Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trojan Discovered And Slow Pc


  • This topic is locked This topic is locked
1 reply to this topic

#1 hud

hud

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 01 May 2007 - 07:48 PM

Good day Gary R.,
PC so slow. I'm just now able to get access to pull down 'topic info' from your posts. I was unable to copy the hjt's so I had to manually copy them to a word doc and then post to id.
Here is the combofix and HJT you requested:

05-02-21 15:46	  12	--a------	C:\Qoobox\Quarantine\C\Program Files\TheSearchAccelerator\toolbar.cfg.vir
05-02-21 15:46	  1406	--a------	C:\Qoobox\Quarantine\C\Program Files\TheSearchAccelerator\logo.ico.vir
05-06-09 13:01	  1405	--a------	C:\Qoobox\Quarantine\C\Program Files\webHancer\Programs\readme.txt.vir
06-02-22 16:46	  8197	--a------	C:\Qoobox\Quarantine\C\Program Files\webHancer\Programs\license.txt.vir
06-06-09 10:06	  16929	--a------	C:\Qoobox\Quarantine\C\Program Files\Cowabanga\License.txt.vir
06-07-19 10:35	  307200	--a------	C:\Qoobox\Quarantine\C\Program Files\System Files\System.exe.vir
06-07-20 16:31	  1163264	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wfxqhv.exe.vir
06-07-21 22:17	  1	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\vx.tll.vir
06-07-21 22:17	  100	--a------	C:\Qoobox\Quarantine\C\Program Files\BraveSentry\BraveSentry.lic.vir
06-07-21 22:17	  1513009	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\RALPHH~1\APPLIC~1\Install.dat.vir
06-07-21 22:18	  16	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\dlh9jkdq8.exe.vir
06-07-21 22:18	  4	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\winsub.xml.vir
06-07-21 22:18	  61	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\svcp.csv.vir
06-07-23 09:15	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\1.txt.vir
06-07-23 09:15	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\2.txt.vir
06-08-08 09:56	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\keyboard1.dat.vir
06-08-08 09:56	  221184	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\xeymi.dll.vir
06-08-08 09:56	  36864	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\n9nyb.exe.vir
06-08-08 09:56	  865275	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\pixk5gp2.phy.vir
06-08-08 09:58	  0	--a------	C:\Qoobox\Quarantine\C\WINDOWS\newname.dat.vir
06-08-08 09:58	  10551	--a------	C:\Qoobox\Quarantine\C\Program Files\TheSearchAccelerator\INSTALL.LOG.vir
06-08-08 09:58	  22486	--a------	C:\Qoobox\Quarantine\C\Program Files\System Icons\439.ico.vir
06-08-08 09:58	  22486	--a------	C:\Qoobox\Quarantine\C\Program Files\System Icons\440.ico.vir
06-08-08 09:58	  22486	--a------	C:\Qoobox\Quarantine\C\Program Files\System Icons\441.ico.vir
06-08-08 10:01	  14	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\domains.txt.vir
06-08-08 10:01	  248	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\NETWOR~1\APPLIC~1\NetMon\log.txt.vir
06-08-08 18:57	  211	--a------	C:\Qoobox\Quarantine\C\Program Files\webHancer\Programs\whAgent.ini.vir
06-08-12 15:34	  28672	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32bez6n4r21.exe.vir
06-08-12 15:34	  36864	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32n9nyb.exe.vir
06-08-12 15:34	  45056	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32ghynf.exe.vir
06-08-12 15:35	  28672	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\iqqr.exe.vir
06-08-12 16:52	  28672	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\bez6n4r21.exe.vir
06-08-12 22:45	  1841	--a------	C:\Qoobox\Quarantine\C\Program Files\TheSearchAccelerator\TBlogin.users.ucmore.com.4.5.40.0.vir
06-08-12 23:55	  14	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt.vir
06-08-12 23:55	  77102	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt.vir
06-08-14 17:13	  295910	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\atmtd.dll.tmp.vir
06-11-28 22:36	  732801	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\RALPHH~1\APPLIC~1\Sskknwrd.dll.vir
06-11-29 22:53	  113	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\RALPHH~1\APPLIC~1\Sskdmns.dll.vir
06-11-29 23:01	  28	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\RALPHH~1\APPLIC~1\Sskcwrd.dll.vir
07-04-30 20:44	  2830	--a------	C:\Qoobox\Quarantine\Registry_backups\services_Network Monitor.reg.cf
07-04-30 20:44	  870	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NETWORK_MONITOR.reg.cf
99-12-23 14:12	  11264	--a------	C:\Qoobox\Quarantine\C\Program Files\webHancer\Programs\sporder.dll.vir


Folder PATH listing
Volume serial number is 84ED-2974
C:\QOOBOX
\---Quarantine
	+---C
	|   +---DOCUME~1
	|   |   +---LOCALS~1
	|   |   |   \---APPLIC~1
	|   |   |	   \---NetMon
	|   |   |			   domains.txt.vir
	|   |   |			   log.txt.vir
	|   |   |			   
	|   |   +---NETWOR~1
	|   |   |   \---APPLIC~1
	|   |   |	   \---NetMon
	|   |   |			   domains.txt.vir
	|   |   |			   log.txt.vir
	|   |   |			   
	|   |   \---RALPHH~1
	|   |	   \---APPLIC~1
	|   |			   Install.dat.vir
	|   |			   Sskcwrd.dll.vir
	|   |			   Sskdmns.dll.vir
	|   |			   Sskknwrd.dll.vir
	|   |			   
	|   +---Program Files
	|   |   +---BraveSentry
	|   |   |	   BraveSentry.lic.vir
	|   |   |	   
	|   |   +---Cowabanga
	|   |   |	   License.txt.vir
	|   |   |	   
	|   |   +---System Files
	|   |   |	   System.exe.vir
	|   |   |	   
	|   |   +---System Icons
	|   |   |	   439.ico.vir
	|   |   |	   440.ico.vir
	|   |   |	   441.ico.vir
	|   |   |	   
	|   |   +---TheSearchAccelerator
	|   |   |	   INSTALL.LOG.vir
	|   |   |	   logo.ico.vir
	|   |   |	   TBlogin.users.ucmore.com.4.5.40.0.vir
	|   |   |	   toolbar.cfg.vir
	|   |   |	   
	|   |   \---webHancer
	|   |	   \---Programs
	|   |			   license.txt.vir
	|   |			   readme.txt.vir
	|   |			   sporder.dll.vir
	|   |			   whAgent.ini.vir
	|   |			   
	|   \---WINDOWS
	|	   |   keyboard1.dat.vir
	|	   |   newname.dat.vir
	|	   |   system32bez6n4r21.exe.vir
	|	   |   system32ghynf.exe.vir
	|	   |   system32n9nyb.exe.vir
	|	   |   
	|	   \---system32
	|			   1.txt.vir
	|			   2.txt.vir
	|			   atmtd.dll.tmp.vir
	|			   bez6n4r21.exe.vir
	|			   dlh9jkdq8.exe.vir
	|			   iqqr.exe.vir
	|			   n9nyb.exe.vir
	|			   pixk5gp2.phy.vir
	|			   svcp.csv.vir
	|			   vx.tll.vir
	|			   wfxqhv.exe.vir
	|			   winsub.xml.vir
	|			   xeymi.dll.vir
	|			   
	\---Registry_backups
			LEGACY_NETWORK_MONITOR.reg.cf
			services_Network Monitor.reg.cf







HJT:
Logfile of HijackThis v1.99.1
Scan saved at 9:03:13 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ralph Hudnall\Desktop\HJT\HijackThis.exe
C:\WINDOWS\system32\regsvr32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {850C7964-9320-4055-BE11-7D7B562A6417} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SensLogon - C:\WINDOWS\SYSTEM32\helper.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 May 2007 - 08:09 PM

Your post has been Moved, Closed or Edited for one of the following reasons:

1.) You posted multiple topics and only one is required

2.) You are spamming links to other places without approval

3.) You have posted your hijackthis log to the wrong forum:
( http://forums.tomcoy...hp?showforum=27 ) <--- correct forum for HijackThis Logs

4.) Abusive language or other problems in your text

5.) Your log is too old (20 days or more) and no replies from you after a volunteer tried to help you

If you came here for help, and you have not posted a Hijackthis log to the proper forum, then you may do so now, if you came here to spam or abuse, you will be dealt with harsher on your next offense

This is a family oriented forum to help those that need help.

==============================


Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users