Tech Support Forum banner
Cancel

malware

Jump to Latest Follow
Status
Not open for further replies.
1 - 18 of 18 Posts
C

· Registered
Joined
·
441 Posts
Discussion Starter · #1 ·
hello

My pc is infected with malware and I've ran hijackthis on it and I've attached the log file. will someone please analyze this and let me know what I can get rid of?

Combofix and Malware removal aren't installing.

Please help!
 

Attachments

C

· Registered
Joined
·
441 Posts
Discussion Starter · #3 ·
ok, here's the log file.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:15 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Desktop\Malware removal\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\System32\Starter.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] D:\AVAST4~1\ashDisp.exe
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Admin\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [b4ffd284] rundll32.exe "C:\WINDOWS\system32\knakllwa.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: grqeqq.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avast 4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Avast 4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avast 4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avast 4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (file missing)

--
End of file - 5706 bytes
 
Angelfire777

· Registered
Joined
·
4,590 Posts
#4 ·
Did you look at the thread I showed you? I need logs from programs like DDS and GMER. Instructions to download and run them are in the thread.

Let me know if you have problems following the instructions in that thread.
 
Save Share
C

· Registered
Joined
·
441 Posts
Discussion Starter · #7 ·
here's the dds



DDS (Version 1.0) - NTFSx86 MINIMAL
Run by Administrator at 13:25:01.83 on Sat 11/22/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.378 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
G:\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: {5600363C-B1A7-464C-9D48-B57A901A74FA} - c:\windows\system32\awtsRiff.dll
BHO: {AA4E95B0-8552-4610-A6DB-6ABBFA7D9137} - c:\windows\system32\vtUolIcY.dll
BHO: {C5BF49A2-94F3-42BD-F434-3604812C897D} - c:\windows\system32\jsne87fidgf.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [userinit] c:\windows\system32\ntos.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [EnsoniqMixer] c:\windows\system32\Starter.Exe
mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NBKeyScan] "c:\program files\nero\nero backitup 4\NBKeyScan.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [avast!] d:\avast4~1\ashDisp.exe
mRun: [brastk] brastk.exe
mRun: [xsjfn83jkemfofght] c:\docume~1\admin\locals~1\temp\winlogin.exe
mRun: [rs32net] c:\windows\system32\rs32net.exe
mRun: [b4ffd284] rundll32.exe "c:\windows\system32\ctxsmkrk.dll",b
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRun: [brastk] c:\windows\system32\brastk.exe
dRun: [userinit] c:\windows\system32\ntos.exe
dRun: [xlpmohmr.exe] c:\windows\xlpmohmr.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoResolveSearch = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogoff = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: DisableTaskMgr = 0 (0x0)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoResolveSearch = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: ForceStartMenuLogoff = 0 (0x0)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: awtsRiff - awtsRiff.dll
Notify: ubhvwvz - ubhvwvz32.dll
AppInit_DLLs: grqeqq.dll ftuewe.dll
STS: {C5BF49A2-94F3-42BD-F434-3604812C897D} - c:\windows\system32\jsne87fidgf.dll
SEH: {5600363C-B1A7-464C-9D48-B57A901A74FA} - c:\windows\system32\awtsRiff.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUolIcY

============= SERVICES / DRIVERS ===============

R0 ati4svxx;ati4svxx;c:\windows\system32\drivers\ati4svxx.sys
S0 ati2txxx;ati2txxx;c:\windows\system32\drivers\ati2txxx.sys
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys
S1 ethtghgd;ethtghgd;c:\windows\system32\drivers\ethtghgd.sys
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
S2 ICF;ICF;c:\windows\system32\svchost.exe:ext.exe
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe
S3 ati5dgxx;ati5dgxx;\??\c:\windows\system32\drivers\ati5dgxx.sys
S3 ati7bexx;ati7bexx;\??\c:\windows\system32\drivers\ati7bexx.sys
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys

=============== Created Last 30 ================

2008-11-22 12:50 811,008 a------- C:\gmer.exe
2008-11-21 21:01 5,760 a------- c:\windows\system32\drivers\restore.sys
2008-11-20 16:14 135,168 a------- c:\windows\system32\drivers\ethtghgd.sys
2008-11-20 16:14 3,584 a------- c:\windows\xlpmohmr.exe
2008-11-20 13:59 104,448 a------- c:\windows\system32\txeyltbi.dll
2008-11-20 13:59 104,448 a------- c:\windows\system32\ftuewe.dll
2008-11-20 13:56 1,532,968 ---sh--- c:\windows\system32\krkmsxtc.ini
2008-11-20 13:56 41,472 a------- c:\windows\system32\qoknuecr.dll
2008-11-20 13:54 104,448 a------- c:\windows\system32\gnlpzv.dll
2008-11-20 13:54 104,448 a------- c:\windows\system32\wdnbcqgj.dll
2008-11-20 13:53 1,532,977 ---sh--- c:\windows\system32\vbyseymi.ini
2008-11-20 13:53 41,472 a------- c:\windows\system32\cahyfmda.dll
2008-11-18 20:33 21,504 a------- c:\windows\system32\ubhvwvz32.dll
2008-11-18 18:30 32,768 a------- c:\windows\system32\drivers\ati5dgxx.sys
2008-11-18 18:24 32,768 a------- c:\windows\system32\drivers\ati4svxx.sys
2008-11-18 15:10 32,768 a------- c:\windows\system32\drivers\ati7bexx.sys
2008-11-18 15:06 104,448 a------- c:\windows\system32\grqeqq.dll
2008-11-18 15:06 104,448 a------- c:\windows\system32\cgmjkjyi.dll
2008-11-18 13:38 1,492,927 ---sh--- c:\windows\system32\awllkank.ini
2008-11-18 13:38 71,168 -------- c:\windows\system32\knakllwa.dll
2008-11-18 13:35 41,472 a------- c:\windows\system32\oqhleixe.dll
2008-11-18 13:35 749,275 a--sh--- c:\windows\system32\YcIloUtv.ini2
2008-11-18 13:35 749,275 a--sh--- c:\windows\system32\YcIloUtv.ini
2008-11-18 13:34 246,272 -------- c:\windows\system32\vtUolIcY.dll
2008-11-18 13:16 21,504 a------- c:\windows\system32\ubhvwvz.dll
2008-11-17 21:13 32,768 a------- c:\windows\system32\drivers\ati2txxx.sys
2008-11-17 21:13 22,528 a------- c:\windows\system32\rs32net.exe
2008-11-17 21:13 104,448 a------- C:\jwwgtuh.exe
2008-11-17 21:12 50,688 a------- C:\yjvmtaa.exe
2008-11-17 12:05 103,936 a------- c:\windows\system32\axquoq.dll
2008-11-17 12:05 1,537,867 ---sh--- c:\windows\system32\rsbfjyhu.ini
2008-11-17 12:05 103,936 a------- c:\windows\system32\ktyrflxc.dll
2008-11-17 12:05 41,472 a------- c:\windows\system32\esdwwdfd.dll
2008-11-17 11:11 <DIR> --dsh--- c:\windows\system32\wsnpoem
2008-11-17 11:11 10,000 a------- c:\windows\system32\jsne87fidgf.dll
2008-11-17 11:11 50,688 a------- C:\ruldmeb.exe
2008-11-17 11:11 140,288 a------- C:\yvmkdwn.exe
2008-11-16 21:13 5,120 a------- c:\windows\system32\brastk.exe
2008-11-16 21:13 5,120 a------- c:\windows\brastk.exe
2008-11-16 20:59 <DIR> --d----- c:\program files\Antispyware
2008-11-16 20:26 50,968 a------- c:\windows\system32\avgfwdx.dll
2008-11-16 20:26 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2008-11-16 20:18 104,448 a------- c:\windows\system32\gymfyw.dll
2008-11-16 20:18 104,448 a------- c:\windows\system32\vtvdyqfr.dll
2008-11-16 20:18 1,538,441 ---sh--- c:\windows\system32\jogjkrbr.ini
2008-11-16 20:17 41,472 a------- c:\windows\system32\bxchkbaj.dll
2008-11-16 16:29 1,538,441 ---sh--- c:\windows\system32\fuptpoag.ini
2008-11-16 16:29 104,448 a------- c:\windows\system32\bojntn.dll
2008-11-16 16:29 104,448 a------- c:\windows\system32\cwfrxmus.dll
2008-11-16 16:27 41,472 a------- c:\windows\system32\bilrarhq.dll
2008-11-16 15:59 1,538,441 ---sh--- c:\windows\system32\irddkych.ini
2008-11-16 15:59 104,448 a------- c:\windows\system32\nehlhq.dll
2008-11-16 15:59 104,448 a------- c:\windows\system32\pediovmv.dll
2008-11-16 15:59 41,472 a------- c:\windows\system32\vjtuesyc.dll
2008-11-16 15:22 104,448 a------- c:\windows\system32\jimbkq.dll
2008-11-16 15:22 1,538,441 ---sh--- c:\windows\system32\gehclmak.ini
2008-11-16 15:22 104,448 a------- c:\windows\system32\abowdrhu.dll
2008-11-16 15:22 41,472 a------- c:\windows\system32\nwdebako.dll
2008-11-16 15:00 19,748 a------- c:\windows\safy._sy
2008-11-16 15:00 11,614 a------- c:\windows\system32\fyqev.bat
2008-11-16 15:00 10,152 a------- c:\windows\yneko.com
2008-11-16 15:00 10,007 a------- c:\windows\system32\ozeji.ban
2008-11-16 15:00 19,776 a------- c:\windows\safigywul._sy
2008-11-16 15:00 18,728 a------- c:\docume~1\alluse~1\applic~1\qydoj.scr
2008-11-16 15:00 15,865 a------- c:\program files\common files\irudahi.exe
2008-11-16 15:00 15,768 a------- c:\windows\uciwemeg.dll
2008-11-16 15:00 15,103 a------- c:\program files\common files\eroj.bin
2008-11-16 15:00 12,401 a------- c:\docume~1\alluse~1\applic~1\yhezocuwok.scr
2008-11-16 15:00 11,665 a------- c:\windows\system32\asomexel.reg
2008-11-16 15:00 19,922 a------- c:\windows\system32\ragovemi.bin
2008-11-16 15:00 17,721 a------- c:\windows\system32\akohigepig._sy
2008-11-16 15:00 10,550 a------- c:\docume~1\alluse~1\applic~1\atet.dat
2008-11-16 14:32 19,047 a------- c:\program files\common files\ularetesy.sys
2008-11-16 14:32 18,214 a------- c:\windows\atyceni.pif
2008-11-16 14:32 16,262 a------- c:\windows\system32\vycuvo.sys
2008-11-16 14:32 14,287 a------- c:\windows\wetopyqoq.reg
2008-11-16 14:32 14,064 a------- c:\windows\system32\ijixova.exe
2008-11-16 14:32 13,668 a------- c:\windows\system32\okynudaq.dat
2008-11-16 14:32 12,152 a------- c:\windows\system32\imav._dl
2008-11-16 14:32 12,035 a------- c:\windows\system32\akorixyb.dl
2008-11-16 14:32 11,927 a------- c:\windows\system32\enyzy.exe
2008-11-16 14:32 11,571 a------- c:\program files\common files\olez.vbs
2008-11-16 14:32 11,502 a------- c:\windows\kylizulex.dll
2008-11-16 14:32 11,141 a------- c:\program files\common files\kexetuhy.scr
2008-11-16 14:32 10,825 a------- c:\windows\xihimyquq.sys
2008-11-16 14:32 16,596 a------- c:\program files\common files\jelanyb.vbs
2008-11-16 14:27 16,665 a------- c:\windows\ilazobuf.reg
2008-11-16 14:27 16,273 a------- c:\docume~1\alluse~1\applic~1\vytivyq.bat
2008-11-16 14:27 15,538 a------- c:\windows\system32\ydelybe.inf
2008-11-16 14:27 14,202 a------- c:\program files\common files\jamelix.bat
2008-11-16 14:27 14,062 a------- c:\program files\common files\aniw.pif
2008-11-16 14:27 12,719 a------- c:\windows\tyrujapabi.exe
2008-11-16 14:27 12,169 a------- c:\windows\osuniro._sy
2008-11-16 14:27 11,038 a------- c:\windows\yguduki._sy
2008-11-15 21:14 70,656 a------- c:\windows\system32\yibdhcug.dll
2008-11-15 21:14 104,448 a------- c:\windows\system32\yvduru.dll
2008-11-15 21:14 104,448 a------- c:\windows\system32\deffluvc.dll
2008-11-15 20:07 14,655 a------- c:\windows\yfesejyqe.inf
2008-11-15 20:07 11,190 a------- c:\windows\system32\ytanepype.com
2008-11-15 20:07 19,816 a------- c:\program files\common files\kifak.vbs
2008-11-15 20:07 14,845 a------- c:\windows\system32\uwuzisihu.inf
2008-11-15 20:07 14,098 a------- c:\program files\common files\edivyda.scr
2008-11-15 20:07 13,903 a------- c:\windows\ydiq.exe
2008-11-15 20:07 12,418 a------- c:\docume~1\alluse~1\applic~1\tovyxup.sys
2008-11-15 20:07 12,056 a------- c:\docume~1\alluse~1\applic~1\isotypokal.bin
2008-11-15 20:07 11,390 a------- c:\windows\system32\nysap.vbs
2008-11-15 20:07 10,749 a------- c:\program files\common files\oqodypi.sys
2008-11-15 20:05 1,538,441 ---sh--- c:\windows\system32\dvrifjjh.ini
2008-11-15 20:05 70,656 a------- c:\windows\system32\hjjfirvd.dll
2008-11-15 20:05 6,971 a------- c:\windows\system32\wini108023.exe
2008-11-15 20:00 114 a------- c:\windows\system32\delself.bat
2008-11-15 20:00 104,448 a------- c:\windows\system32\ljgwzn.dll
2008-11-15 20:00 104,448 a------- c:\windows\system32\oqobssol.dll
2008-11-15 19:59 344 a--sh--- c:\windows\system32\WvDLnUvw.ini
2008-11-15 19:54 2 a------- C:\-1258302933
2008-11-15 19:54 104,448 a------- C:\pqiuo.exe
2008-11-15 19:53 35,840 a------- c:\windows\system32\wvUnMcyA.dll
2008-11-15 19:53 35,840 a------- c:\windows\system32\awtsRiff.dll
2008-11-15 19:29 <DIR> --d----- c:\windows\system32\NtmsData
2008-11-15 13:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-11-14 13:12 <DIR> --d----- c:\windows\system32\dumps
2008-11-13 23:14 774,144 a------- c:\windows\system32\NEROINSTAEC43759.DB
2008-11-13 23:14 1,414,440 a------- c:\windows\system32\ShellManager310E2D762.dll
2008-11-13 22:56 <DIR> --d----- c:\program files\NeroInstall.bak
2008-11-13 22:47 <DIR> --d----- c:\program files\Nero
2008-11-12 19:34 <DIR> --d----- c:\windows\RegisteredPackages
2008-11-09 17:01 69 a------- c:\windows\NeroDigital.ini
2008-11-09 14:35 4,767 a------- c:\windows\Irremote.ini
2008-11-09 14:01 14,048 -------- c:\windows\system32\spmsg2.dll
2008-11-08 20:35 <DIR> --d----- c:\program files\MSXML 4.0
2008-11-08 20:20 <DIR> --d----- c:\windows\system32\XPSViewer
2008-11-06 13:40 <DIR> --d----- c:\program files\Yahoo!
2008-11-06 13:27 38,912 a------- c:\windows\system32\picn20.dll
2008-11-06 13:27 544,768 a------- c:\windows\system32\imagx5.dll
2008-11-06 13:27 569,344 a------- c:\windows\system32\imagr5.dll
2008-11-06 13:27 283,920 a------- c:\windows\system32\ImagXpr5.dll
2008-11-06 13:23 1,047,552 a------- c:\windows\system32\mfc71u.dll

==================== Find3M ====================

2008-11-21 21:37 14,336 a------- c:\windows\system32\svchost.exe
2008-11-17 11:40 81,920 a------- c:\windows\DUMP2140.tmp
2008-11-16 20:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-09 16:38 <DIR> --d----- c:\program files\EPSON Print CD
2008-10-31 15:05 <DIR> --d----- c:\program files\CursorXP
2008-10-21 19:16 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-10-08 12:28 <DIR> --d----- c:\program files\Easy AVI Converter
2008-09-29 15:18 3,082 a------- c:\windows\system32\affv6628p4now.sys
2008-09-28 21:07 2,560 ac------ c:\windows\_MSRSTRT.EXE
2008-09-28 21:05 <DIR> --d----- c:\program files\Panicware
2008-09-28 16:42 <DIR> --d----- c:\program files\Qimage
2008-05-22 20:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL

============= FINISH: 13:27:43.33 ===============
 
Angelfire777

· Registered
Joined
·
4,590 Posts
#9 ·
Hi,

Your computer is teeming with a LOT of malware..Is your avast updated?

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for ISP login, email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.
___________

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 
Save Share
C

· Registered
Joined
·
441 Posts
Discussion Starter · #10 ·
I can't get combofix installed. When I click on the installation file, nothing happens. Tried it in safe mode - didn't work.

My PC is randomly rebooting and freezing on me too - before I even log-on!

What should I do??
 
Angelfire777

· Registered
Joined
·
4,590 Posts
#11 · (Edited)
delete your copy of combofix then:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3




--------------------------------------------------------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 
Save Share
C

· Registered
Joined
·
441 Posts
Discussion Starter · #12 ·
here's the combofix log


