Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Returning Malware HJT Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Returning Malware HJT Log

Unread postby Shekb » June 4th, 2008, 11:44 pm

Here is the log you requested from malwarebyte

Malwarebytes' Anti-Malware 1.14
Database version: 812

11:34:28 PM 6/4/2008
mbam-log-6-4-2008 (23-34-28).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 117313
Time elapsed: 2 hour(s), 2 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm
Advertisement
Register to Remove

Re: Returning Malware HJT Log

Unread postby John B. » June 5th, 2008, 11:00 am

Hi,

Everything in the AVG log are clean. For more information on the ActiveX Compatibility lines see this discussion:
http://www.bleepingcomputer.com/forums/topic146069.html
The MalwareBytes' Anti-Malware log is also right now.

On the other hand, in the ComboFix log I found two things:
  • Your recovery console is not installed
  • Some unknown files (which are probably fine, but I just want to make sure)

Please follow these steps to work on those two problems.

Step 1: Upload malware for scanning
I'd like you to check a file/some files for malware.
C:\WINDOWS\Tw561a.ini
C:\WINDOWS\Tw561a.src

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.

Step 2: Install Recovery Console
Before you download the newest version of ComboFix please make sure there's no older version of ComboFix on your desktop! If there is one, please delete it.

Download Combofix from any of the links below, and save it to your desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: It is important that it is saved directly to your desktop!

Now go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System (select Windows XP Service Pack 2 when you are running Service Pack 3).

Image

Download the file & save it as it's originally named on your desktop next to ComboFix.exe.

Image

Now close any open browsers. Also close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to do that for your programs see this webpage:
http://www.bleepingcomputer.com/forums/topic114351.html

  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click Yes to run the full ComboFix scan. Do not mouseclick combofix's window while it's running. That may cause it to stall.

    Image
  • When finished, it will produce a report for you. This report will also be saved in C:\ComboFix.txt

Note: Remember to re-enable your anti virus and anti malware programs.

Step 3: Post logs
Please post the following logs in a reply to this topic:
  • Tell me how your computer is running and if you have anymore questions/problems
  • Fresh HijackThis log
  • VirusTotal/Jotti logs
  • ComboFix log

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: Returning Malware HJT Log

Unread postby Shekb » June 5th, 2008, 5:20 pm

Here's the combofix log

ComboFix 08-06-05.3 - Sr 2008-06-05 17:11:13.8 - NTFSx86
Running from: C:\Documents and Settings\Sr\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sr\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-04 20:24 . 2008-06-04 20:50 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-06-04 17:00 . 2008-06-05 16:37 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-04 17:00 . 2008-06-04 17:00 <DIR> d-------- C:\Documents and Settings\Sr\Application Data\AVGTOOLBAR
2008-06-04 17:00 . 2008-06-04 17:00 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-04 17:00 . 2008-06-04 17:00 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-04 17:00 . 2008-06-04 17:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-01 13:43 . 2008-06-01 15:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 13:43 . 2008-06-01 13:43 <DIR> d-------- C:\Documents and Settings\Sr\Application Data\Malwarebytes
2008-06-01 13:43 . 2008-06-01 13:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 13:43 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 13:43 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-29 17:35 . 2008-05-29 18:20 <DIR> d-------- C:\Documents and Settings\Sr\.SunDownloadManager
2008-05-07 18:05 . 2008-05-07 18:05 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-07 18:05 . 2008-05-07 18:05 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-07 18:05 . 2008-05-07 18:05 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-07 07:51 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-07 07:50 . 2008-04-13 20:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-05-07 07:50 . 2008-04-13 20:12 150,528 --------- C:\WINDOWS\system32\qagent.dll
2008-05-07 07:50 . 2008-04-13 20:12 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-05-07 07:50 . 2008-04-13 20:12 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-05-07 07:50 . 2008-04-13 20:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-05-07 07:50 . 2008-04-13 20:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-05-07 07:50 . 2008-04-13 20:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-05-07 07:50 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-07 07:49 . 2008-04-13 20:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-05-07 07:49 . 2008-04-13 20:12 193,024 --------- C:\WINDOWS\system32\napmontr.dll
2008-05-07 07:49 . 2008-04-13 20:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-05-07 07:49 . 2008-04-13 20:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-05-07 07:49 . 2008-04-13 20:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-05-07 07:49 . 2008-04-13 13:27 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-05-07 07:49 . 2008-04-13 13:27 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-05-07 07:49 . 2008-04-13 14:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-05-07 07:49 . 2008-04-13 20:12 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-05-07 07:48 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-05-07 07:48 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-05-07 07:48 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-05-07 07:48 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-05-07 07:47 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-05-07 07:47 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-05-07 07:47 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-05-07 07:47 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-05-07 07:47 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-05-07 07:47 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-05-07 07:46 . 2008-04-13 20:10 102,912 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-05-07 07:46 . 2008-04-13 14:53 36,608 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2008-05-07 07:46 . 2008-04-13 20:09 24,064 -----c--- C:\WINDOWS\system32\dllcache\pidgen.dll
2008-05-07 07:46 . 2008-04-13 20:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-05-07 07:46 . 2008-04-13 20:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-05-07 07:46 . 2007-06-21 01:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-05-07 07:45 . 2008-04-13 12:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-05-07 07:45 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\005975_.tmp
2008-05-07 07:43 . 2008-04-13 20:11 233,472 --------- C:\WINDOWS\system32\azroles.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 02:47 --------- d-----w C:\Program Files\FlashGet
2008-06-04 20:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-29 22:33 --------- d-----w C:\Program Files\Java
2008-05-29 20:56 --------- d-----w C:\Program Files\LimeWire
2008-05-20 20:55 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-20 20:48 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-04 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-04 14:24 --------- d-----w C:\Program Files\AVG
2008-05-03 17:18 --------- d-----w C:\Program Files\VP Eye
2008-05-03 17:17 --------- d-----w C:\Program Files\Vpeye
2008-05-03 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-27 18:19 --------- d-----w C:\Program Files\DivX
2008-04-27 18:02 --------- d-----w C:\Program Files\Ligos
2008-04-27 16:43 --------- d-----w C:\Documents and Settings\Sr\Application Data\DivX
2008-04-27 16:40 --------- d-----w C:\Program Files\Intel
2008-04-21 01:56 --------- d-----w C:\Program Files\Mozilla Firefox 2
2008-04-20 23:54 47,104 -c--a-w C:\WINDOWS\system32\KMVIDC32.DLL
2008-04-20 20:21 --------- d-----w C:\Program Files\Team 17
2008-04-18 21:32 --------- d-----w C:\Program Files\DirectX 9c
2008-04-17 00:13 --------- d-----w C:\Program Files\AoA Audio Extractor
2008-04-17 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 01:13 --------- d-----w C:\Program Files\Winamp
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 22:58 --------- d-----w C:\Program Files\Alcohol Soft
2008-04-13 22:52 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-13 22:26 --------- d-----w C:\Program Files\IsoBuster
2008-04-13 20:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ------w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-29_18.52.32.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 21:20:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 20:34:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 1999-01-12 15:39:16 6,656 ----a-w C:\WINDOWS\delttsul.exe
- 2008-05-04 14:26:52 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-06-04 21:00:19 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-04 17:00 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-04 17:00 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-02-01 22:59 3739672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 12:46 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"anvshell"="//~anvshell.exe" []
"LiveNote"="livenote.exe" [2002-07-11 05:31 40960 C:\WINDOWS\livenote.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-19 21:34 7110656]
"nwiz"="nwiz.exe" [2005-09-19 21:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-19 21:34 86016]
"LyraHD2TrayApp"="//~c:\program files\thomson\lyra jukebox\lyrahdtrayapp\lyrahd2trayapp.exe" [ ]
"SchedulingAgent"="mstinit.exe" [2008-04-13 20:12 12288 C:\WINDOWS\system32\mstinit.exe]
"AtiPTA"="atiptaxx.exe" [2001-09-27 02:39 245760 C:\WINDOWS\system32\atiptaxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-04 17:00 1177368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="mstask.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 20:12 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-01-24 09:22 2476408 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\Sr\\My Documents\\Jeux\\Age Of Empires II\\empires2.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Documents and Settings\\Sr\\My Documents\\Jeux\\Age Of Empires II\\age2_x1.exe"=
"C:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Documents and Settings\\Sr\\My Documents\\Jeux\\Valve\\Steam\\SteamApps\\makkkalister\\ricochet\\hl.exe"=
"C:\\Documents and Settings\\Sr\\My Documents\\Jeux\\Valve\\Steam\\SteamApps\\makkkalister\\condition zero\\hl.exe"=
"C:\\Documents and Settings\\Sr\\My Documents\\Jeux\\Valve\\Steam\\SteamApps\\makkkalister\\counter-strike\\hl.exe"=
"C:\\Documents and Settings\\Sr\\My Documents\\Jeux\\Valve\\Steam\\SteamApps\\makkkalister\\day of defeat\\hl.exe"=
"C:\\Documents and Settings\\Sr\\My Documents\\Jeux\\Valve\\Steam\\SteamApps\\makkkalister\\deathmatch classic\\hl.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Team 17\\Frontend.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 ANVOSDNT;ASUS Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\anvosdnt.sys [2005-10-08 09:25]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-04 17:00]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-04 17:00]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2001-09-27 01:32]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 21:50]
S1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys [2004-02-11 18:07]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 17:14:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-05 17:20:15
ComboFix-quarantined-files.txt 2008-06-05 21:19:49
ComboFix2.txt 2008-05-29 22:54:16

Pre-Run: 51,773,579,264 bytes free
Post-Run: 51,760,758,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="xp" xp
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

274 --- E O F --- 2008-05-20 20:56:35
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Re: Returning Malware HJT Log

Unread postby Shekb » June 5th, 2008, 5:21 pm

Here's and HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:39 PM, on 6/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.6.5:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [anvshell] //~anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LyraHD2TrayApp] //~c:\program files\thomson\lyra jukebox\lyrahdtrayapp\lyrahd2trayapp.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8825 bytes
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Re: Returning Malware HJT Log

Unread postby Shekb » June 5th, 2008, 5:23 pm

Here are the logs for both objects you wanted to be scanned

File Tw561a.ini received on 06.05.2008 22:45:27 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.26 2008.06.05 -
Authentium 5.1.0.4 2008.06.05 -
Avast 4.8.1195.0 2008.06.05 -
AVG 7.5.0.516 2008.06.05 -
BitDefender 7.2 2008.06.05 -
CAT-QuickHeal 9.50 2008.06.05 -
ClamAV 0.92.1 2008.06.05 -
DrWeb 4.44.0.09170 2008.06.05 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5850 2008.06.05 -
Ewido 4.0 2008.06.05 -
F-Prot 4.4.4.56 2008.06.05 -
F-Secure 6.70.13260.0 2008.06.05 -
Fortinet 3.14.0.0 2008.06.05 -
GData 2.0.7306.1023 2008.06.05 -
Ikarus T3.1.1.26.0 2008.06.05 -
Kaspersky 7.0.0.125 2008.06.05 -
McAfee 5311 2008.06.05 -
Microsoft 1.3604 2008.06.05 -
NOD32v2 3162 2008.06.05 -
Norman 5.80.02 2008.06.05 -
Panda 9.0.0.4 2008.06.05 -
Prevx1 V2 2008.06.05 -
Rising 20.47.32.00 2008.06.05 -
Sophos 4.30.0 2008.06.05 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.05 -
TheHacker 6.2.92.335 2008.06.05 -
VBA32 3.12.6.7 2008.06.05 -
VirusBuster 4.3.26:9 2008.06.05 -
Webwasher-Gateway 6.6.2 2008.06.05 -
Additional information
File size: 14385 bytes
MD5...: c739cf685aaa1a98921fc6dd76063c85
SHA1..: 8b3a6b64b3282241dd7f5966dcfc2e7aeb148927
SHA256: db12807f6dbec9eae1b709f02659b16a1792e7f98082348cabd617ada1376575
SHA512: f95ed74743a0fed403c44dacf58a1b8180cae936485445fff337a02252e3b0f6
8ddfa2bb52258d0c062d2ee0580c82ed7c5cc7381d47173609df7cefea527103
PEiD..: -
PEInfo: -

