Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 ·
hi,

i am affected by these viruses...
1.rootkit.deflib
2.trojon.downloader-winlogon/FAS

please help. i have been using super anti spyware to remove these viruses but they shown up at next login when i scan!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:31:07 AM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ws2_64.exe
C:\WINDOWS\System32\ctfmon.exe
F:\softwares\sftware\HiJackThis_v2.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\DOCUME~1\stephejo\LOCALS~1\Temp\SSUPDATE.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ws2_64.exe] C:\WINDOWS\System32\ws2_64.exe
O4 - HKLM\..\Run: [BM53e7a54b] Rundll32.exe "C:\WINDOWS\System32\dlxopkfa.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with FreeDAccelerator! - C:\Program Files\Free Download Accelerator 2\FreeDAccelerator.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C879A5B1-BCDF-40F4-9A9B-56DF633313C2}: NameServer = 218.248.240.23 218.248.240.135
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 5185 bytes
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #3 ·
hi,

i have downloaded combofix from bleepingcomputer.com and please see my combofix logfile ! :D

To remind u i have been infected with these viruses
*rootkit.deflib
*trojon.downloader

but now its:( gone after using combofix!

thnkyou vry much:up:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:32:39 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system\smscg.exe
C:\windows\System32\igfxtray.exe
C:\windows\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\Winamp.exe
F:\softwares\software\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &Download with FreeDAccelerator! - C:\Program Files\Free Download Accelerator 2\FreeDAccelerator.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB0C39CB-7961-48CB-9495-C1D2AA241ABE}: NameServer = 218.248.240.23 218.248.240.135
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe

