1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't Remove Trojan.in-t-e-r-n-e-t

Discussion in 'Virus & Other Malware Removal' started by SlipSlidenAway, Apr 9, 2008.

Thread Status:
Not open for further replies.
  1. SlipSlidenAway

    SlipSlidenAway Thread Starter

    Joined:
    Apr 8, 2008
    Messages:
    1
    System: Dell DIMENSION DIM4600
    O.S.: Microsoft Windows XP Professional Version 2002 - Service Pack 2
    Problem: Can't Remove Trojan.in-t-e-r-n-e-t from system
    Located In This Folder: C:\Windows\System32\Drivers\core.cache.dsk

    I have created a log file by using ComboFix, and here is the text from that file:


    ComboFix 07-08-09.3 - "My Name" 2008-04-08 19:58:19.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1605 [GMT -7:00]


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\temp\tn3
    C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete


    ((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))


    2008-04-08 20:24 <DIR> d-------- C:\Temp\tn3
    2008-04-01 21:03 390 --a------ C:\WINDOWS\SYSTEM32\SBFC.dat
    2008-04-01 21:03 0 --a------ C:\WINDOWS\SYSTEM32\SBRC.dat
    2008-03-27 21:30 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-03-26 21:48 15,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sbhr.sys
    2008-03-26 21:45 <DIR> d-------- C:\DOCUME~1\MICHAE~1\APPLIC~1\Sunbelt Software
    2008-03-26 21:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
    2008-03-26 21:44 <DIR> d-------- C:\Program Files\Sunbelt Software
    2008-03-16 14:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
    2008-03-16 11:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    2008-03-16 11:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2008-03-16 11:00 <DIR> d-------- C:\Program Files\Google