File Tw561a.src received on 06.05.2008 22:48:32 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/31 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.26 2008.06.05 -
Authentium 5.1.0.4 2008.06.05 -
Avast 4.8.1195.0 2008.06.05 -
AVG 7.5.0.516 2008.06.05 -
BitDefender 7.2 2008.06.05 -
CAT-QuickHeal 9.50 2008.06.05 -
ClamAV 0.92.1 2008.06.05 -
DrWeb 4.44.0.09170 2008.06.05 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5849 2008.06.05 -
Ewido 4.0 2008.06.05 -
F-Prot 4.4.4.56 2008.06.05 -
F-Secure 6.70.13260.0 2008.06.05 -
Fortinet 3.14.0.0 2008.06.05 -
GData 2.0.7306.1023 2008.06.05 -
Ikarus T3.1.1.26.0 2008.06.05 -
McAfee 5311 2008.06.05 -
Microsoft 1.3604 2008.06.05 -
NOD32v2 3162 2008.06.05 -
Norman 5.80.02 2008.06.05 -
Panda 9.0.0.4 2008.06.05 -
Prevx1 V2 2008.06.05 -
Rising 20.47.32.00 2008.06.05 -
Sophos 4.30.0 2008.06.05 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.05 -
TheHacker 6.2.92.335 2008.06.05 -
VBA32 3.12.6.7 2008.06.05 -
VirusBuster 4.3.26:9 2008.06.05 -
Webwasher-Gateway 6.6.2 2008.06.05 -
Additional information
File size: 7431 bytes
MD5...: a5b3a0399a71e8cd9c4d7a52354936c7
SHA1..: 1b987fa464c8cc6554890335216a45fe81200b3b
SHA256: 6597bdc98b55ea32e2b866a86f964aeff2b9b37e8458b3c573486070026cb12b
SHA512: dfe16a35044cab1e3b88f0d622c1d219f7517e83e8c0c067b376c8e7d5589b86
1eea411711f268383657ba1cd0d8e2e931c45e15c513c7333d642a1630636788
PEiD..: -
PEInfo: -
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Re: Returning Malware HJT Log

Unread postby Shekb » June 5th, 2008, 5:27 pm

I've always had a slow computer and I do know that I need more ram, but DDR1 ram is expensive

My computer is doing fine though for what I do with it

But it seems like I can't use a printer because my computer has problems with it's i368 or something like this folder
Everytime I try to plug in a printer, it doesn't work

Everything else USB related works though, I don't feel like formatting my computer for this though

Anyway, thanks for the help ! :mrgreen:
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Re: Returning Malware HJT Log

Unread postby John B. » June 6th, 2008, 1:35 pm

Hi,

As you can see the files I wanted you to scan are clean. The HijackThis log is also still clean, but in the ComboFix log I saw one file if which I am nearly sure that it is bad. Please scan it for me:
C:\WINDOWS\delttsul.exe

  • Copy/Paste the file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.

