Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Help getting rid of malware please

Started by Drtano , Oct 07 2007 10:20 AM

  • This topic is locked This topic is locked
5 replies to this topic

#1 Drtano

Drtano

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 07 October 2007 - 10:20 AM

Here is the Hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:13:57 PM, on 10/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\wscntfy.exe C:\DOCUME~1\Gum\APPLIC~1\FNTS~1\ntvdm.exe C:\Documents and Settings\Gum\Application Data\?ppPatch\c?rss.exe C:\Program Files\ISM\ISMModule6.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Gum\Desktop\HiJackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {688A7664-9CA5-B102-F348-9C2B2FE4829E} - C:\WINDOWS\system32\ighyg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: BndDrive2 BHO Class - {8C6D5A56-791E-4fe8-9D64-81781FA15D68} - C:\Program Files\ISM\BndDrive6.dll O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Aeib] "C:\DOCUME~1\Gum\APPLIC~1\FNTS~1\ntvdm.exe" -vt yazb O4 - HKCU\..\Run: [Pfcqkz] "C:\Documents and Settings\Gum\Application Data\?ppPatch\c?rss.exe" O4 - HKCU\..\Run: [ISMModule6] "C:\Program Files\ISM\ISMModule6.exe" O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: hpdj - HP - C:\DOCUME~1\Gum\LOCALS~1\Temp\hpdj.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 3602 bytes Getting a few popups every now and then, help please- thanks

    Advertisements

Register to Remove

#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 07 October 2007 - 10:31 AM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.


Download and Run ComboFix
  • Download this file from below:

    Here
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#3 Drtano

Drtano

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 07 October 2007 - 10:41 AM

ComboFix 07-10-07.2 - Gum 2007-10-07 12:30:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.740 [GMT -4:00]
Running from: C:\Documents and Settings\Gum\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gum\Application Data\FNTS~1
C:\Documents and Settings\Gum\Application Data\FNTS~1\F?nts\
C:\Documents and Settings\Gum\Application Data\FNTS~1\ntvdm.exe
C:\Documents and Settings\Gum\Application Data\PPPATC~1
C:\Documents and Settings\Gum\Application Data\PPPATC~1\c?rss.exe
C:\Documents and Settings\Gum\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Gum\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Gum\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive6.dll
C:\Program Files\ISM\BndDrive6.dll
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\ISMModule6.exe
C:\Program Files\ISM\ISMModule6.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\system32\ighyg.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 12:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 11:12 <DIR> d-------- C:\Documents and Settings\Gum\Application Data\WinRAR
2007-10-07 11:03 35,840 --a------ C:\WINDOWS\tsitra72.exe
2007-10-01 13:20 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-10-01 13:20 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-10-01 13:20 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-10-01 13:20 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-10-01 13:20 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-10-01 13:20 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll
2007-09-30 22:37 <DIR> d-------- C:\Program Files\HP
2007-09-30 22:34 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-09-30 22:30 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-30 22:30 <DIR> d-------- C:\Documents and Settings\Gum\Application Data\OpenOffice.org2
2007-09-30 21:47 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-09-30 21:46 <DIR> d-------- C:\Program Files\readmes
2007-09-30 21:46 <DIR> d-------- C:\Program Files\licenses
2007-09-30 15:34 <DIR> d-------- C:\Program Files\uTorrent
2007-09-30 15:34 <DIR> d-------- C:\Documents and Settings\Gum\Application Data\uTorrent
2007-09-30 11:54 <DIR> d-------- C:\Program Files\World of Warcraft
2007-09-30 11:54 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-09-30 11:36 <DIR> d-------- C:\Program Files\Winamp
2007-09-30 11:30 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-30 11:30 <DIR> d-------- C:\Program Files\AOD
2007-09-30 11:30 <DIR> d-------- C:\Program Files\AIM
2007-09-30 11:30 <DIR> d-------- C:\Documents and Settings\Gum\Application Data\Aim
2007-09-30 11:25 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-09-30 11:25 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-09-30 11:25 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2007-09-30 11:25 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-09-30 11:23 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-09-30 11:23 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-09-30 11:21 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2007-09-30 11:21 <DIR> d-------- C:\Program Files\Creative
2007-09-30 11:11 <DIR> d-------- C:\Documents and Settings\Gum\Application Data\vlc
2007-09-30 11:08 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-30 10:59 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-30 10:57 1,165 --a------ C:\WINDOWS\mozver.dat
2007-09-30 10:53 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-30 10:47 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-30 10:47 <DIR> d-------- C:\WINDOWS\nview
2007-09-30 10:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-09-30 10:44 41,852 -ra------ C:\WINDOWS\system32\UpdDrv2K.exe
2007-09-30 10:44 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-09-30 10:42 77,056 -ra------ C:\WINDOWS\system32\drivers\viasraid.sys
2007-09-30 10:40 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys
2007-09-30 10:40 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll
2007-09-30 10:33 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-09-30 10:32 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-09-30 10:32 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-09-30 10:32 <DIR> d-------- C:\Documents and Settings\Gum\WINDOWS
2007-09-29 23:22 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-09-29 23:22 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-09-29 23:21 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2007-09-29 23:06 28,160 --a--c--- C:\WINDOWS\system32\dllcache\msoobe.exe
2007-09-29 23:05 35,328 --a--c--- C:\WINDOWS\system32\dllcache\notiflag.exe
2007-09-29 23:05 11,264 --a--c--- C:\WINDOWS\system32\dllcache\atrace.dll
2007-09-29 23:05 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-09-29 23:04 99,840 --a--c--- C:\WINDOWS\system32\dllcache\helphost.exe
2007-09-29 23:04 6,656 --a--c--- C:\WINDOWS\system32\dllcache\hcappres.dll
2007-09-29 23:04 21,504 --a--c--- C:\WINDOWS\system32\dllcache\brpinfo.dll
2007-09-29 23:01 47,104 --a--c--- C:\WINDOWS\system32\dllcache\srdiag.exe
2007-09-29 23:01 12,288 --a--c--- C:\WINDOWS\system32\dllcache\nmevtmsg.dll
2007-09-29 23:01 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-09-29 23:00 12,288 --a--c--- C:\WINDOWS\system32\dllcache\wb32.exe
2007-09-29 23:00 12,288 --a--c--- C:\WINDOWS\system32\dllcache\cb32.exe
2007-09-29 17:58 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-29 17:57 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-09-29 17:56 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-29 17:56 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-29 17:55 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-09-29 17:55 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-09-29 17:55 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2007-09-29 17:54 774,144 --a--c--- C:\WINDOWS\system32\dllcache\spttseng.dll
2007-09-29 17:54 77,824 --a--c--- C:\WINDOWS\system32\dllcache\spcommon.dll
2007-09-29 17:54 61,440 --a--c--- C:\WINDOWS\system32\dllcache\spcplui.dll
2007-09-29 17:54 <DIR> d--hs---- C:\WINDOWS\Installer
2007-09-29 17:53 741,376 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2007-09-29 17:53 36,864 --a--c--- C:\WINDOWS\system32\dllcache\sapisvr.exe
2007-09-29 17:53 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt041f.dll
2007-09-29 17:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-09-29 17:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-09-29 17:50 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdtuq.dll
2007-09-29 17:50 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdtuf.dll
2007-09-29 17:50 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-09-29 17:50 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbdazel.dll
2007-09-29 17:50 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0419.dll
2007-09-29 17:48 22,016 --a--c--- C:\WINDOWS\system32\dllcache\agt0408.dll
2007-09-29 17:43 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-09-29 17:43 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-09-29 17:42 85,020 --a--c--- C:\WINDOWS\system32\dllcache\dgsetup.dll
2007-09-29 17:42 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-09-29 17:42 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-09-29 17:42 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-29 17:42 176,157 --a--c--- C:\WINDOWS\system32\dllcache\dgrpsetu.dll
2007-09-29 17:42 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-09-29 17:42 103,424 --a--c--- C:\WINDOWS\system32\dllcache\eqnclass.dll
2007-09-29 17:42 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-09-29 17:40 15,360 --a--c--- C:\WINDOWS\system32\dllcache\taskman.exe
2007-09-29 17:40 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-09-29 17:38 8,704 --a--c--- C:\WINDOWS\system32\dllcache\batt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 11:22 0 --a------ C:\WINDOWS\system32\drivers\SET18E.tmp
2007-09-10 16:00 3393367 --a------ C:\Program Files\openofficeorg4.cab
2007-09-10 15:59 66502315 --a------ C:\Program Files\openofficeorg3.cab
2007-09-10 15:55 17643096 --a------ C:\Program Files\openofficeorg2.cab
2007-09-10 15:54 18779946 --a------ C:\Program Files\openofficeorg1.cab
2007-09-10 15:53 4363776 --a------ C:\Program Files\openofficeorg23.msi
2007-09-10 15:53 217 --a------ C:\Program Files\setup.ini
2007-08-30 16:49 319488 --a------ C:\Program Files\setup.exe
2003-07-31 05:53 147456 --a------ C:\WINDOWS\inf\EL2K_XP.sys
2003-07-31 05:50 448768 --a------ C:\WINDOWS\inf\EL2K_N64.sys
2003-07-31 05:43 147456 --a------ C:\WINDOWS\inf\EL2K_2K.sys
2002-03-11 05:06 1822520 --a------ C:\Program Files\instmsiw.exe
2002-03-11 04:45 1708856 --a------ C:\Program Files\instmsia.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 03:06 C:\WINDOWS\system32\ptipbmf.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 18:50]
"nwiz"="nwiz.exe" [2004-10-29 18:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 18:50]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"P17Helper"="P17.dll" [2005-05-03 19:38 C:\WINDOWS\system32\P17.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 07:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"Aeib"="C:\DOCUME~1\Gum\APPLIC~1\FNTS~1\ntvdm.exe" []
"Pfcqkz"="C:\Documents and Settings\Gum\Application Data\?ppPatch\c?rss.exe" []
"ISMModule6"="C:\Program Files\ISM\ISMModule6.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R3 P17;Creative SB Audigy LS;C:\WINDOWS\system32\drivers\P17.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 12:33:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 12:34:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 12:34
.
--- E O F ---

Adobe Reader 8.1.0
AOL Instant Messenger
AVG Anti-Spyware 7.5
HijackThis 2.0.2
hp deskjet 3600
Internet Speed Monitor
Java™ 6 Update 2
Mozilla Firefox (2.0.0.7)
NVIDIA Drivers
OpenOffice.org 2.3
VideoLAN VLC media player 0.8.6c
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
World of Warcraft

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 11 October 2007 - 03:18 AM

Hi

I can only apologise for missing this. I dont remember getting a notification, so I hope you are still with us.

Go to http://www.virustota.../en/indexf.html
Copy the following line into the white textbox:
C:\Program Files\setup.ini
Click Send.
Please post the results of this scan to this thread.
Do the same for this file:
C:\Program Files\setup.exe

Open Notepad and Copy/Paste the text in the codebox below into it: 

File::
C:\WINDOWS\tsitra72.exe 
C:\WINDOWS\system32\dllcache\taskman.exe
C:\WINDOWS\TASKMAN.EXE

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pfcqkz"=-

DirLook::
C:\Documents and Settings\Gum\WINDOWS

Save this as "CFScript"

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a new HijackThis log.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 13 October 2007 - 09:05 AM

Scotty will be away for a few days. How are you doing with the fix?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 17 October 2007 - 05:41 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·