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-04-06 21:21 --------- d-------- C:\Program Files\uTorrent
    2008-03-26 21:04 167545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
    2008-03-16 11:03 --------- d-------- C:\DOCUME~1\MICHAE~1\APPLIC~1\Google
    2008-03-14 12:25 206 --a------ C:\WINDOWS\system32\abfdefcfc2_g.dll
    2008-03-06 19:05 --------- d-------- C:\DOCUME~1\MICHAE~1\APPLIC~1\Intuit
    2008-03-06 18:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2008-03-06 18:55 --------- d-------- C:\Program Files\Common Files\AnswerWorks 4.0
    2008-03-06 18:47 --------- d-------- C:\Program Files\TurboTax
    2008-02-24 14:00 --------- d-------- C:\Program Files\LinksLS98
    2008-02-22 14:15 10752 --a------ C:\WINDOWS\DCEBoot.exe
    2008-02-22 14:14 237864 --ahs---- C:\WINDOWS\system32\xyadd.ini2
    2008-02-21 20:24 --------- d-------- C:\Program Files\Windows Defender
    2008-02-21 20:01 7912 --a------ C:\WINDOWS\system32\ddyauqiu.dll
    2008-02-21 19:58 7890 --a------ C:\WINDOWS\system32\owumqvir.dll
    2008-02-21 19:57 7910 --a------ C:\WINDOWS\system32\ofuvgpnc.dll
    2008-02-21 19:56 235325 --ahs---- C:\WINDOWS\system32\xyadd.bak2
    2008-02-17 08:41 7926 --a------ C:\WINDOWS\system32\srinqjtb.dll
    2008-02-17 08:39 7912 --a------ C:\WINDOWS\system32\vnhhoudx.dll
    2008-02-17 08:39 7910 --a------ C:\WINDOWS\system32\ehmbskgy.dll
    2008-02-17 08:19 7926 --a------ C:\WINDOWS\system32\ighdmqys.dll
    2008-02-17 08:19 7912 --a------ C:\WINDOWS\system32\cinlrgnv.dll
    2008-02-17 08:18 7910 --a------ C:\WINDOWS\system32\uhybbsdk.dll
    2008-02-16 14:28 7912 --a------ C:\WINDOWS\system32\prrvmrhy.dll
    2008-02-16 14:27 7926 --a------ C:\WINDOWS\system32\tefcdleh.dll
    2008-02-16 14:21 7910 --a------ C:\WINDOWS\system32\plnatabm.dll
    2008-02-16 08:52 7926 --a------ C:\WINDOWS\system32\mujheqyt.dll
    2008-02-16 08:52 7912 --a------ C:\WINDOWS\system32\yteyuwjg.dll
    2008-02-16 08:50 7910 --a------ C:\WINDOWS\system32\ulrlmqrm.dll
    2008-02-16 00:30 7926 --a------ C:\WINDOWS\system32\hqeetpsf.dll
    2008-02-16 00:24 7910 --a------ C:\WINDOWS\system32\ghkmpocb.dll
    2008-02-15 16:00 7926 --a------ C:\WINDOWS\system32\hvfmenpx.dll
    2008-02-15 15:57 7912 --a------ C:\WINDOWS\system32\quajcbps.dll
    2008-02-15 15:56 7910 --a------ C:\WINDOWS\system32\qakfhrfc.dll
    2008-02-13 20:53 --------- d-------- C:\Program Files\Spyware Immobilizer
    2008-02-13 18:44 7948 --a------ C:\WINDOWS\system32\qgjvbgxi.dll
    2008-02-13 18:42 7956 --a------ C:\WINDOWS\system32\vijypivx.dll
    2008-02-13 18:26 7956 --a------ C:\WINDOWS\system32\yeurssvr.dll
    2008-02-13 17:59 7956 --a------ C:\WINDOWS\system32\ojimugbm.dll
    2008-02-13 17:56 7956 --a------ C:\WINDOWS\system32\unwqdwwg.dll
    2008-02-12 18:51 7948 --a------ C:\WINDOWS\system32\xigykujd.dll
    2008-02-12 18:38 7956 --a------ C:\WINDOWS\system32\jsmpkmeq.dll
    2008-02-12 18:29 7956 --a------ C:\WINDOWS\system32\ubselsdy.dll
    2008-02-12 17:59 7956 --a------ C:\WINDOWS\system32\osmffxcj.dll
    2008-02-11 22:37 7948 --a------ C:\WINDOWS\system32\liklcvsd.dll
    2008-02-11 22:35 7956 --a------ C:\WINDOWS\system32\msgcomol.dll
    2008-02-11 22:30 7956 --a------ C:\WINDOWS\system32\imousaug.dll
    2008-02-11 21:35 7948 --a------ C:\WINDOWS\system32\quxugbea.dll
    2008-02-11 21:06 7956 --a------ C:\WINDOWS\system32\lnmvcnfi.dll
    2008-02-11 21:01 7948 --a------ C:\WINDOWS\system32\ktijmact.dll
    2008-02-11 20:59 7956 --a------ C:\WINDOWS\system32\knsbkpcl.dll
    2008-02-11 18:16 7948 --a------ C:\WINDOWS\system32\lofonajq.dll
    2008-02-11 18:15 7956 --a------ C:\WINDOWS\system32\jnorenxk.dll
    2008-02-10 14:03 --------- d-------- C:\Program Files\RegClean
    2008-02-10 13:58 --------- d-------- C:\DOCUME~1\MICHAE~1\APPLIC~1\RegClean
    2008-02-10 13:39 7948 --a------ C:\WINDOWS\system32\txgmnyub.dll
    2008-02-10 13:35 7956 --a------ C:\WINDOWS\system32\wvjheosn.dll
    2008-02-10 13:32 7948 --a------ C:\WINDOWS\system32\fimnjurw.dll
    2008-02-10 09:24 7948 --a------ C:\WINDOWS\system32\kmfftbav.dll
    2008-02-10 08:53 7956 --a------ C:\WINDOWS\system32\rsvpnafp.dll
    2008-02-10 08:39 7948 --a------ C:\WINDOWS\system32\ytlmmnfn.dll
    2008-02-10 08:27 7956 --a------ C:\WINDOWS\system32\lakdbqsd.dll
    2008-02-09 13:19 7948 --a------ C:\WINDOWS\system32\ssoiseqw.dll
    2008-02-09 13:17 7956 --a------ C:\WINDOWS\system32\pcgagyku.dll
    2008-02-09 10:38 7948 --a------ C:\WINDOWS\system32\wdfgykjh.dll
    2008-02-09 10:36 7956 --a------ C:\WINDOWS\system32\akdkhxde.dll
    2008-02-08 21:57 7948 --a------ C:\WINDOWS\system32\pcajlrlj.dll
    2008-02-08 21:54 7956 --a------ C:\WINDOWS\system32\aulqbmyo.dll
    2008-02-08 21:52 7956 --a------ C:\WINDOWS\system32\cgvhdkiv.dll
    2008-02-08 17:25 7948 --a------ C:\WINDOWS\system32\wummhlsm.dll
    2008-02-08 17:23 7956 --a------ C:\WINDOWS\system32\aqkjnlgc.dll
    2008-02-08 17:20 7956 --a------ C:\WINDOWS\system32\sbrloxpj.dll
    2008-02-07 19:38 7948 --a------ C:\WINDOWS\system32\eukjvxra.dll
    2008-02-07 19:35 7956 --a------ C:\WINDOWS\system32\vswdmdco.dll
    2008-02-07 19:01 7948 --a------ C:\WINDOWS\system32\ojypcxrj.dll
    2008-02-07 19:00 7956 --a------ C:\WINDOWS\system32\asgesbqe.dll
    2008-02-06 21:23 7948 --a------ C:\WINDOWS\system32\soagsrys.dll
    2008-02-06 21:20 7956 --a------ C:\WINDOWS\system32\clxaxbpg.dll
    2008-02-04 18:23 693792 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
    2008-02-02 22:01 6522 --ahs---- C:\WINDOWS\system32\xyadd.bak1
    2008-01-10 22:53 44544 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2d9ba75-b7a8-4ebe-80d2-2f64b9385cda}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7D44AAE-3401-402C-98AD-54BCEEF5DC80}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DXDllRegExe"="dxdllreg.exe" []
    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-22 23:26]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-23 21:34]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-04-18 21:15]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-08-20 11:58]
    "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"="" []
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 11:00]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "Auf"="C:\Documents and Settings\My Name\My Documents\??sembly\w?nspool.exe" []
    "OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-12-28 23:53]

