hello micky,
I did not find the items:
O4 - HKLM..\Policies\Explorer\Run: [ComRepl] C:\WINDOWS\comrepl.exe /waitservice
O4 - HKCU..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\Owner\APPLIC~1\MICROS~1\esentutl.exe /waitservice
maybe MBAM deleted these items. when I rebooted, I got messeges that the computer can’t find them.
I didn’t understand:
Also send this file to virus total and post the results, smartip094.dll in C:\Program Files\tgo\smartip094.dll
I did what you have told me:
ran SAS and MBAM and did ripair then ran HJT. the logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/06/2009 at 07:13 PM
Application Version : 4.26.1006
Core Rules Database Version : 3972
Trace Rules Database Version: 1912
Scan type : Quick Scan
Total Scan Time : 00:37:45
Memory items scanned : 486
Memory threats detected : 1
Registry items scanned : 461
Registry threats detected : 6
File items scanned : 8878
File threats detected : 9
Trojan.Rbot-Variant
C:\WINDOWS\SYSTEM32\DRIVERS\ESENTUTL.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\ESENTUTL.EXE
[Esent Utl] C:\WINDOWS\SYSTEM32\DRIVERS\ESENTUTL.EXE
[Spool] C:\WINDOWS\SYSTEM32\DRIVERS\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\SPOOLSV.EXE
[Logman] C:\WINDOWS\LOGMAN.EXE
C:\WINDOWS\LOGMAN.EXE
[MqtgSVC] C:\WINDOWS\SYSTEM\MQTGSVC.EXE
C:\WINDOWS\SYSTEM\MQTGSVC.EXE
[Logman] C:\WINDOWS\LOGMAN.EXE
[load] C:\DOCUME~1\OWNER\APPLIC~1\CLIPSRV.EXE
C:\DOCUME~1\OWNER\APPLIC~1\CLIPSRV.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\CLIPSRV.EXE
C:\WINDOWS\SYSTEM\CLIPSRV.EXE
C:\WINDOWS\SYSTEM\CMSTP.EXE
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Malwarebytes’ Anti-Malware 1.38
Database version: 2379
Windows 5.1.2600 Service Pack 3
06/07/2009 19:01:04
mbam-log-2009-07-06 (19-01-04).txt
Scan type: Quick Scan
Objects scanned: 87135
Time elapsed: 12 minute(s), 38 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
C:\WINDOWS\system32\drivers\esentutl.exe (Trojan.Agent) → Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Backdoor.Bot) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) → Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\spoolsv.exe (Backdoor.Bot) → Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\esentutl.exe (Trojan.Agent) → Quarantined and deleted successfully.
C:\WINDOWS\system\mqtgsvc.exe (Trojan.Agent) → Quarantined and deleted successfully.
cont. on next post