Please post those results.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: Returning Malware HJT Log

Unread postby Shekb » June 6th, 2008, 6:14 pm

Here are the results

look clean

File delttsul.exe received on 04.01.2008 12:06:14 (CET)
Current status: finished
Result: 0/31 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.4.1.1 2008.04.01 -
AntiVir 7.6.0.78 2008.04.01 -
Authentium 4.93.8 2008.03.31 -
Avast 4.7.1098.0 2008.03.31 -
AVG 7.5.0.516 2008.04.01 -
BitDefender 7.2 2008.04.01 -
CAT-QuickHeal 9.50 2008.03.31 -
ClamAV 0.92.1 2008.04.01 -
DrWeb 4.44.0.09170 2008.04.01 -
eSafe 7.0.15.0 2008.03.31 -
eTrust-Vet 31.3.5661 2008.04.01 -
Ewido 4.0 2008.03.31 -
F-Prot 4.4.2.54 2008.03.31 -
F-Secure 6.70.13260.0 2008.04.01 -
FileAdvisor 1 2008.04.01 -
Fortinet 3.14.0.0 2008.04.01 -
Ikarus T3.1.1.20 2008.04.01 -
Kaspersky 7.0.0.125 2008.04.01 -
McAfee 5263 2008.03.31 -
Microsoft 1.3301 2008.04.01 -
NOD32v2 2991 2008.04.01 -
Norman 5.80.02 2008.03.31 -
Panda 9.0.0.4 2008.03.31 -
Rising 20.38.10.00 2008.04.01 -
Sophos 4.28.0 2008.04.01 -
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.04.01 -
TheHacker 6.2.92.260 2008.04.01 -
VBA32 3.12.6.3 2008.03.25 -
VirusBuster 4.3.26:9 2008.03.31 -
Webwasher-Gateway 6.6.2 2008.04.01 -
Additional information
File size: 6656 bytes
MD5: 5374ff1d24799e7102e42215a9bb9ab2
SHA1: ac50d9487834048d5349bde8647b8118698b5a99
PEiD: InstallShield 2000
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Re: Returning Malware HJT Log

Unread postby John B. » June 7th, 2008, 2:08 am

Hi,

But it seems like I can't use a printer because my computer has problems with it's i368 or something like this folder
Everytime I try to plug in a printer, it doesn't work

For these things I recommend going to the CastleCops forums:
http://www.castlecops.com/forums.html
They have give good non-malware help and I am sure they will find out why printers do not work.
You can post at those forums unregistered, but if you register you can track your topic of course and registration is free. I recommend posting in this forum:
http://www.castlecops.com/f120-General_ ... blems.html

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, I got some tips & tricks for you to keep your computer clean and secure. The first few (like removing dangerous tools and Windows Update) have to be done, the others are optional (beginning with SpywareBlaster).

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:
  • Uninstall tools - The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.
    • Go to Start
    • Click on Run
    • Type ComboFix /u (Note: This command is case sensitive.)
    After doing that with ComboFix, you may delete any logs, and tools (like ComboFix itself), left on the desktop.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - Using a Firewall on your computer can be very important. Without a firewall your computer is susceptible to being hacked and taken over. There are some different situations you can be in where a third-party firewall may or may not be a good addition to your system:
    • If you are not using Windows XP or Vista, but an older version I recommend you to use a firewall.
    • If you are using Windows XP or Vista, but are on dial-up I recommend you to use a firewall.
    • If you are using Windows XP or Vista and are using broadband, but are not experienced in using firewalls and getting the choice to allow or disallow things I recommend you to use Windows Firewall.
    • If you are using Windows XP or Vista, are using broadband and experienced, I recommend you to disable Windows Firewall (as it is not perfect) and get a third-party firewall.

    Here are some firewalls which are free for personal use and most used:
    Kerio Personal Firewall (Free version after 30 days)
    Online Armor Free

    Or you could buy their paid version online or in a shop nearby:
    Kerio Personal Firewall (Continue paid version after 30 days)
    Online Armor or Online Armor AV+ with Anti-Virus included
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can download it here:
    SpywareBlaster
  • Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
    WinPatrol
    The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.
  • Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial here:
    WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
  • Bookmark general cleanup links - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (so now bookmark) these links for tips & tricks:
    Help! My computer is slow
    Slow Computer? Check here first; it may not be malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

>> Here << you can see how you can help us.

May your God go with you..

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: Returning Malware HJT Log

Unread postby NonSuch » June 8th, 2008, 4:12 am

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware