18 05:58 . 2008-08-18 05:58 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-18 05:58 . 2008-08-18 05:58 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-18 05:04 . 2008-08-19 14:13 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-14 19:15 . 2008-08-18 22:13 <DIR> d-------- C:\Program Files\Acoustica Shared Effects
2008-08-14 19:15 . 2008-08-18 20:44 <DIR> d-------- C:\Program Files\Acoustica Beatcraft
2008-08-14 15:52 . 2008-08-14 15:52 <DIR> d-------- C:\New Folder 1
2008-08-14 15:41 . 2008-08-18 03:18 <DIR> d-------- C:\Program Files\DivX
2008-08-14 15:27 . 2005-06-21 16:43 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-08 03:46 . 2008-08-08 03:46 268 --ah----- C:\sqmdata09.sqm
2008-08-08 03:46 . 2008-08-08 03:46 244 --ah----- C:\sqmnoopt09.sqm
2008-08-08 02:33 . 2008-08-08 02:33 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-08 01:42 . 2008-08-08 01:42 268 --ah----- C:\sqmdata08.sqm
2008-08-08 01:42 . 2008-08-08 01:42 244 --ah----- C:\sqmnoopt08.sqm
2008-08-08 00:47 . 2008-08-08 00:47 268 --ah----- C:\sqmdata07.sqm
2008-08-08 00:47 . 2008-08-08 00:47 244 --ah----- C:\sqmnoopt07.sqm
2008-08-07 23:52 . 2008-08-26 02:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-05 22:54 . 2008-08-05 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-05 22:46 . 2008-08-05 22:55 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-08-05 22:46 . 2008-08-05 22:55 <DIR> d-------- C:\Program Files\AVS4YOU
2008-08-05 22:46 . 2002-01-05 16:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-08-05 22:46 . 2004-07-03 21:59 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-05 22:46 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-08-05 22:46 . 2004-07-03 22:08 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-05 22:46 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-08-05 22:46 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-08-05 22:46 . 2004-09-06 17:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-08-05 22:46 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-08-05 22:46 . 2003-05-21 13:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-08-05 22:46 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-08-05 14:58 . 2008-08-05 14:58 161,096 --a--c--- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-03 21:23 . 2008-08-03 21:23 <DIR> d-------- C:\Program Files\bluesforpeace
2008-07-29 00:42 . 2008-07-29 00:42 0 --a------ C:\WINDOWS\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 18:20 --------- d-----w C:\Program Files\Opera
2008-08-26 09:45 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-25 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-08-25 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-08-25 06:20 --------- d-----w C:\Program Files\DNA
2008-08-25 06:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-23 05:28 --------- d-----w C:\Program Files\MAGIX
2008-08-23 05:28 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-08-19 08:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-08-19 08:06 --------- d-----w C:\Documents and Settings\Acount Of Death\Application Data\MAGIX
2008-08-18 13:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-08 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-22 03:51 --------- d-----w C:\Program Files\EA GAMES
2008-07-21 12:41 --------- d-----w C:\Documents and Settings\Acount Of Death\Application Data\SystemRequirementsLab
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-02 23:54 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-07-01 21:47 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll
2008-07-01 21:47 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll
2008-07-01 21:47 --------- d-----w C:\Documents and Settings\Acount Of Death\Application Data\Propellerhead Software
2008-07-01 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-06-30 02:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-30 02:16 --------- d-----w C:\Documents and Settings\Acount Of Death\Application Data\Sierra Entertainment
2008-06-30 01:04 --------- d--h--r C:\Documents and Settings\Acount Of Death\Application Data\SecuROM
2008-06-29 23:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-29 23:55 --------- d-----w C:\Program Files\Google
2008-06-29 23:53 --------- d-----w C:\Program Files\Yahoo!
2008-06-29 23:52 --------- d-----w C:\Program Files\BitComet
2008-06-29 09:58 --------- d-----w C:\Program Files\Essentials Codec Pack
2008-06-29 09:53 --------- d-----w C:\Documents and Settings\Acount Of Death\Application Data\Any Video Converter
2008-06-29 07:49 --------- d-----w C:\Documents and Settings\Acount Of Death\Application Data\DivX
2008-06-29 06:26 --------- d-----w C:\Documents and Settings\Acount Of Death\Application Data\Xilisoft Corporation
2008-06-29 05:26 --------- d-----w C:\Documents and Settings\Acount Of Death\Application Data\Yahoo!
2008-06-26 08:07 --------- d-----w C:\Documents and Settings\Acount Of Death\Application Data\Acoustica
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-06 03:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2001-11-30 19:09 49,152 -c--a-r C:\Program Files\Common Files\HDvAvi.dll
.