--
End of file - 4157 bytes

:cool:see my combofix log

ComboFix 08-03-07.4 - stephejo 2008-03-08 12:25:05.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.80 [GMT 5.5:30]
Running from: C:\Documents and Settings\stephejo\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\eraseme_70766.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-08 10:46 . 2008-03-08 10:46 d-------- C:\Program Files\Smart World Time
2008-03-06 20:14 . 2008-03-06 20:19 842 --a------ C:\WINDOWS\APDFPRP.INI
2008-03-06 20:13 . 2008-03-06 20:13 d-------- C:\Program Files\APDFPRP
2008-03-06 19:14 . 2008-03-06 19:14 100,352 -r-hs---- C:\WINDOWS\system\smscg.exe
2008-03-06 18:03 . 2008-03-06 18:03 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-06 18:03 . 2008-03-06 18:03 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-06 18:03 . 2008-03-06 18:03 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-05 20:03 . 2008-03-05 20:03 d-------- C:\Program Files\Olympus
2008-03-05 20:03 . 2005-07-30 21:00 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll
2008-03-05 20:03 . 2005-07-30 21:14 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll
2008-03-05 20:03 . 2004-06-21 10:14 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll
2008-03-05 17:56 . 2008-03-05 17:56 d-------- C:\WINDOWS\LastGood.Tmp
2008-03-05 17:53 . 2008-03-05 17:53 d-------- C:\Program Files\PCI Fax Modem
2008-03-05 17:53 . 2004-01-28 23:42 918,610 --a------ C:\WINDOWS\system32\drivers\smserial.sys
2008-03-05 17:53 . 2004-01-28 23:42 565,248 --a------ C:\WINDOWS\sm56hlpr.exe
2008-03-05 17:53 . 2004-01-28 23:42 73,728 --a------ C:\WINDOWS\system32\sm56co.dll
2008-03-05 17:37 . 2008-03-05 17:37 d-------- C:\WINDOWS\Motorola
2008-03-05 17:06 . 2008-03-05 17:06 2,621,440 --a------ C:\WINDOWS\SYSTEM.BAK
2008-03-05 16:59 . 2002-08-28 23:05 233,632 ---h----- C:\NTLDR
2008-03-05 16:59 . 2008-03-05 16:55 47,580 --a------ C:\WINDOWS\system32\NTDETECT.COM
2008-03-05 16:55 . 2008-03-05 16:55 233,632 --a------ C:\WINDOWS\system32\NTLDR
2008-03-05 16:41 . 2002-10-15 23:03 151,552 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-05 16:37 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-03-05 16:37 . 2002-08-29 02:13 131,712 --a------ C:\WINDOWS\system32\drivers\ks.sys
2008-03-05 16:37 . 2001-08-17 22:37 117,248 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-05 16:37 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-03-05 16:37 . 2003-04-25 06:23 54,784 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-03-05 16:37 . 2002-08-29 01:32 44,416 --a------ C:\WINDOWS\system32\drivers\stream.sys
2008-03-05 16:37 . 2001-08-17 22:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-03-05 16:35 . 2008-03-05 16:35 d--hs---- C:\FOUND.028
2008-03-05 14:40 . 2008-03-05 14:40 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2008-03-04 20:39 . 2002-08-29 03:41 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-04 20:39 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-04 20:39 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-04 20:39 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-03 21:23 . 2008-03-03 21:23 d--hs---- C:\FOUND.027
2008-03-03 21:13 . 2008-03-03 21:13 25,088 --a------ C:\WINDOWS\system32\Partizan.exe
2008-03-03 21:10 . 2008-03-03 21:10 2 -rahs---- C:\WINDOWS\winstart.bat
2008-03-03 19:25 . 2008-03-03 19:25 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 09:15 . 2008-03-03 09:15 10,752 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-03-02 21:10 . 2008-03-02 21:10 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-02 13:20 . 2008-03-02 13:20 d--hs---- C:\FOUND.026
2008-03-01 21:03 . 2008-03-01 21:03 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-01 21:03 . 2008-03-01 21:03 d-------- C:\Documents and Settings\stephejo\Application Data\SUPERAntiSpyware.com
2008-03-01 21:03 . 2008-03-01 21:03 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-03-01 17:03 . 2008-03-01 17:03 32 ---hs---- C:\WINDOWS\system32\{5010847B-315D-46DA-AC43-D9F789F7B40E}.dat
2008-03-01 17:03 . 2008-03-01 17:03 32 --ahs---- C:\WINDOWS\{F2A6FCF9-7A13-4C3C-9D3B-40E1D14F4025}.dat
2008-03-01 15:29 . 2008-03-02 18:45 1,975,246 ---hs---- C:\WINDOWS\system32\dykmhsne.ini
2008-03-01 15:28 . 2008-03-01 15:28 91,712 --a------ C:\WINDOWS\system32\DLXOPKFA.DLL.del
2008-03-01 15:10 . 2008-03-01 15:10 32 ---hs---- C:\WINDOWS\system32\{1A205839-0B45-4B1E-B114-956244D3E71D}.dat
2008-03-01 15:10 . 2008-03-01 15:10 32 --ahs---- C:\WINDOWS\{0129978E-9765-4971-9C9D-B91C2DFD1508}.dat
2008-03-01 15:08 . 2008-03-01 15:08 32 ---hs---- C:\WINDOWS\system32\{7FCD3515-49E8-4AFB-BF52-9BD7F90A2AD7}.dat
2008-03-01 15:08 . 2008-03-01 15:08 32 --ahs---- C:\WINDOWS\{0FFB683B-BB74-47A0-91C8-73604D5C68C0}.dat
2008-03-01 15:06 . 2008-03-01 15:06 32 ---hs---- C:\WINDOWS\system32\{46173CF3-994B-43C9-BE58-8B434E2D4D4A}.dat
2008-03-01 15:06 . 2008-03-01 15:06 32 --ahs---- C:\WINDOWS\{A087FC48-FFA8-4894-8611-5A20377310D8}.dat
2008-03-01 13:48 . 2008-03-01 13:48 d-------- C:\Program Files\Eset
2008-02-29 00:01 . 2008-02-29 00:01 5,568 --------- C:\WINDOWS\system32\mswq.db
2008-02-26 21:14 . 2008-02-26 21:14 d--hs---- C:\FOUND.025
2008-02-26 20:23 . 2008-02-26 20:23 d-------- C:\Documents and Settings\windowsxp\Application Data\Symantec
2008-02-26 20:23 . 2002-09-21 03:12 123,619 --------- C:\WINDOWS\system32\SYMEVNT.386
2008-02-26 20:23 . 2002-09-21 03:12 83,672 --------- C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-26 20:23 . 2002-09-21 03:12 73,640 --------- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-26 20:22 . 2008-02-26 20:22 d-------- C:\Program Files\Symantec
2008-02-26 11:20 . 2008-02-26 11:20 d--hs---- C:\FOUND.024
2008-02-25 23:03 . 2008-02-25 23:03 d--hs---- C:\FOUND.023
2008-02-24 23:21 . 2008-02-24 23:21 1,074 ---hs---- C:\WINDOWS\system32\smrmotah.ini
2008-02-23 22:42 . 2008-02-24 23:21 1,014 ---hs---- C:\WINDOWS\system32\eaiixfyn.ini
2008-02-23 22:31 . 2008-02-23 22:31 d--hs---- C:\FOUND.022
2008-02-23 11:24 . 2008-02-23 11:24 d--hs---- C:\FOUND.021
2008-02-22 20:32 . 2008-03-01 15:54 76,376 --------- C:\WINDOWS\system32\msv.exe
2008-02-21 16:42 . 2008-02-21 16:42 d--hs---- C:\FOUND.020
2008-02-20 09:46 . 2007-07-30 19:19 549,720 --------- C:\WINDOWS\system32\wuapi.dll
2008-02-20 09:46 . 2007-07-30 19:19 325,976 --------- C:\WINDOWS\system32\wucltui.dll
2008-02-20 09:46 . 2007-07-30 19:19 216,408 --------- C:\WINDOWS\system32\wuaucpl.cpl
2008-02-20 09:46 . 2007-07-30 19:19 203,096 --------- C:\WINDOWS\system32\wuweb.dll
2008-02-20 09:46 . 2004-08-03 14:03 186,136 --------- C:\WINDOWS\system32\wuaueng1.dll
2008-02-20 09:46 . 2004-08-03 14:01 167,704 --------- C:\WINDOWS\system32\wuauclt1.exe
2008-02-20 09:46 . 2007-07-30 19:18 33,624 --------- C:\WINDOWS\system32\wups.dll
2008-02-18 08:32 . 2006-04-07 17:05 73,728 --------- C:\WINDOWS\system32\VNUSB.dll
2008-02-18 08:32 . 2003-06-13 17:49 73,728 --------- C:\WINDOWS\system32\DW90USB.DLL
2008-02-18 08:32 . 2001-04-09 19:17 39,096 --------- C:\WINDOWS\system32\drivers\DW90USB.SYS
2008-02-18 08:32 . 2006-04-07 17:06 38,496 --------- C:\WINDOWS\system32\drivers\VNUSB.sys
2008-02-18 08:16 . 2008-02-18 08:16 d-------- C:\Documents and Settings\stephejo\Application Data\Nikon
2008-02-18 08:16 . 2006-10-25 14:14 5,709,824 -r------- C:\WINDOWS\system32\NkNEFPlugin.dll
2008-02-18 08:16 . 2003-03-19 13:28 2,179,072 --------- C:\WINDOWS\system32\mfc71d.dll
2008-02-18 08:16 . 2003-03-19 14:20 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2008-02-18 08:16 . 2002-01-06 06:48 974,848 --------- C:\WINDOWS\system32\mfc70.dll
2008-02-18 08:16 . 2003-03-19 12:04 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
2008-02-18 08:16 . 2003-03-19 13:14 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2008-02-18 08:16 . 2002-01-05 20:40 487,424 --------- C:\WINDOWS\system32\msvcp70.dll
2008-02-18 08:16 . 2003-02-21 21:42 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2008-02-18 08:16 . 2003-03-19 12:05 106,496 --------- C:\WINDOWS\system32\ATL71.DLL
2008-02-18 08:15 . 2008-02-18 08:15 d-------- C:\Program Files\Common Files\muvee Technologies
2008-02-18 08:15 . 2008-02-18 08:15 d-------- C:\Documents and Settings\stephejo\Application Data\ArcSoft
2008-02-18 08:15 . 2008-02-18 08:15 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
2008-02-18 08:15 . 2008-02-18 08:15 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
2008-02-18 08:15 . 2005-12-05 13:21 495,616 -r------- C:\WINDOWS\system32\DRAGNKL1.dll
2008-02-18 08:15 . 2006-08-10 15:35 180,224 -r------- C:\WINDOWS\system32\Strato4.dll
2008-02-18 08:15 . 2005-12-05 16:13 180,224 -r------- C:\WINDOWS\system32\picn1120.dll
2008-02-18 08:15 . 2005-12-05 16:13 155,648 -r------- C:\WINDOWS\system32\picn1020.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 15:19 21,312 ----a-w C:\Documents and Settings\stephejo\Application Data\GDIPFONTCACHEV1.DAT
2008-02-21 17:40 21,312 ----a-w C:\Documents and Settings\windowsxp\Application Data\GDIPFONTCACHEV1.DAT
2008-01-24 15:07 --------- d-----w C:\Program Files\recorder
2008-01-20 14:25 --------- d-----w C:\Documents and Settings\stephejo\Application Data\Audio Record Edit Toolbox
2007-12-17 15:52 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-17 15:52 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-17 15:23 434,688 ------w C:\WINDOWS\system32\ss2uinst.exe
2007-12-11 16:32 19,552 ----a-w C:\Documents and Settings\Administrator1\Application Data\GDIPFONTCACHEV1.DAT
2002-08-28 14:11 77,060 --sh--r C:\WINDOWS\system32\mmdmm.exe
.

((((((((((((((((((((((((((((( [email protected]_12.17.32.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-08 06:42:52 258,048 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-03-08 06:55:02 258,048 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-28 19:41 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\System32\igfxtray.exe" [2002-10-15 23:18 155648]
"HotKeysCmds"="C:\windows\System32\hkcmd.exe" [2002-10-15 23:05 114688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-11 12:39 151597]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" [2004-09-28 20:26 32881]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 06:23 54784 C:\WINDOWS\SOUNDMAN.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-06 18:03 949376]
"SMSERIAL"="sm56hlpr.exe" [2004-01-28 23:42 565248 C:\WINDOWS\sm56hlpr.exe]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2007-10-11 12:58:57 192512]

C:\Documents and Settings\Administrator1\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2007-10-11 12:58:57 192512]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2008-03-05 20:03:58 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R2 SMSCGISVC;System Managment Controler;"C:\WINDOWS\system\smscg.exe" [2008-03-06 19:14]
S3 VNUSB;VN Series Device;C:\WINDOWS\System32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 12:25:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 12:26:22
ComboFix-quarantined-files.txt 2008-03-08 06:56:22
ComboFix2.txt 2008-03-08 06:47:48
 

·
Retired Moderator
Joined
·
72,109 Posts
Please update your version of HJT.
Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.

Java is out of date. Use Secunia software inspector & update checker and remove all old versions from add/remove programs.

Go to this web site: http://virusscan.jotti.org/
In the File to upload & scan box copy and paste
C:\WINDOWS\winstart.bat

Then click the Submit button.

Copy the results and paste them back here in your next reply.

Open Notepad and copy and paste the text in the quote box below into it:
File::
C:\WINDOWS\system32\dykmhsne.ini
C:\WINDOWS\system32\DLXOPKFA.DLL.del
C:\WINDOWS\system32\smrmotah.ini
C:\WINDOWS\system32\eaiixfyn.ini
C:\WINDOWS\system32\mmdmm.exe
Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #5 ·
Hi,
Thk you 4 helping me
According to your instruction , I have pasted the result from http://virusscan.jotti.org/ below.
:eek:
Scan taken on 09 Mar 2008 08:30:43 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

And please see my latest logfile from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:34 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system\smscg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\System32\igfxtray.exe
C:\windows\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\stephejo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &Download with FreeDAccelerator! - C:\Program Files\Free Download Accelerator 2\FreeDAccelerator.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe

--
End of file - 3902 bytes

This is my combofix logfile….
Thank you again

ComboFix 08-03-07.4 - stephejo 2008-03-09 14:11:25.6 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.85 [GMT 5.5:30]
Running from: F:\softwares\software\ComboFix.exe
Command switches used :: C:\Documents and Settings\stephejo\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\DLXOPKFA.DLL.del
C:\WINDOWS\system32\dykmhsne.ini
C:\WINDOWS\system32\eaiixfyn.ini
C:\WINDOWS\system32\mmdmm.exe
C:\WINDOWS\system32\smrmotah.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\DLXOPKFA.DLL.del
C:\WINDOWS\system32\dykmhsne.ini
C:\WINDOWS\system32\eaiixfyn.ini
C:\WINDOWS\system32\mmdmm.exe
C:\WINDOWS\system32\smrmotah.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-09 13:06 . 2008-03-09 13:04 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-09 13:06 . 2008-03-09 13:04 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-09 13:06 . 2008-03-09 13:04 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-08 14:36 . 2008-03-08 14:36 d--hs---- C:\FOUND.029
2008-03-06 20:14 . 2008-03-06 20:19 842 --a------ C:\WINDOWS\APDFPRP.INI
2008-03-06 19:14 . 2008-03-06 19:14 100,352 -r-hs---- C:\WINDOWS\system\smscg.exe
2008-03-05 20:03 . 2008-03-05 20:03 d-------- C:\Program Files\Olympus
2008-03-05 20:03 . 2005-07-30 21:00 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll
2008-03-05 20:03 . 2005-07-30 21:14 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll
2008-03-05 20:03 . 2004-06-21 10:14 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll
2008-03-05 17:56 . 2008-03-05 17:56 d-------- C:\WINDOWS\LastGood.Tmp
2008-03-05 17:53 . 2008-03-05 17:53 d-------- C:\Program Files\PCI Fax Modem
2008-03-05 17:53 . 2004-01-28 23:42 918,610 --a------ C:\WINDOWS\system32\drivers\smserial.sys
2008-03-05 17:53 . 2004-01-28 23:42 565,248 --a------ C:\WINDOWS\sm56hlpr.exe
2008-03-05 17:53 . 2004-01-28 23:42 73,728 --a------ C:\WINDOWS\system32\sm56co.dll
2008-03-05 17:37 . 2008-03-05 17:37 d-------- C:\WINDOWS\Motorola
2008-03-05 17:06 . 2008-03-05 17:06 2,621,440 --a------ C:\WINDOWS\SYSTEM.BAK
2008-03-05 16:59 . 2002-08-28 23:05 233,632 ---h----- C:\NTLDR
2008-03-05 16:59 . 2008-03-05 16:55 47,580 --a------ C:\WINDOWS\system32\NTDETECT.COM
2008-03-05 16:55 . 2008-03-05 16:55 233,632 --a------ C:\WINDOWS\system32\NTLDR
2008-03-05 16:41 . 2002-10-15 23:03 151,552 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-05 16:37 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-03-05 16:37 . 2002-08-29 02:13 131,712 --a------ C:\WINDOWS\system32\drivers\ks.sys
2008-03-05 16:37 . 2001-08-17 22:37 117,248 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-05 16:37 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-03-05 16:37 . 2003-04-25 06:23 54,784 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-03-05 16:37 . 2002-08-29 01:32 44,416 --a------ C:\WINDOWS\system32\drivers\stream.sys
2008-03-05 16:37 . 2001-08-17 22:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-03-05 16:35 . 2008-03-05 16:35 d--hs---- C:\FOUND.028
2008-03-05 14:40 . 2008-03-05 14:40 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2008-03-04 20:39 . 2002-08-29 03:41 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-04 20:39 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-04 20:39 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-04 20:39 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-03 21:23 . 2008-03-03 21:23 d--hs---- C:\FOUND.027
2008-03-03 21:13 . 2008-03-03 21:13 25,088 --a------ C:\WINDOWS\system32\Partizan.exe
2008-03-03 21:10 . 2008-03-03 21:10 2 -rahs---- C:\WINDOWS\winstart.bat
2008-03-03 19:25 . 2008-03-03 19:25 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 09:15 . 2008-03-03 09:15 10,752 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-03-02 21:10 . 2008-03-02 21:10 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-02 13:20 . 2008-03-02 13:20 d--hs---- C:\FOUND.026
2008-03-01 21:03 . 2008-03-01 21:03 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-01 21:03 . 2008-03-01 21:03 d-------- C:\Documents and Settings\stephejo\Application Data\SUPERAntiSpyware.com
2008-03-01 21:03 . 2008-03-01 21:03 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-03-01 18:54 . 2008-03-01 18:55 d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-03-01 17:03 . 2008-03-01 17:03 32 ---hs---- C:\WINDOWS\system32\{5010847B-315D-46DA-AC43-D9F789F7B40E}.dat
2008-03-01 17:03 . 2008-03-01 17:03 32 --ahs---- C:\WINDOWS\{F2A6FCF9-7A13-4C3C-9D3B-40E1D14F4025}.dat
2008-03-01 15:10 . 2008-03-01 15:10 32 ---hs---- C:\WINDOWS\system32\{1A205839-0B45-4B1E-B114-956244D3E71D}.dat
2008-03-01 15:10 . 2008-03-01 15:10 32 --ahs---- C:\WINDOWS\{0129978E-9765-4971-9C9D-B91C2DFD1508}.dat
2008-03-01 15:08 . 2008-03-01 15:08 32 ---hs---- C:\WINDOWS\system32\{7FCD3515-49E8-4AFB-BF52-9BD7F90A2AD7}.dat
2008-03-01 15:08 . 2008-03-01 15:08 32 --ahs---- C:\WINDOWS\{0FFB683B-BB74-47A0-91C8-73604D5C68C0}.dat
2008-03-01 15:06 . 2008-03-01 15:06 32 ---hs---- C:\WINDOWS\system32\{46173CF3-994B-43C9-BE58-8B434E2D4D4A}.dat
2008-03-01 15:06 . 2008-03-01 15:06 32 --ahs---- C:\WINDOWS\{A087FC48-FFA8-4894-8611-5A20377310D8}.dat
2008-03-01 13:48 . 2008-03-01 13:48 d-------- C:\Program Files\Eset
2008-02-29 00:01 . 2008-02-29 00:01 5,568 --------- C:\WINDOWS\system32\mswq.db
2008-02-26 21:14 . 2008-02-26 21:14 d--hs---- C:\FOUND.025
2008-02-26 20:23 . 2008-02-26 20:23 d-------- C:\Documents and Settings\windowsxp\Application Data\Symantec
2008-02-26 20:23 . 2002-09-21 03:12 123,619 --------- C:\WINDOWS\system32\SYMEVNT.386
2008-02-26 20:23 . 2002-09-21 03:12 83,672 --------- C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-26 20:23 . 2002-09-21 03:12 73,640 --------- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-26 20:22 . 2008-02-26 20:22 d-------- C:\Program Files\Symantec
2008-02-26 11:20 . 2008-02-26 11:20 d--hs---- C:\FOUND.024
2008-02-25 23:03 . 2008-02-25 23:03 d--hs---- C:\FOUND.023
2008-02-23 22:31 . 2008-02-23 22:31 d--hs---- C:\FOUND.022
2008-02-23 11:24 . 2008-02-23 11:24 d--hs---- C:\FOUND.021
2008-02-22 20:32 . 2008-03-01 15:54 76,376 --------- C:\WINDOWS\system32\msv.exe
2008-02-21 16:42 . 2008-02-21 16:42 d--hs---- C:\FOUND.020
2008-02-20 09:46 . 2007-07-30 19:19 549,720 --------- C:\WINDOWS\system32\wuapi.dll
2008-02-20 09:46 . 2007-07-30 19:19 325,976 --------- C:\WINDOWS\system32\wucltui.dll
2008-02-20 09:46 . 2007-07-30 19:19 216,408 --------- C:\WINDOWS\system32\wuaucpl.cpl
2008-02-20 09:46 . 2007-07-30 19:19 203,096 --------- C:\WINDOWS\system32\wuweb.dll
2008-02-20 09:46 . 2004-08-03 14:03 186,136 --------- C:\WINDOWS\system32\wuaueng1.dll
2008-02-20 09:46 . 2004-08-03 14:01 167,704 --------- C:\WINDOWS\system32\wuauclt1.exe
2008-02-20 09:46 . 2007-07-30 19:18 33,624 --------- C:\WINDOWS\system32\wups.dll
2008-02-18 08:32 . 2006-04-07 17:05 73,728 --------- C:\WINDOWS\system32\VNUSB.dll
2008-02-18 08:32 . 2003-06-13 17:49 73,728 --------- C:\WINDOWS\system32\DW90USB.DLL
2008-02-18 08:32 . 2001-04-09 19:17 39,096 --------- C:\WINDOWS\system32\drivers\DW90USB.SYS
2008-02-18 08:32 . 2006-04-07 17:06 38,496 --------- C:\WINDOWS\system32\drivers\VNUSB.sys
2008-02-18 08:16 . 2008-02-18 08:16 d-------- C:\Documents and Settings\stephejo\Application Data\Nikon
2008-02-18 08:16 . 2006-10-25 14:14 5,709,824 -r------- C:\WINDOWS\system32\NkNEFPlugin.dll
2008-02-18 08:16 . 2003-03-19 13:28 2,179,072 --------- C:\WINDOWS\system32\mfc71d.dll
2008-02-18 08:16 . 2003-03-19 14:20 1,060,864 --------- C:\WINDOWS\system32\MFC71.dll
2008-02-18 08:16 . 2002-01-06 06:48 974,848 --------- C:\WINDOWS\system32\mfc70.dll
2008-02-18 08:16 . 2003-03-19 12:04 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
2008-02-18 08:16 . 2003-03-19 13:14 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2008-02-18 08:16 . 2002-01-05 20:40 487,424 --------- C:\WINDOWS\system32\msvcp70.dll
2008-02-18 08:16 . 2003-02-21 21:42 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2008-02-18 08:16 . 2003-03-19 12:05 106,496 --------- C:\WINDOWS\system32\ATL71.DLL
2008-02-18 08:15 . 2008-02-18 08:15 d-------- C:\Program Files\Common Files\muvee Technologies
2008-02-18 08:15 . 2008-02-18 08:15 d-------- C:\Documents and Settings\stephejo\Application Data\ArcSoft
2008-02-18 08:15 . 2008-02-18 08:15 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
2008-02-18 08:15 . 2008-02-18 08:15 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
2008-02-18 08:15 . 2005-12-05 13:21 495,616 -r------- C:\WINDOWS\system32\DRAGNKL1.dll
2008-02-18 08:15 . 2006-08-10 15:35 180,224 -r------- C:\WINDOWS\system32\Strato4.dll
2008-02-18 08:15 . 2005-12-05 16:13 180,224 -r------- C:\WINDOWS\system32\picn1120.dll
2008-02-18 08:15 . 2005-12-05 16:13 155,648 -r------- C:\WINDOWS\system32\picn1020.dll
2008-02-18 08:15 . 2005-12-05 17:24 110,592 -r------- C:\WINDOWS\system32\RCSigProc.dll
2008-02-18 08:15 . 2005-12-05 17:24 76,800 -r------- C:\WINDOWS\system32\RedEye.dll
2008-02-18 08:15 . 2008-02-18 08:20 0 ---h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLds.DAT
2008-02-18 08:14 . 2008-02-18 08:14 d-------- C:\Program Files\Common Files\Nikon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 15:19 21,312 ----a-w C:\Documents and Settings\stephejo\Application Data\GDIPFONTCACHEV1.DAT
2008-02-21 17:40 21,312 ----a-w C:\Documents and Settings\windowsxp\Application Data\GDIPFONTCACHEV1.DAT
2008-01-24 15:07 --------- d-----w C:\Program Files\recorder
2008-01-20 14:25 --------- d-----w C:\Documents and Settings\stephejo\Application Data\Audio Record Edit Toolbox
2007-12-17 15:52 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-17 15:52 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-17 15:23 434,688 ------w C:\WINDOWS\system32\ss2uinst.exe
2007-12-11 16:32 19,552 ----a-w C:\Documents and Settings\Administrator1\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-28 19:41 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\System32\igfxtray.exe" [2002-10-15 23:18 155648]
"HotKeysCmds"="C:\windows\System32\hkcmd.exe" [2002-10-15 23:05 114688]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-11 12:39 151597]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" [2004-09-28 20:26 32881]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 06:23 54784 C:\WINDOWS\SOUNDMAN.EXE]
"SMSERIAL"="sm56hlpr.exe" [2004-01-28 23:42 565248 C:\WINDOWS\sm56hlpr.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-09 13:04 949376]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2007-10-11 12:58:57 192512]

C:\Documents and Settings\Administrator1\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2007-10-11 12:58:57 192512]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2008-03-05 20:03:58 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R2 SMSCGISVC;System Managment Controler;"C:\WINDOWS\system\smscg.exe" [2008-03-06 19:14]
S3 VNUSB;VN Series Device;C:\WINDOWS\System32\DRIVERS\VNUSB.sys [2006-04-07 17:06]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 14:12:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-09 14:12:39
ComboFix-quarantined-files.txt 2008-03-09 08:42:38

Sorry took time to reply u

Thank you for ur help!:)
 

·
Retired Moderator
Joined
·
72,109 Posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #7 ·
Hi,
Thank you 4 your reply!:p
I downloaded ATF-Cleaner.exe & emptied my temporary files, recyclebin …etc
Please have a look at my SUPERAntiSpyware Scan Log & new hijackthis log

:rolleyes:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/11/2008 at 08:24 PM

Application Version : 4.0.1154

Core Rules Database Version : 3416
Trace Rules Database Version: 1408

Scan type : Complete Scan
Total Scan Time : 00:28:46

Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 4343
Registry threats detected : 0
File items scanned : 20181
File threats detected : 0

Please see my latest hijackthis log…..
:eek:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:56 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system\smscg.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\System32\igfxtray.exe
C:\windows\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\stephejo\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &Download with FreeDAccelerator! - C:\Program Files\Free Download Accelerator 2\FreeDAccelerator.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Managment Controler (SMSCGISVC) - Unknown owner - C:\WINDOWS\system\smscg.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5188 bytes

&by the way I am using norton antivirus 2003 &my virus definitions are out of date (my last update was on 8/14/2002). Please give me the link where I can manually download my latest virus definitions without using live update.:eek:

Thank u 4 ur help.
 

·
Retired Moderator
Joined
·
72,109 Posts
1 - 8 of 8 Posts
Status
Not open for further replies.
Top