|
-
July 8th, 2009, 11:40 PM
#1
 HJT Log
Windows XP Home
GateWay P4
DSL
This problem disable the MS Firewall, the MS Security Center, the Norton antivirus software, remove access to regedit, changed user policies, disable safe boot, removed folder options from window explorer tool list, would not allow any exe file to launch program, would not allow web browser to link to any site that had HJT, Spybot, Etc Etc,
I have gotten around all of those issues, and have run every program I know to remove this infection, (25+ years experience) I've never seen anything like this one.
I am very careful with this type of infection, but I do believe it has now infected my clean machine via usb drive.
Here is the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:10 PM, on 7/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\3361\services.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
F3 - REG:win.ini: load=C:\WINNT\system32\msnfhs.exe
F3 - REG:win.ini: run=C:\WINNT\system32\msjozfxv.exe
O2 - BHO: (no name) - {746ae4e8-aedd-4a3b-9ea8-c9373c1dac12} - c:\winnt\system32\sfsgebs.dll
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINNT\system32\msrqtdq.exe
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Pat')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1005\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 (User 'Pat')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1005\..\Run: [A00F19E94.exe] C:\DOCUME~1\Pat\LOCALS~1\Temp\_A00F19E94.exe (User 'Pat')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1005\..\Run: [] C:\DOCUME~1\Pat\LOCALS~1\Temp\mqbld.exe (User 'Pat')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1005\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Pat\LOCALS~1\Temp\mqbld.exe (User 'Pat')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1005\..\Run: [Windows System Recover!] C:\DOCUME~1\Pat\LOCALS~1\Temp\lsass.exe (User 'Pat')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1005\..\Run: [A00F56887.exe] C:\DOCUME~1\Pat\LOCALS~1\Temp\_A00F56887.exe (User 'Pat')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1005\..\Run: [kell] c:\program Files\Manson\liser.exe (User 'Pat')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1005\..\Run: [ttool] C:\WINNT\9129837.exe (User 'Pat')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1006\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Bill')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1007\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl (User 'Xavier')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Mister W')
O4 - HKUS\S-1-5-21-3563514748-1417066420-3376078148-1008\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil9f.exe (User 'Mister W')
O4 - S-1-5-21-3563514748-1417066420-3376078148-1005 Startup: fmnupd32.exe (User 'Pat')
O4 - S-1-5-21-3563514748-1417066420-3376078148-1005 Startup: zqosys32.exe (User 'Pat')
O4 - S-1-5-21-3563514748-1417066420-3376078148-1005 User Startup: fmnupd32.exe (User 'Pat')
O4 - S-1-5-21-3563514748-1417066420-3376078148-1005 User Startup: zqosys32.exe (User 'Pat')
O4 - S-1-5-21-3563514748-1417066420-3376078148-1006 Startup: fmnupd32.exe (User 'Bill')
O4 - S-1-5-21-3563514748-1417066420-3376078148-1006 Startup: zqosys32.exe (User 'Bill')
O4 - S-1-5-21-3563514748-1417066420-3376078148-1006 User Startup: fmnupd32.exe (User 'Bill')
O4 - S-1-5-21-3563514748-1417066420-3376078148-1006 User Startup: zqosys32.exe (User 'Bill')
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} -
O20 - Winlogon Notify: kiftcwgz - C:\WINNT\SYSTEM32\sfsgebs.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\
--
End of file - 4116 bytes
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
