Win32/Mariofev.A

View previous topic View next topic Go down

Win32/Mariofev.A

Post by fieldfoof on Wed Feb 24, 2010 1:47 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:59 AM, on 2/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Edline\GradeQuickWeb\2.14.0.40\GQWeb.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {657e0af9-182d-4213-a26a-4d3422e88237} - (no file)
O2 - BHO: (no name) - {bb3758e0-e813-4ea8-9383-874d79ae1998} - c:\windows\system32\snbbncq.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [diskeepersystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ccapp] -
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\laohq.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\laohq.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2030289920.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [nDler2] \\?\globalroot\systemroot\system32\nDler2.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: ActiveGS.cab - [You must be registered and logged in to see this link.]
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{43ABBE9F-A685-4A69-9DB8-F4E86A74A7C9}: NameServer = 129.71.1.1,129.71.254.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{43ABBE9F-A685-4A69-9DB8-F4E86A74A7C9}: NameServer = 129.71.1.1,129.71.254.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{43ABBE9F-A685-4A69-9DB8-F4E86A74A7C9}: NameServer = 129.71.1.1,129.71.254.5
O20 - AppInit_DLLs: c:\windows\system32\hidujuku.dll c:\windows\system32\zulemuju.dll c:\windows\system32\bazabezi.dll c:\windows\system32\vodawoja.dll c:\windows\system32\zupizuma.dll c:\windows\system32\dayiwiwu.dll c:\windows\system32\mekohige.dll c:\windows\system32\diwunawo.dll c:\windows\system32\nowaziho.dll c:\windows\system32\sowimudu.dll c:\windows\system32\gofadadi.dll c:\windows\system32\tugufapi.dll c:\windows\system32\nonepabo.dll c:\windows\system32\navavaze.dll c:\windows\system32\lekiviso.dll c:\windows\system32\hohazevu.dll c:\windows\system32\gegikogi.dll c:\windows\system32\zeyivule.dll c:\windows\system32\vayatoza.dll c:\windows\system32\pizakuma.dll c:\windows\system32\habemoya.dll c:\windows\system32\helubiga.dll c:\windows\system32\difebebu.dll c:\windows\system32\rugahojo.dll c:\windows\system32\fasamifo.dll c:\windows\system32\pubulasi.dll c:\windows\system32\dudujuho.dll c:\windows\system32\napagile.dll c:\windows\system32\gokipejo.dll c:\windows\system32\talelugi.dll c:\windows\s
O20 - Winlogon Notify: kugszxuy - C:\WINDOWS\SYSTEM32\snbbncq.dll
O21 - SSODL: puweteriy - {ba8cf3e1-9873-4f4b-bbd5-b044f792b555} - (no file)
O21 - SSODL: hojanudun - {7d033934-5335-49db-bee5-340a583d2844} - (no file)
O21 - SSODL: japayugut - {001ac158-14c3-48ae-a078-761b55914bd7} - (no file)
O21 - SSODL: bokeduguh - {5201b221-cb6a-4860-a3df-5c8338a408c7} - (no file)
O21 - SSODL: dumupameg - {070fedbd-8dd2-4448-af24-188dfdc55fbe} - (no file)
O21 - SSODL: loguboraw - {95d71a88-ee16-4a89-927d-fde6fa952ee3} - (no file)
O21 - SSODL: kukuvituv - {87507643-fb07-43c4-bd46-58db5e824257} - (no file)
O21 - SSODL: rubomovib - {a6b77f7b-d496-4268-a3a6-95d26bd35c2c} - (no file)
O21 - SSODL: wasotejez - {4853aba8-ce4c-4ab3-b22b-893e5cc8d3ff} - (no file)
O21 - SSODL: tijapigos - {a7d5b401-fdd3-444c-86f5-8465a07fb9ae} - (no file)
O21 - SSODL: gutazivah - {dc6fedc7-041c-419d-9d15-7f12db934397} - (no file)
O21 - SSODL: gekilekod - {3e6b50d6-a2e1-4165-98e6-644d3eb02492} - (no file)
O21 - SSODL: wofivudem - {eec9db7f-450f-45b8-8158-b70ad5239098} - (no file)
O21 - SSODL: divozulan - {26e8eb98-9147-4f67-9a0c-cd670c30becb} - (no file)
O21 - SSODL: wetiwotip - {68c6c042-4800-44ea-939e-f04a7f294092} - (no file)
O21 - SSODL: lomipepah - {2506b74c-638e-48ab-b6dd-68b02cbe0f73} - (no file)
O21 - SSODL: semayerod - {deb8ac9c-7628-4b40-9a08-9fea86929c31} - (no file)
O21 - SSODL: poyitilos - {f670ef54-d316-4604-a6eb-cb4165d138a2} - (no file)
O21 - SSODL: jalenuhos - {c06b65b4-3819-4b6f-a697-c80c8bdd42ff} - (no file)
O21 - SSODL: gagiyipab - {d2d8b5d0-3526-42fb-9b83-41e0c0746f08} - (no file)
O21 - SSODL: nafomawef - {649de197-0322-45ee-859c-bf5e8e6cc4a3} - (no file)
O21 - SSODL: sipegijij - {db0e43b5-ff65-4370-80d7-59a5fc4a6137} - (no file)
O21 - SSODL: hagunapib - {0f590ef4-6030-4999-9539-69c251fd9d5e} - (no file)
O21 - SSODL: neredajug - {ce3694aa-ae37-40c0-ade0-8d7f0d9fc60d} - (no file)
O21 - SSODL: yagabiyaj - {80fc6fdb-e91d-4c87-aa7d-6cf67cb8a22f} - (no file)
O21 - SSODL: vuhoromev - {9f363553-9e5e-425b-9303-f95ee58f6732} - (no file)
O21 - SSODL: jihamalem - {7e56e5fb-18d6-496e-84f7-4430de42455c} - (no file)
O21 - SSODL: boposukop - {03482533-591c-4f69-9c09-276dcf16660d} - (no file)
O21 - SSODL: gogetevem - {9b24d034-2d21-452a-8ab5-715c3ce4c5a7} - (no file)
O21 - SSODL: yanenipiw - {cd80c21f-832c-4aa2-bd95-bef870311e51} - (no file)
O21 - SSODL: pesazener - {b93717f5-e808-4ee0-a59c-759a550b0d5c} - (no file)
O21 - SSODL: fiwewedif - {a8421f93-8251-48e7-a3a8-42f975ea022b} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {ba8cf3e1-9873-4f4b-bbd5-b044f792b555} - (no file)
O22 - SharedTaskScheduler: jugezatag - {7d033934-5335-49db-bee5-340a583d2844} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {001ac158-14c3-48ae-a078-761b55914bd7} - (no file)
O22 - SharedTaskScheduler: jugezatag - {5201b221-cb6a-4860-a3df-5c8338a408c7} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {070fedbd-8dd2-4448-af24-188dfdc55fbe} - (no file)
O22 - SharedTaskScheduler: jugezatag - {95d71a88-ee16-4a89-927d-fde6fa952ee3} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {87507643-fb07-43c4-bd46-58db5e824257} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {a6b77f7b-d496-4268-a3a6-95d26bd35c2c} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {4853aba8-ce4c-4ab3-b22b-893e5cc8d3ff} - (no file)
O22 - SharedTaskScheduler: gahurihor - {a7d5b401-fdd3-444c-86f5-8465a07fb9ae} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {dc6fedc7-041c-419d-9d15-7f12db934397} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {3e6b50d6-a2e1-4165-98e6-644d3eb02492} - (no file)
O22 - SharedTaskScheduler: jugezatag - {eec9db7f-450f-45b8-8158-b70ad5239098} - (no file)
O22 - SharedTaskScheduler: gahurihor - {26e8eb98-9147-4f67-9a0c-cd670c30becb} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {68c6c042-4800-44ea-939e-f04a7f294092} - (no file)
O22 - SharedTaskScheduler: jugezatag - {2506b74c-638e-48ab-b6dd-68b02cbe0f73} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {deb8ac9c-7628-4b40-9a08-9fea86929c31} - (no file)
O22 - SharedTaskScheduler: jugezatag - {f670ef54-d316-4604-a6eb-cb4165d138a2} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {c06b65b4-3819-4b6f-a697-c80c8bdd42ff} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {d2d8b5d0-3526-42fb-9b83-41e0c0746f08} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {649de197-0322-45ee-859c-bf5e8e6cc4a3} - (no file)
O22 - SharedTaskScheduler: gahurihor - {db0e43b5-ff65-4370-80d7-59a5fc4a6137} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {0f590ef4-6030-4999-9539-69c251fd9d5e} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {ce3694aa-ae37-40c0-ade0-8d7f0d9fc60d} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {80fc6fdb-e91d-4c87-aa7d-6cf67cb8a22f} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {9f363553-9e5e-425b-9303-f95ee58f6732} - (no file)
O22 - SharedTaskScheduler: gahurihor - {7e56e5fb-18d6-496e-84f7-4430de42455c} - (no file)
O22 - SharedTaskScheduler: jugezatag - {03482533-591c-4f69-9c09-276dcf16660d} - (no file)
O22 - SharedTaskScheduler: jugezatag - {9b24d034-2d21-452a-8ab5-715c3ce4c5a7} - (no file)
O22 - SharedTaskScheduler: tokatiluy - {cd80c21f-832c-4aa2-bd95-bef870311e51} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {b93717f5-e808-4ee0-a59c-759a550b0d5c} - (no file)
O22 - SharedTaskScheduler: gahurihor - {a8421f93-8251-48e7-a3a8-42f975ea022b} - (no file)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13039 bytes

fieldfoof
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-02-24
OS OS : XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Win32/Mariofev.A

Post by Dr Jay on Wed Feb 24, 2010 2:34 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum