Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Pending] WORM and Trojan, bad case, to scared to do internet banking now..

[Fixed] Hijackthis! Logs - [Pending] WORM and Trojan, bad case, to scared to do internet banking now.. posted in the Security & Safety forums; poep[1].exe keeps coming up through pccillin and PAK.generic001 and WORMgurm or something. anyway below is my hijack this log please tell me what I can do to fix this problem. ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 09-05-2007
ange1os's Avatar
Bronze Member
  
Join Date: Jun 2007
Posts: 7
ange1os - See this Members User comments on their Profile page
Default [Pending] WORM and Trojan, bad case, to scared to do internet banking now..
poep[1].exe keeps coming up through pccillin and PAK.generic001 and WORMgurm or something. anyway below is my hijack this log please tell me what I can do to fix this problem.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:12 AM, on 5/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
F:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
F:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\FixCamera.exe
F:\WINDOWS\tsnp2std.exe
F:\WINDOWS\vsnp2std.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
F:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\WINDOWS\system32\rundll32.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\MSN Messenger\msgs.exe
F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ninemsn Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ninemsn Search:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = ninemsn Search:
O1 - Hosts: 200.124.131.116 casinocontroller.com
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SystemRestoreStatus] rundll32.exe "F:\WINDOWS\system32\fleuuwlo.dll",sitypnow
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: gwum.lnk = F:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Last.fm Helper.lnk = F:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?497c5f7a51414454982199e9d74700a5
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?497c5f7a51414454982199e9d74700a5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - F:\Documents and Settings\home\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - F:\Documents and Settings\home\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - F:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - F:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - F:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1181813118562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1181815157125
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - F:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7914 bytes
  #2  
Old 09-05-2007
madmatt2006's Avatar
PC Dinosaur
  
Join Date: Dec 2006
Location: Shepparton
Posts: 2,587
PC Experience: Elite PC Guru
madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page madmatt2006 - See this Members User comments on their Profile page
Default Re: WORM and Trojan, bad case, to scared to do internet banking now..
HI did you follow the steps here http://www.pchelpforum.com/hijackthi...a-prework.html this must be done befroe posting your log


  #3  
Old 09-05-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,846
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: WORM and Trojan, bad case, to scared to do internet banking now..
Do the Prework first, then follow the instructions below...

Download the OTMoveIt by OldTimer
.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it
    .
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    F:\WINDOWS\system32\fleuuwlo.dll
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========================================

Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.


Post a new HJT log when done....


__________________
  • An Australian Member of
  • and
My real name is Eddy
Last edited by chiaz; 09-05-2007 at 10:02 AM.

Reply
New! Norton Internet Security 2008 – Download Now Click Here

Bookmarks

« [Pending] Computer really slow | [Fixed] pls help me. my pc is slow performing »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 02:36 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top