    C:\Documents and Settings\My Name\Start Menu\Programs\Startup\
    DESKTOP.INI [2007-09-02 20:48:23]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    DESKTOP.INI [2007-09-02 20:48:23]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-02-06 19:00:36]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-16 11:01:02]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjgdc]
    mljjgdc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqqr]
    rqrrqqr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuts]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ddayx

    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @="Hdc"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"

    R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
    R1 ati1rvxxx;ati1rvxxx;C:\WINDOWS\system32\drivers\ati1rvxxx.sys
    R2 CSS DVP;CSS DVP;C:\WINDOWS\system32\DRIVERS\css-dvp.sys
    R2 GRTdiMon;GR TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys
    R2 tmpreflt;tmpreflt;C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
    R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
    R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
    R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
    S1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
    S3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
    S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
    S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys
    S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys
    S3 pmxscan;Memorex USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    AutoRun\command- G:\LaunchU3.exe

    *Newly Created Service* - SBAPIFS

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-08 20:24:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2008-04-08 20:38:39 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2008-04-08 20:38
    C:\ComboFix2.txt ... 2008-03-26 21:11
    C:\ComboFix3.txt ... 2007-08-16 19:04

    --- E O F ---

    Please advise me in what should be my next step?
    Thanks again,
    SlipSlidenAway
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/701827

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice