Other > Viruses and worms

Win32:BHO-KD [Trj] is reoccuring and cannot be deleted

<< < (2/5) > >>

xd: File C:\WINDOWS\SYSTEM32\sttgrxty.dll is infected by Win32:Klone-CJ [trj], Deleted File C:\WINDOWS\SYSTEM32\sweqhdjo.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\sydvgylg.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\taurbjrb.exe is infected by Win32:Obfuscated-CCV [trj], Deleted File C:\WINDOWS\SYSTEM32\tccjxteb.dll is infected by Win32:Vundo-gen47 [Adw], Deleted File C:\WINDOWS\SYSTEM32\tcrnrexg.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\tdikdclu.dll is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\tdqnxsfj.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\tdropptj.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\tedyrxet.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\tehvbops.dll is infected by Win32:Vundo-gen49 [Adw], Deleted File C:\WINDOWS\SYSTEM32\tepuhfje.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\tfbvpnyg.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\tfqaudnr.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\tgufubdl.dll is infected by Win32:Trojan-gen {Other}, Deleted File C:\WINDOWS\SYSTEM32\tpgchvke.dll is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\tqkpnupu.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\tqlpamym.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\tvnpyren.dll is infected by Win32:Vundo-gen47 [Adw], Deleted File C:\WINDOWS\SYSTEM32\txeldsus.dll is infected by Win32:Trojan-gen {Other}, Deleted File C:\WINDOWS\SYSTEM32\uatosuii.dll is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\uhdaelgm.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\ujqxxqln.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\ulsxkpkk.exe is infected by Win32:Agent-LML [trj], Deleted File C:\WINDOWS\SYSTEM32\umyevbrh.exe\[PECompact] is infected by Win32:Agent-ISI [trj], Deleted File C:\WINDOWS\SYSTEM32\unupidla.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\uyodmcqb.exe is infected by Win32:Obfuscated-CCV [trj], Deleted File C:\WINDOWS\SYSTEM32\vckjuqpo.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\vdneyywc.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\vdxnahax.exe is infected by Win32:Agent-ISI [trj], Deleted File C:\WINDOWS\SYSTEM32\vejwtobv.dll is infected by Win32:Klone-BQ [trj], Deleted File C:\WINDOWS\SYSTEM32\vgwnnqsf.exe is infected by Win32:Agent-ISI [trj], Deleted File C:\WINDOWS\SYSTEM32\vifuqnpo.dll is infected by Win32:Trojan-gen {Other}, Deleted File C:\WINDOWS\SYSTEM32\vipcnxuq.exe is infected by Win32:Obfuscated-CCV [trj], Deleted File C:\WINDOWS\SYSTEM32\vjltsxmv.exe is infected by Win32:Agent-ISI [trj], Deleted File C:\WINDOWS\SYSTEM32\vkovoqeq.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\vokuwgno.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\vpadiglh.dll is infected by Win32:Klone-BU [trj], Deleted File C:\WINDOWS\SYSTEM32\vpybmhnw.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\vqrlesax.dll is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\vrkykesf.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\vsvcarcu.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\vubglyft.dll is infected by Win32:Vundo-gen49 [Adw], Deleted File C:\WINDOWS\SYSTEM32\vyctpgqb.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\wbbdxdyb.dll is infected by Win32:Vundo-gen49 [Adw], Deleted File C:\WINDOWS\SYSTEM32\wdvlfaig.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\wetwusek.exe is infected by Win32:Obfuscated-CCV [trj], Deleted File C:\WINDOWS\SYSTEM32\wfmjxpyj.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\whuxtqed.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\wkyephre.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\wncoxsyl.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\wndpaqjl.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\wnftcgfg.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\wnxyuscb.dll is infected by Win32:Vundo-gen49 [Adw], Deleted File C:\WINDOWS\SYSTEM32\wpaevoma.exe is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\wpuhudnt.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\wqrlehor.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\wviivygv.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\xaaaluqs.dll is infected by Win32:Trojan-gen {Other}, Deleted File C:\WINDOWS\SYSTEM32\xcgqylsy.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\xesviqad.dll is infected by Win32:Vundo-gen47 [Adw], Deleted File C:\WINDOWS\SYSTEM32\xgsuhwco.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\xijtwpub.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\xixbrmlb.dll is infected by Win32:Vundo-gen47 [Adw], Deleted File C:\WINDOWS\SYSTEM32\xjbvdlyk.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\xkyaqybk.exe is infected by Win32:Obfuscated-CCV [trj], Deleted File C:\WINDOWS\SYSTEM32\xllnejlw.dll is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\xmdkjxyv.dll is infected by Win32:Klone-CF [trj], Deleted File C:\WINDOWS\SYSTEM32\xmurhevs.exe is infected by Win32:Agent-HZS [trj], Deleted File C:\WINDOWS\SYSTEM32\xoggonpn.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\xogirvje.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\xoryhjvj.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\xruxqqag.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\xsrxobwr.exe is infected by Win32:Obfuscated-CCV [trj], Deleted File C:\WINDOWS\SYSTEM32\xthoyvbj.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\xuqsjbtb.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\xvkakfwr.dll is infected by Win32:Trojan-gen {Other}, Deleted File C:\WINDOWS\SYSTEM32\xwadircr.exe\[PECompact] is infected by Win32:Agent-ISI [trj], Deleted File C:\WINDOWS\SYSTEM32\ybyetnrb.exe is infected by Win32:Obfuscated-CCV [trj], Deleted File C:\WINDOWS\SYSTEM32\ycserule.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\ycuxcehq.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\yesvgvmy.dll is infected by Win32:Trojan-gen {Other}, Deleted File C:\WINDOWS\SYSTEM32\yfmviumy.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\yfsoilew.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\yhtqlnfb.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\yisnkqkm.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\ykjotobr.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\ylhbsqke.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\yloxnlkg.exe\[PECompact] is infected by Win32:Agent-ISI [trj], Deleted File C:\WINDOWS\SYSTEM32\ynbnmsfx.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\ynenyhpf.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\yonwnpqo.dll is infected by Win32:Klone-BJ [trj], Deleted File C:\WINDOWS\SYSTEM32\yqvbiyci.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\yrhvglgm.dll is infected by Win32:Trojan-gen {Other}, Deleted File C:\WINDOWS\SYSTEM32\ysnqjnyc.dll\[Morphine] is infected by Win32:Adware-gen [Adw], Deleted File C:\WINDOWS\SYSTEM32\yuexlkas.exe is infected by Win32:Agent-LAP [trj], Deleted File C:\WINDOWS\SYSTEM32\ywsyaqpq.dll is infected by Win32:Vundo-gen49 [Adw], Deleted File C:\WINDOWS\SYSTEM32\yxdmcxmx.exe is infected by Win32:Agent-JOH [trj], Deleted File C:\WINDOWS\SYSTEM32\yxiisggy.dll is infected by Win32:Vundo-gen49 [Adw], Deleted Number of searched folders: 8232 Number of tested files: 88960 Number of infected files: 436

1975maggie: You're going to need these two programs at least. Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall. Click here to download HJTsetup.exe [*]Save HJTsetup.exe to your desktop. [*]Doubleclick on the HJTsetup.exe icon on your desktop. [*]By default it will install to C:\Program Files\Hijack This. [*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. [*]Put a check by Create a desktop icon then click Next again. [*]Continue to follow the rest of the prompts from there. [*]At the final dialogue box click Finish and it will launch Hijack This. [*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. [*]Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. [*]Come back here to this thread and Paste the log in your next reply. [*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. [/list] Run combofix first then HJT  thanks

xd: Thank you so much for the instruction! :)  I just ran Combofix and the Log is followed.  QUESTION: why did Combofix bring back IE icon on my desktop? I use Firefox.  I've been trying to remove IE off my computer and it wouldn't let me.  But it's been off the map for a while.  Strange to see it back again after downloading Combofix.  Should I be concerned?  And now I'm going to run HJT.  Please wait. ComboFix 08-01-28.2 - Kittie 2008-01-28 10:34:56.1 - NTFSx86 Microsoft Windows XP Home Edition  5.1.2600.2.936.86.1033.18.201 [GMT -5:00] Running from: C:\Documents and Settings\Kittie\Desktop\ComboFix.exe  * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dcyxloc.dll C:\WINDOWS\system32\drivers\wterazjq.dat C:\Documents and Settings\Kittie\Application Data\macromedia\Flash Player\#SharedObjects\HE3D9K29\www.broadcaster.com C:\Documents and Settings\Kittie\Application Data\macromedia\Flash Player\#SharedObjects\HE3D9K29\www.broadcaster.com\bc_video_vars.sol C:\Documents and Settings\Kittie\Application Data\macromedia\Flash Player\#SharedObjects\HE3D9K29\www.inter-focus.cn C:\Documents and Settings\Kittie\Application Data\macromedia\Flash Player\#SharedObjects\HE3D9K29\www.inter-focus.cn\flashad.swf\IFFLASHAD.sol C:\Documents and Settings\Kittie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Kittie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\Kittie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn C:\Documents and Settings\Kittie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol C:\Program Files\MyWay C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL C:\WINDOWS\cookies.ini C:\WINDOWS\system32\dcyxloc.dll C:\WINDOWS\system32\drivers\wterazjq.dat C:\WINDOWS\system32\mcrh.tmp . (((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_OMHSDDPC -------\omhsddpc (((((((((((((((((((((((((   Files Created from 2007-12-28 to 2008-01-28  ))))))))))))))))))))))))))))))) . 2008-01-10 15:27 . 2008-01-10 15:27   90,112   --a------   C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27   57,344   --a------   C:\WINDOWS\SYSTEM32\QuickTime.qts . ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-21 18:30   ---------   d-----w   C:\Program Files\iTunes 2008-02-21 18:29   ---------   d-----w   C:\Program Files\iPod 2008-02-21 18:27   ---------   d-----w   C:\Program Files\QuickTime 2007-12-04 14:56   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55   94,544   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys 2007-05-08 03:14   51,592   ----a-w   C:\Documents and Settings\Kittie\Application Data\GDIPFONTCACHEV1.DAT 2005-04-10 09:14   1,943,936   ----a-w   C:\Program Files\pn31lous.exe 2004-12-20 01:52   4,032,512   ----a-w   C:\Program Files\msgrplus.exe 2004-11-24 02:38   7,071,334   ----a-w   C:\Program Files\vlc-0.8.1-win32.exe 2004-11-24 02:19   2,376,448   ----a-w   C:\Program Files\Cdivx.exe . (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{301DEC3E-BEA4-4166-863F-4A9D6020B5Db}]          C:\WINDOWS\system32\rxlycdhp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6F5B5F7-A020-4FCA-858F-7CE0C85DE59D}]          C:\WINDOWS\Microsoft.NET\odsxep.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360] "Aim6"="" [] "OfotoNow USB Detection"="C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 09:32 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 11:43 53248] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15 290816] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "DwlClient"="c:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 20:05 323584] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "j5251532"="C:\WINDOWS\system32\j5251532.dll" [ ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] C:\Documents and Settings\Kittie\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-26 21:39:10 110592] Shortcut to PsnLite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 13:26:54 2080768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\odsxep] C:\WINDOWS\Microsoft.NET\odsxep.dll R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 18:17] . Contents of the 'Scheduled Tasks' folder "2008-01-17 15:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2004-09-26 00:31:52 C:\WINDOWS\Tasks\ISP signup reminder 1.job" - C:\WINDOWS\System32\OOBE\OOBEBALN.EXE "2008-02-21 18:46:12 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-28 10:41:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RunDLL32.exe c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe . ************************************************************************** . Completion time: 2008-01-28 10:44:59 - machine was rebooted ComboFix-quarantined-files.txt  2008-01-28 15:44:56 . 2008-01-10 02:37:45   --- E O F ---

xd: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:15 AM, on 1/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\conime.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RunDLL32.exe c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {301DEC3E-BEA4-4166-863F-4A9D6020B5Db} - C:\WINDOWS\system32\rxlycdhp.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {B6F5B5F7-A020-4FCA-858F-7CE0C85DE59D} - C:\WINDOWS\Microsoft.NET\odsxep.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [j5251532] rundll32 C:\WINDOWS\system32\j5251532.dll sook O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Shortcut to PsnLite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097300065745 O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68/ePlayer/2_0/ACNePlayer.cab O20 - Winlogon Notify: odsxep - C:\WINDOWS\Microsoft.NET\odsxep.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 8563 bytes

1975maggie: IE is a now a part of window and required for some updates, such as some windows updates and java updates. It's nothing to worry about, just set firefox as your default browser. The icon is just a shortcut to ie. Please submit this file to www.virustotal .com for analysis copy and paste this line into the submit a file box on their site, click send file and please post the results. C:\WINDOWS\system32\j5251532.dll   Open HJT, run a system scan only, check mark these lines if present O2 - BHO: (no name) - {301DEC3E-BEA4-4166-863F-4A9D6020B5Db} - C:\WINDOWS\system32\rxlycdhp.dll (file missing) O2 - BHO: (no name) - {B6F5B5F7-A020-4FCA-858F-7CE0C85DE59D} - C:\WINDOWS\Microsoft.NET\odsxep.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O20 - Winlogon Notify: odsxep - C:\WINDOWS\Microsoft.NET\odsxep.dll (file missing)    Close all other browsers/windows, click fix, close HJT. There are some entries for windows messenger with missing files. If you have uninstalled windows messenger you can also fix these lines as above O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)   There are still some traces of old versions of java, It can be exploited by malware, you can get the newest version here. Open an Internet Explorer (only) window and go to http://java.sun.com/javase/downloads/index.jsp > Scroll down to "Java Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications". Click the download button on the right.  > If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content.  You do not have to install the Java Web Start ActiveX Control Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u4-windows-i586-p.exe to your desktop; do not Run it. When the download is complete, Open Control Panel > Add/Remove Programs: Uninstall anything that says Sun Java, Java JRE, or similar. Close Add/Remove Programs. In Windows Explorer, navigate to C:\Program Files\Java <=this folder, if found. Delete any subfolders it may contain. Do NOT delete C:\Program Files\JavaVM <=this folder, if found! Reboot your computer. Double-click on the saved file to install the update. Delete the downloaded installation file after completing the above procedure  and reboot if not prompted to do so. Please post the virustotal results and a new HJT log. Thanks.

Navigation

 Message Index

Next page

Previous page

Go to full version