((((((((((((((((((((((((((((( snapshot_2008-08-26_ 0.25.31.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-27 22:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 22:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 23:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 22:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
+ 2008-08-26 13:04:34 65,536 ----a-r C:\WINDOWS\Installer\{49FC50FC-F965-40D9-89B4-CBFF80941033}\ARPPRODUCTICON.exe
+ 2002-12-20 20:06:00 3,366,912 ----a-w C:\WINDOWS\RegisteredPackages\{60BFF50D-FB2C-4498-A577-C9548C390BB9}\moviemk.exe
- 2004-08-04 12:00:00 3,555,328 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
+ 2002-12-20 20:06:00 3,366,912 -c--a-w C:\WINDOWS\system32\dllcache\moviemk.exe
- 2008-08-23 02:58:03 1,539,168 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-26 19:16:02 1,539,192 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-07-27 22:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 22:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 03:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 20:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
- 2007-09-27 22:22:44 413,760 ----a-w C:\WINDOWS\system32\mpg4c32.dll
+ 2002-08-20 08:41:12 413,760 ----a-w C:\WINDOWS\system32\mpg4c32.dll
+ 2007-08-03 01:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-03 01:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-06 20:17:40 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 18:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
+ 2008-08-26 19:16:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat
+ 2006-12-02 05:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 05:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 05:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 07:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 07:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 07:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 07:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 07:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 07:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 07:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 07:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 07:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 07:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-18 13:25 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-18 13:25 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 15:02 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll
"msacm.ivimp3en"= ivimp3en.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16222:TCP"= 16222:TCP:*:Disabled:BitComet 16222 TCP
"16222:UDP"= 16222:UDP:*:Disabled:BitComet 16222 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 11:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 11:35]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 19:52]
S3 cirrus;cirrus;C:\WINDOWS\system32\DRIVERS\cirrus.sys [2001-08-17 13:57]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2001-12-18 12:38]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{365ac32b-b4ee-11dc-b5c9-00123fd353e5}]
\Shell\AutoRun\command - H:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - H:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 00:17:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
.
**************************************************************************
.
Completion time: 2008-08-27 0:25:57 - machine was rebooted [Acount Of Death]
ComboFix-quarantined-files.txt 2008-08-27 07:25:24
ComboFix2.txt 2008-08-26 13:22:17
ComboFix3.txt 2008-08-26 09:11:53
ComboFix4.txt 2008-08-26 07:27:10
ComboFix5.txt 2008-08-26 19:08:16

Pre-Run: 3,975,364,608 bytes free
Post-Run: 4,066,299,904 bytes free

235 --- E O F --- 2008-08-19 10:05:21
  • 0

#21
helpme?

helpme?

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
highjack log:
*****************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:43 AM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 5207 bytes
  • 0

#22
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Logs look good to me...

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image



------------------------


You already have..

1. Avast! Antivirus as your antivirus
2. Malwarebytes' as your antispyware..


However, I haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.




Lastly, to keep your operating system up to date please visit the link below monthly

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#23
helpme?

helpme?

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
ok i got the firewall and the updates and my computer is going good thanks for everything
  • 0

#24
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP