Can't Remove Trojan.in-t-e-r-n-e-t

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

SlipSlidenAway

Thread Starter
Joined
Apr 8, 2008
Messages
1
System: Dell DIMENSION DIM4600
O.S.: Microsoft Windows XP Professional Version 2002 - Service Pack 2
Problem: Can't Remove Trojan.in-t-e-r-n-e-t from system
Located In This Folder: C:\Windows\System32\Drivers\core.cache.dsk

I have created a log file by using ComboFix, and here is the text from that file:


ComboFix 07-08-09.3 - "My Name" 2008-04-08 19:58:19.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1605 [GMT -7:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete


((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))


2008-04-08 20:24 <DIR> d-------- C:\Temp\tn3
2008-04-01 21:03 390 --a------ C:\WINDOWS\SYSTEM32\SBFC.dat
2008-04-01 21:03 0 --a------ C:\WINDOWS\SYSTEM32\SBRC.dat
2008-03-27 21:30 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-26 21:48 15,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sbhr.sys
2008-03-26 21:45 <DIR> d-------- C:\DOCUME~1\MICHAE~1\APPLIC~1\Sunbelt Software
2008-03-26 21:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
2008-03-26 21:44 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-03-16 14:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2008-03-16 11:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2008-03-16 11:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2008-03-16 11:00 <DIR> d-------- C:\Program Files\Google


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-04-06 21:21 --------- d-------- C:\Program Files\uTorrent
2008-03-26 21:04 167545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-16 11:03 --------- d-------- C:\DOCUME~1\MICHAE~1\APPLIC~1\Google
2008-03-14 12:25 206 --a------ C:\WINDOWS\system32\abfdefcfc2_g.dll
2008-03-06 19:05 --------- d-------- C:\DOCUME~1\MICHAE~1\APPLIC~1\Intuit
2008-03-06 18:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2008-03-06 18:55 --------- d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-03-06 18:47 --------- d-------- C:\Program Files\TurboTax
2008-02-24 14:00 --------- d-------- C:\Program Files\LinksLS98
2008-02-22 14:15 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-02-22 14:14 237864 --ahs---- C:\WINDOWS\system32\xyadd.ini2
2008-02-21 20:24 --------- d-------- C:\Program Files\Windows Defender
2008-02-21 20:01 7912 --a------ C:\WINDOWS\system32\ddyauqiu.dll
2008-02-21 19:58 7890 --a------ C:\WINDOWS\system32\owumqvir.dll
2008-02-21 19:57 7910 --a------ C:\WINDOWS\system32\ofuvgpnc.dll
2008-02-21 19:56 235325 --ahs---- C:\WINDOWS\system32\xyadd.bak2
2008-02-17 08:41 7926 --a------ C:\WINDOWS\system32\srinqjtb.dll
2008-02-17 08:39 7912 --a------ C:\WINDOWS\system32\vnhhoudx.dll
2008-02-17 08:39 7910 --a------ C:\WINDOWS\system32\ehmbskgy.dll
2008-02-17 08:19 7926 --a------ C:\WINDOWS\system32\ighdmqys.dll
2008-02-17 08:19 7912 --a------ C:\WINDOWS\system32\cinlrgnv.dll
2008-02-17 08:18 7910 --a------ C:\WINDOWS\system32\uhybbsdk.dll
2008-02-16 14:28 7912 --a------ C:\WINDOWS\system32\prrvmrhy.dll
2008-02-16 14:27 7926 --a------ C:\WINDOWS\system32\tefcdleh.dll
2008-02-16 14:21 7910 --a------ C:\WINDOWS\system32\plnatabm.dll
2008-02-16 08:52 7926 --a------ C:\WINDOWS\system32\mujheqyt.dll
2008-02-16 08:52 7912 --a------ C:\WINDOWS\system32\yteyuwjg.dll
2008-02-16 08:50 7910 --a------ C:\WINDOWS\system32\ulrlmqrm.dll
2008-02-16 00:30 7926 --a------ C:\WINDOWS\system32\hqeetpsf.dll
2008-02-16 00:24 7910 --a------ C:\WINDOWS\system32\ghkmpocb.dll
2008-02-15 16:00 7926 --a------ C:\WINDOWS\system32\hvfmenpx.dll
2008-02-15 15:57 7912 --a------ C:\WINDOWS\system32\quajcbps.dll
2008-02-15 15:56 7910 --a------ C:\WINDOWS\system32\qakfhrfc.dll
2008-02-13 20:53 --------- d-------- C:\Program Files\Spyware Immobilizer
2008-02-13 18:44 7948 --a------ C:\WINDOWS\system32\qgjvbgxi.dll
2008-02-13 18:42 7956 --a------ C:\WINDOWS\system32\vijypivx.dll
2008-02-13 18:26 7956 --a------ C:\WINDOWS\system32\yeurssvr.dll
2008-02-13 17:59 7956 --a------ C:\WINDOWS\system32\ojimugbm.dll
2008-02-13 17:56 7956 --a------ C:\WINDOWS\system32\unwqdwwg.dll
2008-02-12 18:51 7948 --a------ C:\WINDOWS\system32\xigykujd.dll
2008-02-12 18:38 7956 --a------ C:\WINDOWS\system32\jsmpkmeq.dll
2008-02-12 18:29 7956 --a------ C:\WINDOWS\system32\ubselsdy.dll
2008-02-12 17:59 7956 --a------ C:\WINDOWS\system32\osmffxcj.dll
2008-02-11 22:37 7948 --a------ C:\WINDOWS\system32\liklcvsd.dll
2008-02-11 22:35 7956 --a------ C:\WINDOWS\system32\msgcomol.dll
2008-02-11 22:30 7956 --a------ C:\WINDOWS\system32\imousaug.dll
2008-02-11 21:35 7948 --a------ C:\WINDOWS\system32\quxugbea.dll
2008-02-11 21:06 7956 --a------ C:\WINDOWS\system32\lnmvcnfi.dll
2008-02-11 21:01 7948 --a------ C:\WINDOWS\system32\ktijmact.dll
2008-02-11 20:59 7956 --a------ C:\WINDOWS\system32\knsbkpcl.dll
2008-02-11 18:16 7948 --a------ C:\WINDOWS\system32\lofonajq.dll
2008-02-11 18:15 7956 --a------ C:\WINDOWS\system32\jnorenxk.dll
2008-02-10 14:03 --------- d-------- C:\Program Files\RegClean
2008-02-10 13:58 --------- d-------- C:\DOCUME~1\MICHAE~1\APPLIC~1\RegClean
2008-02-10 13:39 7948 --a------ C:\WINDOWS\system32\txgmnyub.dll
2008-02-10 13:35 7956 --a------ C:\WINDOWS\system32\wvjheosn.dll
2008-02-10 13:32 7948 --a------ C:\WINDOWS\system32\fimnjurw.dll
2008-02-10 09:24 7948 --a------ C:\WINDOWS\system32\kmfftbav.dll
2008-02-10 08:53 7956 --a------ C:\WINDOWS\system32\rsvpnafp.dll
2008-02-10 08:39 7948 --a------ C:\WINDOWS\system32\ytlmmnfn.dll
2008-02-10 08:27 7956 --a------ C:\WINDOWS\system32\lakdbqsd.dll
2008-02-09 13:19 7948 --a------ C:\WINDOWS\system32\ssoiseqw.dll
2008-02-09 13:17 7956 --a------ C:\WINDOWS\system32\pcgagyku.dll
2008-02-09 10:38 7948 --a------ C:\WINDOWS\system32\wdfgykjh.dll
2008-02-09 10:36 7956 --a------ C:\WINDOWS\system32\akdkhxde.dll
2008-02-08 21:57 7948 --a------ C:\WINDOWS\system32\pcajlrlj.dll
2008-02-08 21:54 7956 --a------ C:\WINDOWS\system32\aulqbmyo.dll
2008-02-08 21:52 7956 --a------ C:\WINDOWS\system32\cgvhdkiv.dll
2008-02-08 17:25 7948 --a------ C:\WINDOWS\system32\wummhlsm.dll
2008-02-08 17:23 7956 --a------ C:\WINDOWS\system32\aqkjnlgc.dll
2008-02-08 17:20 7956 --a------ C:\WINDOWS\system32\sbrloxpj.dll
2008-02-07 19:38 7948 --a------ C:\WINDOWS\system32\eukjvxra.dll
2008-02-07 19:35 7956 --a------ C:\WINDOWS\system32\vswdmdco.dll
2008-02-07 19:01 7948 --a------ C:\WINDOWS\system32\ojypcxrj.dll
2008-02-07 19:00 7956 --a------ C:\WINDOWS\system32\asgesbqe.dll
2008-02-06 21:23 7948 --a------ C:\WINDOWS\system32\soagsrys.dll
2008-02-06 21:20 7956 --a------ C:\WINDOWS\system32\clxaxbpg.dll
2008-02-04 18:23 693792 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
2008-02-02 22:01 6522 --ahs---- C:\WINDOWS\system32\xyadd.bak1
2008-01-10 22:53 44544 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2860C741-8F63-45DA-B029-2B4B148AC499}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2d9ba75-b7a8-4ebe-80d2-2f64b9385cda}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7D44AAE-3401-402C-98AD-54BCEEF5DC80}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DXDllRegExe"="dxdllreg.exe" []
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-22 23:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-23 21:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-04-18 21:15]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-08-20 11:58]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 11:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Auf"="C:\Documents and Settings\My Name\My Documents\??sembly\w?nspool.exe" []
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-12-28 23:53]

C:\Documents and Settings\My Name\Start Menu\Programs\Startup\
DESKTOP.INI [2007-09-02 20:48:23]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
DESKTOP.INI [2007-09-02 20:48:23]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-02-06 19:00:36]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-16 11:01:02]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjgdc]
mljjgdc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqqr]
rqrrqqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuts]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ddayx

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R1 ati1rvxxx;ati1rvxxx;C:\WINDOWS\system32\drivers\ati1rvxxx.sys
R2 CSS DVP;CSS DVP;C:\WINDOWS\system32\DRIVERS\css-dvp.sys
R2 GRTdiMon;GR TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys
R2 tmpreflt;tmpreflt;C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
S1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
S3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
S3 EL90X;3Com EtherLink XL 90X Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys
S3 pmxscan;Memorex USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe

*Newly Created Service* - SBAPIFS

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 20:24:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-04-08 20:38:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-04-08 20:38
C:\ComboFix2.txt ... 2008-03-26 21:11
C:\ComboFix3.txt ... 2007-08-16 19:04

--- E O F ---

Please advise me in what should be my next step?
Thanks again,
SlipSlidenAway
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top