ComboFix 08-11-22.02 - Admin 2008-11-23 23:18:55.1 - NTFSx86

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Cookies\anide.bin
c:\documents and settings\Admin\Cookies\anohez.scr
c:\documents and settings\Admin\Cookies\eges.dat
c:\documents and settings\Admin\Cookies\elilu.scr
c:\documents and settings\Admin\Cookies\exewylir.db
c:\documents and settings\Admin\Cookies\feme._dl
c:\documents and settings\Admin\Cookies\ihul.pif
c:\documents and settings\Admin\Cookies\inuhalixah.com
c:\documents and settings\Admin\Cookies\kamuti.reg
c:\documents and settings\Admin\Cookies\pemyhil._dl
c:\documents and settings\Admin\Cookies\ulonam.inf
c:\documents and settings\Admin\Cookies\welazaci.lib
c:\documents and settings\Admin\Cookies\wojik.vbs
c:\documents and settings\Admin\Cookies\yqyx.scr
c:\documents and settings\Admin\Cookies\yqyz.scr
c:\documents and settings\Admin\Favorites\Download programs.url
c:\documents and settings\Admin\Favorites\Games.url
c:\documents and settings\Admin\Favorites\Translator.url
c:\documents and settings\Admin\Favorites\Videos.url
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\kezikapoxy.sys
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\lolo._sy
c:\documents and settings\Admin\Local Settings\Temporary Internet Files\qubysev.pif
c:\program files\Antispyware
c:\program files\Antispyware\Antispyware.url
c:\program files\Antispyware\DataBase.ref
c:\program files\Antispyware\SpyCleaner.dll
c:\program files\Antispyware\TCL.dll
c:\program files\Antispyware\vistaCPtasks.xml
c:\program files\Antispyware\zlib.dll
c:\windows\brastk.exe
c:\windows\system32\abowdrhu.dll
c:\windows\system32\awllkank.ini
c:\windows\system32\awtsRiff.dll
c:\windows\system32\axquoq.dll
c:\windows\system32\bojntn.dll
c:\windows\system32\brastk.exe
c:\windows\system32\cgmjkjyi.dll
c:\windows\system32\cwfrxmus.dll
c:\windows\system32\deffluvc.dll
c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\ati4svxx.sys
c:\windows\system32\drivers\ati5dgxx.sys
c:\windows\system32\drivers\ati7bexx.sys
c:\windows\system32\drivers\tdssserv.sys
c:\windows\system32\dvrifjjh.ini
c:\windows\system32\ftuewe.dll
c:\windows\system32\fuptpoag.ini
c:\windows\system32\gehclmak.ini
c:\windows\system32\gnlpzv.dll
c:\windows\system32\grqeqq.dll
c:\windows\system32\gymfyw.dll
c:\windows\system32\hjjfirvd.dll
c:\windows\system32\irddkych.ini
c:\windows\system32\jimbkq.dll
c:\windows\system32\jogjkrbr.ini
c:\windows\system32\jsne87fidgf.dll
c:\windows\system32\knakllwa.dll
c:\windows\system32\krkmsxtc.ini
c:\windows\system32\ktyrflxc.dll
c:\windows\system32\ljgwzn.dll
c:\windows\system32\nehlhq.dll
c:\windows\system32\ntos.exe
c:\windows\system32\oqobssol.dll
c:\windows\system32\pediovmv.dll
c:\windows\system32\rs32net.exe
c:\windows\system32\rsbfjyhu.ini
c:\windows\system32\tdssadw.dll
c:\windows\system32\tdssl.dll
c:\windows\system32\tdsslog.dll
c:\windows\system32\tdssmain.dll
c:\windows\system32\tdssservers.dat
c:\windows\system32\txeyltbi.dll
c:\windows\system32\ubhvwvz.dll
c:\windows\system32\ubhvwvz32.dll
c:\windows\system32\vbyseymi.ini
c:\windows\system32\vtUolIcY.dll
c:\windows\system32\vtvdyqfr.dll
c:\windows\system32\wdnbcqgj.dll
c:\windows\system32\wini108023.exe
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll
c:\windows\system32\WvDLnUvw.ini
c:\windows\system32\wvUnMcyA.dll
c:\windows\system32\YcIloUtv.ini
c:\windows\system32\YcIloUtv.ini2
c:\windows\system32\yibdhcug.dll
c:\windows\system32\yvduru.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_ATI4SVXX
-------\Legacy_ATI5DGXX
-------\Legacy_ATI7BEXX
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_RESTORE
-------\Service_ati4svxx
-------\Service_ati5dgxx
-------\Service_ati7bexx


((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-23 23:38 . 2008-11-23 23:38 <DIR> d-------- c:\windows\system32\xircom
2008-11-23 23:38 . 2008-11-23 23:38 <DIR> d-------- c:\program files\microsoft frontpage
2008-11-22 12:50 . 2008-04-17 21:13 811,008 --a------ C:\gmer.exe
2008-11-20 16:14 . 2008-11-20 16:14 135,168 --a------ c:\windows\system32\drivers\ethtghgd.sys
2008-11-20 16:14 . 2008-11-20 16:14 3,584 --a------ c:\windows\xlpmohmr.exe
2008-11-20 13:56 . 2008-11-20 13:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-20 13:56 . 2008-11-20 13:56 41,472 --a------ c:\windows\system32\qoknuecr.dll
2008-11-20 13:53 . 2008-11-20 13:53 41,472 --a------ c:\windows\system32\cahyfmda.dll
2008-11-18 13:35 . 2008-11-18 13:35 41,472 --a------ c:\windows\system32\oqhleixe.dll
2008-11-17 21:13 . 2008-11-17 21:13 104,448 --a------ C:\jwwgtuh.exe
2008-11-17 21:13 . 2008-11-18 13:27 32,768 --a------ c:\windows\system32\drivers\ati2txxx.sys
2008-11-17 21:12 . 2008-11-17 21:12 50,688 --a------ C:\yjvmtaa.exe
2008-11-17 12:05 . 2008-11-17 12:05 41,472 --a------ c:\windows\system32\esdwwdfd.dll
2008-11-17 11:45 . 2008-11-17 11:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DivX
2008-11-17 11:11 . 2008-11-17 11:20 140,288 --a------ C:\yvmkdwn.exe
2008-11-17 11:11 . 2008-11-17 11:20 50,688 --a------ C:\ruldmeb.exe
2008-11-16 20:26 . 2008-11-16 20:26 50,968 --a------ c:\windows\system32\avgfwdx.dll
2008-11-16 20:26 . 2008-11-16 20:26 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2008-11-16 20:17 . 2008-11-16 20:17 41,472 --a------ c:\windows\system32\bxchkbaj.dll
2008-11-16 16:27 . 2008-11-16 16:27 41,472 --a------ c:\windows\system32\bilrarhq.dll
2008-11-16 15:59 . 2008-11-16 15:59 41,472 --a------ c:\windows\system32\vjtuesyc.dll
2008-11-16 15:22 . 2008-11-16 15:22 41,472 --a------ c:\windows\system32\nwdebako.dll
2008-11-16 15:00 . 2008-11-16 15:00 19,922 --a------ c:\windows\system32\ragovemi.bin
2008-11-16 15:00 . 2008-11-16 15:00 19,776 --a------ c:\windows\safigywul._sy
2008-11-16 15:00 . 2008-11-16 15:00 19,748 --a------ c:\windows\safy._sy
2008-11-16 15:00 . 2008-11-16 15:00 18,728 --a------ c:\documents and settings\All Users\Application Data\qydoj.scr
2008-11-16 15:00 . 2008-11-16 15:00 17,721 --a------ c:\windows\system32\akohigepig._sy
2008-11-16 15:00 . 2008-11-16 15:00 15,865 --a------ c:\program files\Common Files\irudahi.exe
2008-11-16 15:00 . 2008-11-16 15:00 15,768 --a------ c:\windows\uciwemeg.dll
2008-11-16 15:00 . 2008-11-16 15:00 15,103 --a------ c:\program files\Common Files\eroj.bin
2008-11-16 15:00 . 2008-11-16 15:00 12,401 --a------ c:\documents and settings\All Users\Application Data\yhezocuwok.scr
2008-11-16 15:00 . 2008-11-16 15:00 11,665 --a------ c:\windows\system32\asomexel.reg
2008-11-16 15:00 . 2008-11-16 15:00 11,614 --a------ c:\windows\system32\fyqev.bat
2008-11-16 15:00 . 2008-11-16 15:00 10,550 --a------ c:\documents and settings\All Users\Application Data\atet.dat
2008-11-16 15:00 . 2008-11-16 15:00 10,152 --a------ c:\windows\yneko.com
2008-11-16 15:00 . 2008-11-16 15:00 10,007 --a------ c:\windows\system32\ozeji.ban
2008-11-16 14:32 . 2008-11-16 14:32 19,047 --a------ c:\program files\Common Files\ularetesy.sys
2008-11-16 14:32 . 2008-11-16 14:32 18,214 --a------ c:\windows\atyceni.pif
2008-11-16 14:32 . 2008-11-16 14:32 16,596 --a------ c:\program files\Common Files\jelanyb.vbs
2008-11-16 14:32 . 2008-11-16 14:32 16,262 --a------ c:\windows\system32\vycuvo.sys
2008-11-16 14:32 . 2008-11-16 14:32 14,287 --a------ c:\windows\wetopyqoq.reg
2008-11-16 14:32 . 2008-11-16 14:32 14,064 --a------ c:\windows\system32\ijixova.exe
2008-11-16 14:32 . 2008-11-16 14:32 13,668 --a------ c:\windows\system32\okynudaq.dat
2008-11-16 14:32 . 2008-11-16 14:32 12,587 --a------ c:\documents and settings\Admin\Application Data\ocati.dat
2008-11-16 14:32 . 2008-11-16 14:32 12,152 --a------ c:\windows\system32\imav._dl
2008-11-16 14:32 . 2008-11-16 14:32 12,035 --a------ c:\windows\system32\akorixyb.dl
2008-11-16 14:32 . 2008-11-16 14:32 11,927 --a------ c:\windows\system32\enyzy.exe
2008-11-16 14:32 . 2008-11-16 14:32 11,571 --a------ c:\program files\Common Files\olez.vbs
2008-11-16 14:32 . 2008-11-16 14:32 11,502 --a------ c:\windows\kylizulex.dll
2008-11-16 14:32 . 2008-11-16 14:32 11,141 --a------ c:\program files\Common Files\kexetuhy.scr
2008-11-16 14:32 . 2008-11-16 14:32 10,825 --a------ c:\windows\xihimyquq.sys
2008-11-16 14:27 . 2008-11-16 14:27 16,665 --a------ c:\windows\ilazobuf.reg
2008-11-16 14:27 . 2008-11-16 14:27 16,273 --a------ c:\documents and settings\All Users\Application Data\vytivyq.bat
2008-11-16 14:27 . 2008-11-16 14:27 15,538 --a------ c:\windows\system32\ydelybe.inf
2008-11-16 14:27 . 2008-11-16 14:27 15,434 --a------ c:\documents and settings\Admin\Application Data\ojypemavy.reg
2008-11-16 14:27 . 2008-11-16 14:27 15,232 --a------ c:\documents and settings\Admin\Application Data\humoly.dll
2008-11-16 14:27 . 2008-11-16 14:27 14,413 --a------ c:\documents and settings\Admin\Application Data\zafyhyqyxa.dat
2008-11-16 14:27 . 2008-11-16 14:27 14,202 --a------ c:\program files\Common Files\jamelix.bat
2008-11-16 14:27 . 2008-11-16 14:27 14,062 --a------ c:\program files\Common Files\aniw.pif
2008-11-16 14:27 . 2008-11-16 14:27 12,719 --a------ c:\windows\tyrujapabi.exe
2008-11-16 14:27 . 2008-11-16 14:27 12,569 --a------ c:\documents and settings\Admin\Application Data\dovyjir.bin
2008-11-16 14:27 . 2008-11-16 14:27 12,169 --a------ c:\windows\osuniro._sy
2008-11-16 14:27 . 2008-11-16 14:27 11,038 --a------ c:\windows\yguduki._sy
2008-11-16 14:27 . 2008-11-16 14:27 10,895 --a------ c:\documents and settings\Admin\Application Data\ysox.dll
2008-11-16 00:04 . 2008-11-16 00:04 <DIR> d-------- c:\documents and settings\Admin\Application Data\Antispyware
2008-11-15 20:07 . 2008-11-15 20:07 19,816 --a------ c:\program files\Common Files\kifak.vbs
2008-11-15 20:07 . 2008-11-15 20:07 14,845 --a------ c:\windows\system32\uwuzisihu.inf
2008-11-15 20:07 . 2008-11-15 20:07 14,655 --a------ c:\windows\yfesejyqe.inf
2008-11-15 20:07 . 2008-11-15 20:07 14,098 --a------ c:\program files\Common Files\edivyda.scr
2008-11-15 20:07 . 2008-11-15 20:07 13,903 --a------ c:\windows\ydiq.exe
2008-11-15 20:07 . 2008-11-15 20:07 12,418 --a------ c:\documents and settings\All Users\Application Data\tovyxup.sys
2008-11-15 20:07 . 2008-11-15 20:07 12,056 --a------ c:\documents and settings\All Users\Application Data\isotypokal.bin
2008-11-15 20:07 . 2008-11-15 20:07 11,390 --a------ c:\windows\system32\nysap.vbs
2008-11-15 20:07 . 2008-11-15 20:07 11,190 --a------ c:\windows\system32\ytanepype.com
2008-11-15 20:07 . 2008-11-15 20:07 10,749 --a------ c:\program files\Common Files\oqodypi.sys
2008-11-15 19:55 . 2008-11-15 20:04 73,728 --a------ c:\windows\system32\TDSScfum.dll
2008-11-15 19:55 . 2008-11-15 20:04 60,416 --a------ c:\windows\system32\drivers\TDSSpaxt.sys
2008-11-15 19:55 . 2008-11-15 20:04 35,840 --a------ c:\windows\system32\TDSSofxh.dll
2008-11-15 19:55 . 2008-11-15 20:04 31,232 --a------ c:\windows\system32\TDSSriqp.dll
2008-11-15 19:55 . 2008-11-15 20:04 29,696 --a------ c:\windows\system32\TDSSnrsr.dll
2008-11-15 19:55 . 2008-11-23 13:54 2,348 --a------ c:\windows\system32\TDSSfxmp.dll
2008-11-15 19:55 . 2008-11-15 20:04 527 --a------ c:\windows\system32\TDSSosvd.dat
2008-11-15 19:54 . 2008-11-15 19:54 104,448 --a------ C:\pqiuo.exe
2008-11-15 19:54 . 2008-11-17 21:12 2 --a------ C:\-1258302933
2008-11-15 19:29 . 2008-11-23 18:39 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-15 13:27 . 2008-11-15 13:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-11-14 13:12 . 2008-11-14 13:12 <DIR> d-------- c:\windows\system32\dumps
2008-11-13 23:14 . 2008-03-17 14:45 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2008-11-13 23:14 . 2008-03-11 19:30 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-11-13 22:56 . 2008-11-13 22:56 <DIR> d-------- c:\program files\NeroInstall.bak
2008-11-13 22:47 . 2008-11-13 22:47 <DIR> d-------- c:\program files\Nero
2008-11-13 22:47 . 2008-11-15 12:55 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-12 19:40 . 2008-11-12 19:40 <DIR> d-------- c:\documents and settings\Admin\Application Data\Nero
2008-11-09 17:01 . 2008-11-12 20:14 69 --a------ c:\windows\NeroDigital.ini
2008-11-09 14:35 . 2008-11-12 16:05 4,767 --a------ c:\windows\Irremote.ini
2008-11-09 14:01 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-11-08 20:35 . 2008-11-08 20:35 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-08 20:35 . 2008-11-08 20:35 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-08 20:20 . 2008-11-15 23:28 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-08 20:18 . 2008-11-08 20:18 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-08 19:45 . 2008-11-08 20:35 <DIR> d-------- c:\documents and settings\Admin\Application Data\DNA
2008-11-06 17:18 . 2008-11-06 17:18 <DIR> d-------- c:\documents and settings\Admin\Application Data\NCH Swift Sound
2008-11-06 13:40 . 2008-11-08 20:43 <DIR> d-------- c:\program files\Yahoo!
2008-11-06 13:27 . 2001-07-06 13:41 569,344 --a------ c:\windows\system32\imagr5.dll
2008-11-06 13:27 . 2001-07-06 11:44 544,768 --a------ c:\windows\system32\imagx5.dll
2008-11-06 13:27 . 2001-07-06 17:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2008-11-06 13:27 . 2001-06-26 07:15 38,912 --a------ c:\windows\system32\picn20.dll
2008-11-06 13:23 . 2003-03-18 21:12 1,047,552 --a------ c:\windows\system32\mfc71u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 19:40 81,920 ----a-w c:\windows\DUMP2140.tmp
2008-11-17 04:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-16 23:00 15,716 ----a-w c:\program files\Common Files\ylexyheso.lib
2008-11-16 22:27 19,165 ----a-w c:\program files\Common Files\esozona.lib
2008-11-16 22:27 17,814 ----a-w c:\program files\Common Files\opaxegese.inf
2008-11-10 00:38 --------- d-----w c:\program files\EPSON Print CD
2008-11-09 01:38 --------- d-----w c:\program files\Java
2008-10-31 23:05 --------- d-----w c:\program files\CursorXP
2008-10-22 03:16 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-12 19:56 --------- d-----w c:\documents and settings\Kathleen\Application Data\CursorArts
2008-10-08 20:28 --------- d-----w c:\program files\Easy AVI Converter
2008-10-07 23:22 --------- d-----w c:\documents and settings\Admin\Application Data\CursorArts
2008-10-03 23:15 --------- d-----w c:\documents and settings\Admin\Application Data\U3
2008-09-29 05:07 2,560 -c--a-w c:\windows\_MSRSTRT.EXE
2008-09-29 05:05 --------- d-----w c:\program files\Panicware
2008-09-29 00:42 --------- d-----w c:\program files\Qimage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-12-07 1253376]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2002-06-18 78848]
"12CFG94-z641-2SF-N31P-5M1ER6H6L1"="c:\recycler\S-1-5-21-6823628786-6770986951-114503922-0511\winigon.exe" [2008-11-15 72704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"EnsoniqMixer"="c:\windows\System32\Starter.Exe" [2006-08-15 32768]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-08 98304]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-01 12288]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-12-07 1253376]
"xlpmohmr.exe"="c:\windows\xlpmohmr.exe" [2008-11-20 3584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-03 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=grqeqq.dll ftuewe.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2txxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"d:\\Download\\Azureus Download Client\\Azureus\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:127.0.0.1
"49152:TCP"= 49152:TCP:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-17 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-17 20560]
S0 ati2txxx;ati2txxx;c:\windows\system32\Drivers\ati2txxx.sys [2008-11-17 32768]
S1 ethtghgd;ethtghgd;c:\windows\system32\drivers\ethtghgd.sys [2008-11-20 135168]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-16 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2008-11-16 29208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21066d00-919e-11dd-83f1-00105a3e9c13}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar]
c:\windows\system32\hidec /W c:\vaio\Tools\REGTLIB.EXE "c:\program files\Windows Sidebar\sidebar.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"c:\program files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"c:\program files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s c:\vaio\.\vshellext.dll
.
Contents of the 'Scheduled Tasks' folder

2008-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{0DF62760-B636-4CD1-907B-DA27833E9553} - c:\windows\system32\vtUolIcY.dll
BHO-{5600363C-B1A7-464C-9D48-B57A901A74FA} - c:\windows\system32\awtsRiff.dll
HKCU-Run-SureCleanProfessional - c:\progra~1\PANICW~1\SURECL~1\SRClean.exe
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-b4ffd284 - c:\windows\system32\ctxsmkrk.dll
HKU-Default-Run-brastk - c:\windows\system32\brastk.exe
ShellExecuteHooks-{5600363C-B1A7-464C-9D48-B57A901A74FA} - c:\windows\system32\awtsRiff.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\46u2dvfp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 23:38:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Other Running Processes ------------------------
.
d:\avast 4\aswUpdSv.exe
d:\avast 4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
d:\avast 4\ashMaiSv.exe
d:\avast 4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-23 23:41:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-24 07:41:49

Pre-Run: 7,554,572,288 bytes free
Post-Run: 11,389,046,784 bytes free

371 --- E O F --- 2008-05-25 23:04:59
 
Angelfire777

· Registered
Joined
·
4,590 Posts
#13 ·
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'No' and do not run another combofix scan.

  • When the tool is finished, it will produce a report for you.
Please post the contents of the log that it created.
 
Save Share
C

· Registered
Joined
·
441 Posts
Discussion Starter · #14 ·
I don't have a legal OS so I'd rather not download anything off the microsoft site.

em, I got the malware removal tool installed yesterday and I ran a scan and it detected about 13 cases. I deleted all of them.

so far, pc hasn't rebooted or frozen.
 
Angelfire777

· Registered
Joined
·
4,590 Posts
#16 ·
Hi,

I don't have a legal OS so I'd rather not download anything off the microsoft site.
Click to expand...
I'm sorry but referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, I can no longer help you remove malware in your computer. It would be best if you perform a reformat with a genuine OS so you can be better protected in the future.

If you have any questions, please do ask before I close this thread.
 
Save Share
Angelfire777

· Registered
Joined
·
4,590 Posts
#18 ·
I'm sorry as I've said in my previous post, I can no longer assist you in malware removal. Your best move will be to buy an original OS and then reformat.
 
Save Share
1 - 18 of 18 Posts
Status
Not open for further replies.
About this Discussion
17 Replies
2 Participants
Last post:
Angelfire777
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top