Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan SMP/XL (Help!)

Started by Bustedcomp , Jan 10 2010 04:25 AM

  • Please log in to reply

#1
Bustedcomp
Posted 10 January 2010 - 04:25 AM

Bustedcomp

    New Member

  • Member
  • Pip
  • 4 posts
:) Yeah I just got this virus today and I have virus scanned and followed a lot of ways to get rid of this [bleep] thing, and nothing is working.

So anyways I was wondering if someone could help me out here, and I did a Hijackthis scan which ill be posting below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:18:21, on 1/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\ASUS\Ai Nap\AiNap.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\smss32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} -
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CA38132-088F-41A1-B52C-F026C6F22D5B}: NameServer = 193.104.110.38,4.2.2.1,207.32.194.7 207.32.194.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5FF89EB-078A-48FD-9DB3-A3802EBB3266}: NameServer = 193.104.110.38,4.2.2.1,207.32.194.7 207.32.194.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: lupeyoyu.dll
O21 - SSODL: ruvisuwid - {3da33233-5b6e-4edd-9d75-cca9f29002b1} - (no file)
O21 - SSODL: zuteyinat - {3ff7550b-3b10-42ce-9f5f-15afd655eb64} - c:\windows\system32\bazoveza.dll (file missing)
O21 - SSODL: romevulen - {fd4eb76f-5823-4dbb-8558-80720b334e7c} - c:\windows\system32\wejohefo.dll (file missing)
O21 - SSODL: rekobijaz - {2ddd8a6a-e6d0-46d4-9238-bc8c5a205346} - c:\windows\system32\yegehiwu.dll (file missing)
O21 - SSODL: pivazasev - {fce0d261-46ba-44a6-8fac-845c07fca4ff} - c:\windows\system32\wumihepo.dll (file missing)
O21 - SSODL: gahizoros - {960f4784-5492-481b-adba-139aa3fe59d4} - c:\windows\system32\jujeweze.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {3da33233-5b6e-4edd-9d75-cca9f29002b1} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {416de270-ee6c-4b6a-a260-b41d371a8b19} - c:\windows\system32\raramegu.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {2ddd8a6a-e6d0-46d4-9238-bc8c5a205346} - c:\windows\system32\yegehiwu.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {fce0d261-46ba-44a6-8fac-845c07fca4ff} - c:\windows\system32\wumihepo.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {960f4784-5492-481b-adba-139aa3fe59d4} - c:\windows\system32\jujeweze.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {1c023a7d-7759-41e1-adc3-3c5a43b2140c} - c:\windows\system32\vupowose.dll (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 8553 bytes

Edited by Bustedcomp, 10 January 2010 - 06:14 PM.

  • 0

Advertisements

#2
Bustedcomp
Posted 10 January 2010 - 06:36 AM

Bustedcomp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ComboFix 10-01-04.01 - Adam 01/10/2010 4:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1580 [GMT -8:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\14604.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\41.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\bahezefi.dll
c:\windows\system32\binapido.dll
c:\windows\system32\bomoyape.dll
c:\windows\system32\deganala.exe
c:\windows\system32\dikaremo.dll
c:\windows\system32\dipamiba.dll
c:\windows\system32\durerage.dll
c:\windows\system32\farolafo.dll
c:\windows\system32\figovafa.dll
c:\windows\system32\fikozowa.dll
c:\windows\system32\folayeju.dll
c:\windows\system32\fulorepi.exe
c:\windows\system32\gamunaku.dll
c:\windows\system32\gelayaye.dll
c:\windows\system32\harapupi.exe
c:\windows\system32\hasayaha.dll
c:\windows\system32\haweguma.dll
c:\windows\system32\helper32.dll
c:\windows\system32\hoyuvuki.dll
c:\windows\system32\IS15.exe
c:\windows\system32\jafujuso.dll
c:\windows\system32\jajisoku.dll
c:\windows\system32\jerezova.exe
c:\windows\system32\jojogude.dll
c:\windows\system32\juwovovo.exe
c:\windows\system32\kiwebafi.exe
c:\windows\system32\kudizafe.exe
c:\windows\system32\kukuheha.exe
c:\windows\system32\linayije.dll
c:\windows\system32\lowefevu.dll
c:\windows\system32\molugivu.dll
c:\windows\system32\muroluki.dll
c:\windows\system32\mutodoha.dll
c:\windows\system32\nasoveko.dll
c:\windows\system32\navaguke.dll
c:\windows\system32\niyufazu.dll
c:\windows\system32\notetiki.dll
c:\windows\system32\nutijule.dll
c:\windows\system32\nuvotado.exe
c:\windows\system32\peyuvaba.dll
c:\windows\system32\pimofidu.exe
c:\windows\system32\rilajayo.exe
c:\windows\system32\riwutewe.dll
c:\windows\system32\ruheteha.dll
c:\windows\system32\rukurole.dll
c:\windows\system32\sahomosa.dll
c:\windows\system32\samabiro.dll
c:\windows\system32\sehetono.dll
c:\windows\system32\sijaveso.dll
c:\windows\system32\sikojeze.exe
c:\windows\system32\sosupeti.dll
c:\windows\system32\soyatehe.dll
c:\windows\system32\supiteyo.dll
c:\windows\system32\suzodata.exe
c:\windows\system32\tedenera.exe
c:\windows\system32\tezogika.exe
c:\windows\system32\tilitede.dll
c:\windows\system32\timazoso.dll
c:\windows\system32\tmp.reg
c:\windows\system32\tojasowu.dll
c:\windows\system32\veketaha.exe
c:\windows\system32\vepuheni.dll
c:\windows\system32\voloduta.exe
c:\windows\system32\werulavo.exe
c:\windows\system32\womovagu.dll
c:\windows\system32\wugumeho.dll
c:\windows\system32\wutuguba.dll
c:\windows\system32\yikuhabi.dll
c:\windows\system32\yipafeya.dll
c:\windows\system32\yiwikepe.dll
c:\windows\system32\yiwusino.dll
c:\windows\system32\zaviyazo.dll
c:\windows\system32\zeberata.dll
c:\windows\system32\zehiroje.exe
c:\windows\system32\zikeyame.dll
c:\windows\system32\zofudube.exe

----- BITS: Possible infected sites -----

hxxp://82.98.231.102
hxxp://77.74.48.116
.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 09:39 . 2009-11-25 21:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-01-10 08:51 . 2010-01-10 08:48 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-10 08:51 . 2010-01-10 08:48 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-10 08:51 . 2010-01-10 08:48 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-10 08:51 . 2010-01-10 08:48 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-10 08:51 . 2010-01-10 08:48 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-10 08:51 . 2010-01-10 08:48 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-10 08:49 . 2010-01-10 08:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-10 08:49 . 2010-01-10 08:49 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-10 08:49 . 2010-01-10 08:49 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-10 08:48 . 2010-01-10 08:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-10 08:48 . 2010-01-10 09:25 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-10 08:48 . 2010-01-10 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-09 23:24 . 2010-01-09 23:24 33792 ----a-w- c:\windows\system32\winlogon32.exe
2010-01-09 23:24 . 2010-01-09 23:24 33792 ----a-w- c:\windows\system32\smss32.exe
2009-12-31 07:40 . 2009-12-31 07:40 -------- d-----w- c:\program files\Apple Software Update
2009-12-31 07:39 . 2009-12-31 07:39 -------- d-----w- c:\program files\Common Files\Apple
2009-12-31 07:39 . 2009-12-31 07:39 -------- d-----w- c:\program files\QuickTime
2009-12-31 07:39 . 2009-12-31 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-16 13:08 . 2009-12-16 13:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 12:26 . 2010-01-10 12:26 0 ----a-w- c:\windows\system32\41.exe
2010-01-10 12:26 . 2010-01-10 12:26 0 ----a-w- c:\windows\system32\IS15.exe
2010-01-10 12:25 . 2010-01-10 12:25 0 ----a-w- c:\windows\system32\helper32.dll
2010-01-10 12:19 . 2009-11-20 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-10 09:53 . 2008-04-02 07:30 -------- d-----w- c:\program files\Google
2010-01-10 08:48 . 2009-11-17 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-28 10:28 . 2008-08-27 03:16 -------- d-----w- c:\program files\Warcraft III
2009-12-19 06:16 . 2008-04-02 20:51 -------- d-----w- c:\program files\World of Warcraft
2009-12-18 09:47 . 2008-08-27 03:18 100428 ----a-w- c:\windows\War3Unin.dat
2009-11-23 13:41 . 2009-11-20 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-20 01:46 . 2009-11-20 01:46 -------- d-----w- c:\program files\STOPzilla!
2009-11-20 01:46 . 2009-11-20 01:46 -------- d-----w- c:\program files\Common Files\iS3
2009-11-20 01:31 . 2009-11-20 01:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-17 05:49 . 2009-11-17 05:49 -------- d-----w- c:\program files\AVG
2009-10-27 18:08 . 2009-10-27 18:08 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-10-27 18:08 . 2009-10-27 18:08 402064 ----a-r- c:\windows\system32\SZBase5.dll
2009-10-27 17:59 . 2009-10-27 17:59 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-10-20 21:40 . 2009-10-20 21:40 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-10-20 21:40 . 2009-10-20 21:40 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-10-20 21:38 . 2009-10-20 21:38 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-10-20 21:37 . 2009-10-20 21:37 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-10-20 21:37 . 2009-10-20 21:37 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-10-20 21:35 . 2009-10-20 21:35 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-10-20 21:35 . 2009-10-20 21:35 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-10-20 21:35 . 2009-10-20 21:35 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-10-20 21:31 . 2009-10-20 21:31 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-08-01 04:39 . 2008-04-02 19:44 21 ----a-w- c:\program files\Common Files\appop.log
2006-03-15 12:00 . 2008-04-02 20:15 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2009-09-11 01:05 . 2009-09-11 01:05 3 --sha-w- c:\windows\system32\bifayizo.dll
2009-09-23 15:09 . 2009-09-23 15:09 3 --sha-w- c:\windows\system32\bokawozi.dll
2009-09-22 15:09 . 2009-09-22 15:09 3 --sha-w- c:\windows\system32\bomozufo.dll
2009-09-19 03:08 . 2009-09-19 03:08 3 --sha-w- c:\windows\system32\bovivore.dll
2009-09-21 03:09 . 2009-09-21 03:09 3 --sha-w- c:\windows\system32\bupokato.dll
2009-09-15 01:06 . 2009-09-15 01:06 3 --sha-w- c:\windows\system32\deyopaya.dll
2009-09-11 01:05 . 2009-09-11 01:05 3 --sha-w- c:\windows\system32\domalami.dll
2009-09-22 15:09 . 2009-09-22 15:09 3 --sha-w- c:\windows\system32\dotiloga.dll
2009-09-15 01:06 . 2009-09-15 01:06 3 --sha-w- c:\windows\system32\febeyato.dll
2009-09-25 19:11 . 2009-09-25 19:11 3 --sha-w- c:\windows\system32\fimofipe.dll
2009-09-26 19:11 . 2009-09-26 19:11 3 --sha-w- c:\windows\system32\gulisiza.dll
2009-09-12 13:05 . 2009-09-12 13:05 3 --sha-w- c:\windows\system32\gumayusu.dll
2009-09-25 19:11 . 2009-09-25 19:11 3 --sha-w- c:\windows\system32\hafimiwi.dll
2009-09-20 15:08 . 2009-09-20 15:08 3 --sha-w- c:\windows\system32\hojumaji.dll
2009-09-19 03:08 . 2009-09-19 03:08 3 --sha-w- c:\windows\system32\hoyokuli.dll
2009-09-17 15:08 . 2009-09-17 15:08 3 --sha-w- c:\windows\system32\hulizoki.dll
2009-09-24 03:10 . 2009-09-24 03:10 3 --sha-w- c:\windows\system32\jobaruse.dll
2009-09-20 15:08 . 2009-09-20 15:08 3 --sha-w- c:\windows\system32\jomeliri.dll
2009-09-15 13:06 . 2009-09-15 13:06 3 --sha-w- c:\windows\system32\jusulome.dll
2009-09-28 07:12 . 2009-09-28 07:12 3 --sha-w- c:\windows\system32\kivafafo.dll
2009-09-11 13:05 . 2009-09-11 13:05 3 --sha-w- c:\windows\system32\kufefele.dll
2009-09-29 07:12 . 2009-09-29 07:12 3 --sha-w- c:\windows\system32\kuhitota.dll
2009-09-17 03:07 . 2009-09-17 03:07 3 --sha-w- c:\windows\system32\lezaromo.dll
2009-09-22 03:09 . 2009-09-22 03:09 3 --sha-w- c:\windows\system32\liyeruna.dll
2009-09-18 15:08 . 2009-09-18 15:08 3 --sha-w- c:\windows\system32\lobelepi.dll
2009-09-28 19:12 . 2009-09-28 19:12 3 --sha-w- c:\windows\system32\mayumova.dll
2009-09-27 07:12 . 2009-09-27 07:12 3 --sha-w- c:\windows\system32\nerikojo.dll
2009-09-12 13:05 . 2009-09-12 13:05 3 --sha-w- c:\windows\system32\nuguzute.dll
2009-09-18 15:08 . 2009-09-18 15:08 3 --sha-w- c:\windows\system32\nuwonaka.dll
2009-09-17 15:07 . 2009-09-17 15:07 3 --sha-w- c:\windows\system32\pesohoyi.dll
2009-09-13 13:06 . 2009-09-13 13:06 3 --sha-w- c:\windows\system32\pezizaka.dll
2009-09-28 19:12 . 2009-09-28 19:12 3 --sha-w- c:\windows\system32\rihudore.dll
2009-09-29 19:13 . 2009-09-29 19:13 3 --sha-w- c:\windows\system32\rurafefe.dll
2009-09-21 03:09 . 2009-09-21 03:09 3 --sha-w- c:\windows\system32\sagibuka.dll
2009-09-22 03:09 . 2009-09-22 03:09 3 --sha-w- c:\windows\system32\suhebilo.dll
2009-09-16 15:07 . 2009-09-16 15:07 3 --sha-w- c:\windows\system32\sumonibe.dll
2009-09-29 19:13 . 2009-09-29 19:13 3 --sha-w- c:\windows\system32\tarupaka.dll
2009-09-15 13:06 . 2009-09-15 13:06 3 --sha-w- c:\windows\system32\tavitome.dll
2009-09-24 15:10 . 2009-09-24 15:10 3 --sha-w- c:\windows\system32\tevajeke.dll
2009-09-17 03:07 . 2009-09-17 03:07 3 --sha-w- c:\windows\system32\tinajepu.dll
2009-09-26 19:11 . 2009-09-26 19:11 3 --sha-w- c:\windows\system32\tomahesu.dll
2009-09-10 01:04 . 2009-09-10 01:04 3 --sha-w- c:\windows\system32\wagisevu.dll
2009-09-19 15:08 . 2009-09-19 15:08 3 --sha-w- c:\windows\system32\wanelojo.dll
2009-09-23 15:09 . 2009-09-23 15:09 3 --sha-w- c:\windows\system32\wazefosu.dll
2009-09-19 15:08 . 2009-09-19 15:08 3 --sha-w- c:\windows\system32\wonemawa.dll
2009-09-27 07:12 . 2009-09-27 07:12 3 --sha-w- c:\windows\system32\wotudufa.dll
2009-09-29 07:12 . 2009-09-29 07:12 3 --sha-w- c:\windows\system32\yajovoku.dll
2009-09-13 13:06 . 2009-09-13 13:06 3 --sha-w- c:\windows\system32\zilukiri.dll
2009-09-16 15:07 . 2009-09-16 15:07 3 --sha-w- c:\windows\system32\ziyojozi.dll
2009-09-28 07:12 . 2009-09-28 07:12 3 --sha-w- c:\windows\system32\zotorezi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-08 843776]
"Launch Ai Booster"="c:\program files\ASUS\Ai Booster\OverClk.exe" [2006-05-05 3680256]
"Ai Nap"="c:\program files\ASUS\Ai Nap\AiNap.exe" [2006-05-11 1090560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"EM_EXEC"="c:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-05-01 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"smss32.exe"="c:\windows\system32\smss32.exe" [2010-01-09 33792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-10 2033432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2008-4-1 966656]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-4-2 270336]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\winlogon32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.1.8125-to-2.4.2.8278-enUS-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcAppFlt.exe"=
"c:\\Program Files\\ASUS\\Ai Nap\\AiNap.exe"=
"c:\\Program Files\\Common Files\\iS3\\Anti-Spyware\\SZServer.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [5/12/2009 1:13 PM 61328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/10/2010 12:49 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/10/2010 12:49 AM 360584]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [5/12/2009 1:13 PM 61328]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [4/2/2008 12:15 AM 5824]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 1:10 PM 32512]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [4/1/2008 11:19 PM 287488]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [4/1/2008 11:18 PM 13532]
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {6CA38132-088F-41A1-B52C-F026C6F22D5B} = 193.104.110.38,4.2.2.1,207.32.194.7 207.32.194.1
TCP: {D5FF89EB-078A-48FD-9DB3-A3802EBB3266} = 193.104.110.38,4.2.2.1,207.32.194.7 207.32.194.1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-SITEguard - (no file)
AddRemove-{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1 - c:\program files\Driver Robot\1.1.0.14\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 04:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\helper32.dll 0 bytes
c:\windows\system32\IS15.exe 0 bytes
c:\windows\system32\41.exe 0 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,34,ce,f9,f1,ce,32,49,86,c3,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,34,ce,f9,f1,ce,32,49,86,c3,b7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\jscript.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgemc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-01-10 04:28:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 12:28

Pre-Run: 135,590,555,648 bytes free
Post-Run: 136,222,928,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 52A3F501C5D37BD5E7171F5287824016
  • 0

#3
Bustedcomp
Posted 10 January 2010 - 04:44 PM

Bustedcomp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Any idea's what I should do? I got this big ol background telling me my comp is infected.
  • 0

#4
Bustedcomp
Posted 10 January 2010 - 08:49 PM

Bustedcomp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
hello?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP