Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] verrrrry noobish. Been hacked. log included

Started by santoleri3 , Jun 10 2008 06:41 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 santoleri3

santoleri3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 10 June 2008 - 06:41 PM

Pop ups, can't use web base mail, security aerts disabled. search and destry keeps identifying registry changes, buffer overrun messages. UGH!

Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:44 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\PROGRA~1\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [BM07bb26ff] Rundll32.exe "C:\WINDOWS\system32\cfqrnjek.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [gsgxaaaa] C:\WINDOWS\system32\gsgxaaaa.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.c...ds/iaieplay.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1212936193109
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O21 - SSODL: IEFilter - {8C70CA59-B5B9-4D33-BE6F-DAF3741A2174} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 8172 bytes

    Advertisements

Register to Remove

#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 11 June 2008 - 06:06 AM

Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

#3 santoleri3

santoleri3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 11 June 2008 - 10:57 PM

combo fix log follows...

couldn't run Kapersky because i don't have the right version of Java.

Thanks for your help.

ComboFix 08-06-10.5 - Dominic Santoleri 2008-06-12 0:03:09.1 - NTFSx86
Running from: C:\Documents and Settings\Dominic Santoleri\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dominic Santoleri\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Temp\vtmp2
C:\WINDOWS\BM07bb26ff.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\bbbwetqr.ini
C:\WINDOWS\system32\bnxyocct.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cbXQgEUL.dll
C:\WINDOWS\system32\cfllligu.dll
C:\WINDOWS\system32\cfqrnjek.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\EgMloUtv.ini
C:\WINDOWS\SYSTEM32\EgMloUtv.ini2
C:\WINDOWS\system32\eqixxyrf.dll
C:\WINDOWS\system32\ewkhxjmr.dll
C:\WINDOWS\system32\guxxrayh.dll
C:\WINDOWS\system32\hetxjoeo.ini
C:\WINDOWS\system32\hfkivoft.dll
C:\WINDOWS\SYSTEM32\hyarxxug.ini
C:\WINDOWS\system32\iefilter.dll
C:\WINDOWS\system32\innqiojj.dll
C:\WINDOWS\SYSTEM32\JikUEfhk.ini
C:\WINDOWS\SYSTEM32\JikUEfhk.ini2
C:\WINDOWS\system32\jkkKcBtS.dll
C:\WINDOWS\system32\kkbonfgu.ini
C:\WINDOWS\system32\leestapr.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ngxphvyd.dll
C:\WINDOWS\system32\nmroqfgb.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\pnrydxps.dll
C:\WINDOWS\system32\pstfrrnv.dll
C:\WINDOWS\system32\pwmwraee.dll
C:\WINDOWS\system32\rcflndbl.dll
C:\WINDOWS\system32\rqtewbbb.dll
C:\WINDOWS\system32\service.exe
C:\WINDOWS\SYSTEM32\StBcKkkj.ini
C:\WINDOWS\SYSTEM32\StBcKkkj.ini2
C:\WINDOWS\system32\sthehkxm.dll
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tlgkgxtq.ini
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\ugfnobkk.dll
C:\WINDOWS\system32\ujaxeaqx.dll
C:\WINDOWS\SYSTEM32\ututDJlm.ini
C:\WINDOWS\SYSTEM32\ututDJlm.ini2
C:\WINDOWS\system32\uxpxlsqj.ini
C:\WINDOWS\system32\vnrrftsp.ini
C:\WINDOWS\system32\xpblplic.dll
C:\WINDOWS\SYSTEM32\yaGhNXbc.ini
C:\WINDOWS\SYSTEM32\yaGhNXbc.ini2
C:\WINDOWS\system32\ynlxxqxd.dll
C:\WINDOWS\system32\ysuqvjhb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Service
-------\Service_Service


((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-11 23:22 . 2008-06-11 23:22 89,600 --a------ C:\WINDOWS\SYSTEM32\tsumcyqc.dll
2008-06-11 23:22 . 2008-06-11 23:22 80,896 --a------ C:\WINDOWS\SYSTEM32\bgfqormn.dll
2008-06-11 00:51 . 2008-06-11 00:51 <DIR> d----c--- C:\VundoFix Backups
2008-06-10 23:24 . 2008-06-10 23:24 147,456 --a------ C:\WINDOWS\SYSTEM32\qtxgkglt.dll
2008-06-10 19:46 . 2008-06-10 19:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 23:34 . 2008-06-09 23:34 <DIR> d-------- C:\Documents and Settings\Dominic Santoleri\Application Data\Uniblue
2008-06-08 11:43 . 2008-06-10 00:16 9,728 --ahs---- C:\WINDOWS\SYSTEM32\Thumbs.db
2008-06-07 11:41 . 2008-06-07 11:41 347,136 --a------ C:\WINDOWS\SYSTEM32\mlJDtutu.dll_old
2008-06-07 10:44 . 2008-06-07 10:44 347,136 --a------ C:\WINDOWS\SYSTEM32\vtUolMgE.dll_old
2008-06-07 07:21 . 2008-06-07 07:21 347,136 --a------ C:\WINDOWS\SYSTEM32\cbXNhGay.dll_old
2008-06-05 23:25 . 2008-06-05 23:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\vntiho01
2008-06-05 23:25 . 2008-06-12 00:04 <DIR> d----c--- C:\Temp
2008-05-20 17:02 . 2008-05-20 17:02 32,768 --a------ C:\WINDOWS\SYSTEM32\vntiho01\vntiho011065.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-06-08 03:35 --------- d-----w C:\Documents and Settings\Dominic Santoleri\Application Data\gen_ff v1.04
2008-06-08 03:08 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-06-01 18:25 --------- d-----w C:\Program Files\icons
2008-05-14 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 02:25 --------- d-----r C:\Program Files\Spybot - Search & Destroy
2008-05-08 23:50 --------- d-----w C:\Documents and Settings\Dominic Santoleri\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2008-04-28 08:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-28 08:25 --------- d-----w C:\Program Files\Kodak
2008-04-27 01:31 --------- d-----r C:\Program Files\Electronic Arts
2008-04-19 19:00 --------- d-----w C:\Program Files\DivX
2007-08-30 08:04 5,632 -csha-w C:\Program Files\Thumbs.db
2006-07-03 02:43 1 -c--a-w C:\Documents and Settings\Dominic Santoleri\SI.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40ED4854-6055-4125-8DEF-AB110E793F6A}]
C:\WINDOWS\system32\khfEUkiJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C56B9E7-7C6E-420D-8014-EECB7605F631}]
C:\WINDOWS\system32\vtUolMgE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A53953B-0F06-405A-86A7-B28943FF7756}]
C:\WINDOWS\system32\cbXNhGay.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad758e23-3653-4959-b937-11d6eab23cb7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6866E56-FAA7-47C1-99F8-FD182E4D0E46}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2C58764-EE01-45A6-8F12-A58868079D7D}]
C:\WINDOWS\system32\mlJDtutu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F113223D-75DA-4FDE-866E-64FDDBB04291}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F85B67A1-20B4-438F-B409-6616381D66D6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [ ]
"gsgxaaaa"="C:\WINDOWS\system32\gsgxaaaa.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-30 10:06 4800512]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47 204800]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05 212992]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\PROGRA~1\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"BM07bb26ff"="C:\WINDOWS\system32\pwmwraee.dll" [ ]

C:\Documents and Settings\Dominic Santoleri\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-03-24 12:40:40 225280]
PowerReg Scheduler.exe [2006-11-19 02:15:58 189952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"IEFilter"= {8C70CA59-B5B9-4D33-BE6F-DAF3741A2174} - C:\WINDOWS\system32\IEFilter.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQgEUL]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= C:\\Program Files\\Internet Explorer\\iexplore.exe

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 14:25:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 00:32:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-12 0:52:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-12 04:52:13

Pre-Run: 38,208,073,728 bytes free
Post-Run: 39,207,956,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

200 --- E O F --- 2008-05-27 21:31:02

#4 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 12 June 2008 - 07:00 AM

Hello

Rename HijackThis.exe to Santo.exe


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\tsumcyqc.dll
C:\WINDOWS\SYSTEM32\bgfqormn.dll
C:\WINDOWS\SYSTEM32\qtxgkglt.dll
C:\WINDOWS\SYSTEM32\mlJDtutu.dll_old
C:\WINDOWS\SYSTEM32\vtUolMgE.dll_old
C:\WINDOWS\SYSTEM32\cbXNhGay.dll_old


Folder::
C:\WINDOWS\SYSTEM32\vntiho01

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Then reboot and try run Kaspersky

#5 santoleri3

santoleri3

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 13 June 2008 - 10:12 PM

ComboFix 08-06-10.5 - Dominic Santoleri 2008-06-13 23:33:43.2 - NTFSx86
Running from: C:\Documents and Settings\Dominic Santoleri\Desktop\Molon Labe\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dominic Santoleri\Desktop\Molon Labe\CFScript.txt

FILE ::
C:\WINDOWS\SYSTEM32\bgfqormn.dll
C:\WINDOWS\SYSTEM32\cbXNhGay.dll_old
C:\WINDOWS\SYSTEM32\mlJDtutu.dll_old
C:\WINDOWS\SYSTEM32\qtxgkglt.dll
C:\WINDOWS\SYSTEM32\tsumcyqc.dll
C:\WINDOWS\SYSTEM32\vtUolMgE.dll_old
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kids\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\SYSTEM32\bgfqormn.dll
C:\WINDOWS\SYSTEM32\cbXNhGay.dll_old
C:\WINDOWS\SYSTEM32\mlJDtutu.dll_old
C:\WINDOWS\SYSTEM32\qtxgkglt.dll
C:\WINDOWS\SYSTEM32\tsumcyqc.dll
C:\WINDOWS\SYSTEM32\vntiho01
C:\WINDOWS\SYSTEM32\vntiho01\vntiho011065.exe
C:\WINDOWS\SYSTEM32\vtUolMgE.dll_old

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-11 00:51 . 2008-06-11 00:51 <DIR> d----c--- C:\VundoFix Backups
2008-06-10 19:46 . 2008-06-10 19:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 23:34 . 2008-06-09 23:34 <DIR> d-------- C:\Documents and Settings\Dominic Santoleri\Application Data\Uniblue
2008-06-08 11:43 . 2008-06-10 00:16 9,728 --ahs---- C:\WINDOWS\SYSTEM32\Thumbs.db
2008-06-05 23:25 . 2008-06-12 00:04 <DIR> d----c--- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-06-08 03:35 --------- d-----w C:\Documents and Settings\Dominic Santoleri\Application Data\gen_ff v1.04
2008-06-08 03:08 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-06-01 18:25 --------- d-----w C:\Program Files\icons
2008-05-14 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 02:25 --------- d-----r C:\Program Files\Spybot - Search & Destroy
2008-05-08 23:50 --------- d-----w C:\Documents and Settings\Dominic Santoleri\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-28 08:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-28 08:25 --------- d-----w C:\Program Files\Kodak
2008-04-27 01:31 --------- d-----r C:\Program Files\Electronic Arts
2008-04-19 19:00 --------- d-----w C:\Program Files\DivX
2008-04-14 11:01 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2007-08-30 08:04 5,632 -csha-w C:\Program Files\Thumbs.db
2006-07-03 02:43 1 -c--a-w C:\Documents and Settings\Dominic Santoleri\SI.bin
.

((((((((((((((((((((((((((((( snapshot@2008-06-12_ 0.51.31.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 04:27:17 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-12 22:54:51 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\I386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2004-04-11 06:46:35 155,136 -c--a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\accicons.exe
+ 2008-06-13 19:43:56 155,136 ----a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\accicons.exe
- 2004-04-11 06:46:35 22,528 -c--a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2008-06-13 19:43:56 22,528 ----a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\bindico.exe
- 2004-04-11 06:46:35 73,216 -c--a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
+ 2008-06-13 19:43:56 73,216 ----a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
- 2004-04-11 06:46:35 28,160 -c--a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2008-06-13 19:43:56 28,160 ----a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\misc.exe
- 2004-04-11 06:46:35 104,960 -c--a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\outicon.exe
+ 2008-06-13 19:43:56 104,960 ----a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\outicon.exe
- 2004-04-11 06:46:35 11,264 -c--a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
+ 2008-06-13 19:43:56 11,264 ----a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2004-04-11 06:46:35 30,208 -c--a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\pptico.exe
+ 2008-06-13 19:43:56 30,208 ----a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\pptico.exe
- 2004-04-11 06:46:34 35,328 -c--a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
+ 2008-06-13 19:43:56 35,328 ----a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
- 2004-04-11 06:46:34 69,120 -c--a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
+ 2008-06-13 19:43:56 69,120 ----a-r C:\WINDOWS\Installer\{00030409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-04-23 04:16:28 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
- 2004-08-04 06:10:37 274,304 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
+ 2008-04-14 11:01:02 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
- 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-02-22 10:00:51 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
- 2008-02-29 08:55:46 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
+ 2008-04-22 07:40:18 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
- 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
- 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-04-23 04:16:28 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
- 2006-09-25 22:58:48 14,640 ----a-w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40ED4854-6055-4125-8DEF-AB110E793F6A}]
C:\WINDOWS\system32\khfEUkiJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C56B9E7-7C6E-420D-8014-EECB7605F631}]
C:\WINDOWS\system32\vtUolMgE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A53953B-0F06-405A-86A7-B28943FF7756}]
C:\WINDOWS\system32\cbXNhGay.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2C58764-EE01-45A6-8F12-A58868079D7D}]
C:\WINDOWS\system32\mlJDtutu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [ ]
"gsgxaaaa"="C:\WINDOWS\system32\gsgxaaaa.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-30 10:06 4800512]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47 204800]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05 212992]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\PROGRA~1\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"BM07bb26ff"="C:\WINDOWS\system32\pwmwraee.dll" [ ]

C:\Documents and Settings\Dominic Santoleri\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-03-24 12:40:40 225280]
PowerReg Scheduler.exe [2006-11-19 02:15:58 189952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"IEFilter"= {8C70CA59-B5B9-4D33-BE6F-DAF3741A2174} - C:\WINDOWS\system32\IEFilter.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= C:\\Program Files\\Internet Explorer\\iexplore.exe

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 14:25:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 23:40:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 23:57:13
ComboFix-quarantined-files.txt 2008-06-14 03:57:06
ComboFix2.txt 2008-06-12 04:52:28

Pre-Run: 38,857,441,280 bytes free
Post-Run: 38,948,782,080 bytes free

306 --- E O F --- 2008-06-12 21:36:09

question: how do I know what the latest version of Java is?

Thanks for all your help. I'm going to be out of town for a couple days, but will follow up when I get back.

Thanks again.

#6 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 14 June 2008 - 06:35 AM

Download Java Runtime Environment 6 Update 6 Then try Kaspersky Also post a new HijackThis log

#7 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 18 June 2008 - 04:36 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·