Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log- Continued from Am I Infected forum


  • This topic is locked This topic is locked
4 replies to this topic

#1 meadams314

meadams314

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 14 February 2009 - 12:20 PM

This is continued from the Am I Infected forum- I was referred here and suggested that I post a HJT log... here is a link to the other discussion for info on what was already discussed.. Am I Infected forum discussion

DDS Log-


DDS (Ver_09-02-01.01) - NTFSx86
Run by Matt Adams at 11:13:05.57 on Sat 02/14/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.541 [GMT -6:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
FW: Kaspersky Internet Security *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hawking\Common\RaUI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Matt Adams.MATT\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
{7e853d72-626a-48ec-a868-ba8d5e23e045}
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Absolute StartUp monitor] c:\program files\f-group\absolute startup\ASMon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Absolute StartUp monitor] c:\program files\f-group\absolute startup\ASMon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\mattad~1.mat\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hawkin~1.lnk - c:\program files\hawking\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\SOFTWARE
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\SOFTWARE\Classes
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\SOFTWARE\Classes\CLSID
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\SOFTWARE\Classes\CLSID
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}\ProgID
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\SOFTWARE
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\SOFTWARE\Classes
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\SOFTWARE\Classes\CLSID
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}\ProgID
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mattad~1.mat\applic~1\mozilla\firefox\profiles\wflvj99w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\documents and settings\matt adams.matt\application data\mozilla\firefox\profiles\wflvj99w.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-2-12 147984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-2-12 353680]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-1-16 664840]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-7-29 206088]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-1-16 894216]

=============== Created Last 30 ================

2009-02-12 16:50 72,592 a------- c:\windows\zllsputility.exe
2009-02-12 16:50 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-02-12 16:50 --d----- c:\program files\Zone Labs
2009-02-12 16:50 349,222 a------- c:\windows\system32\vsconfig.xml
2009-02-12 15:47 --d----- C:\ERunt
2009-02-12 15:39 --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-02-12 15:39 --d----- c:\program files\SUPERAntiSpyware
2009-02-12 15:39 --d----- c:\docume~1\mattad~1.mat\applic~1\SUPERAntiSpyware.com
2009-02-12 15:39 --d----- c:\program files\common files\Wise Installation Wizard
2009-02-12 11:36 --d----- c:\program files\Trend Micro
2009-02-10 16:14 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-02-10 16:13 --d----- c:\windows\ERUNT
2009-02-10 16:04 --d----- C:\SDFix
2009-02-10 15:21 --d----- c:\docume~1\mattad~1.mat\applic~1\Malwarebytes
2009-02-10 15:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-10 15:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 15:20 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 15:20 --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-02-10 15:12 -cd-h--- c:\docume~1\alluse~1.win\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-10 15:12 --d----- c:\program files\Lavasoft
2009-02-04 12:48 --d----- c:\program files\Kaspersky Lab
2009-02-04 12:48 --d----- c:\docume~1\alluse~1.win\applic~1\Kaspersky Lab
2009-02-02 18:12 --d----- c:\program files\PeerGuardian2
2009-01-28 17:09 --d----- c:\program files\Media Player Classic Home Theater
2009-01-27 21:24 356,096 a------- c:\windows\system32\drivers\rt61.sys
2009-01-27 21:24 311,296 a------- c:\windows\system32\AegisI5.exe
2009-01-27 21:24 243,328 a------- c:\windows\system32\drivers\RT2500.SYS
2009-01-27 21:24 81,920 a------- c:\windows\system32\Install6x.dll
2009-01-27 21:24 8,192 a------- c:\windows\system32\drivers\RT2661.bin
2009-01-27 21:24 8,192 a------- c:\windows\system32\drivers\RT2561s.bin
2009-01-27 21:24 8,192 a------- c:\windows\system32\drivers\RT2561.bin
2009-01-27 21:24 162 a------- c:\windows\filespec6x
2009-01-27 21:24 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-01-27 21:24 --d----- c:\program files\Hawking
2009-01-26 19:40 137,992 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-26 19:40 201,816 a------- c:\windows\system32\PnkBstrB.exe
2009-01-26 19:39 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-26 13:20 --d----- c:\program files\VideoLAN
2009-01-21 14:23 --d-h--- c:\windows\msdownld.tmp
2009-01-21 13:41 --d----- C:\Fallout 3

==================== Find3M ====================

2009-02-13 12:12 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-02-03 17:04 2,032,160 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-03 17:04 434,208 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-02-03 17:04 18,004 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-03 17:04 3,612 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-01-12 01:41 29,480 a------- c:\windows\system32\msxml3a.dll
2009-01-12 01:41 505,128 a------- c:\windows\system32\msvcp71.dll
2009-01-12 01:41 353,576 a------- c:\windows\system32\msvcr71.dll
2008-12-16 21:39 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS
2008-12-16 21:35 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-10 21:06 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-08 20:35 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-08 19:59 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-01 14:52 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2008-12-01 14:51 318,464 a------- c:\windows\system32\ati2dvag.dll
2008-12-01 14:46 11,304,960 a------- c:\windows\system32\atioglxx.dll
2008-12-01 14:41 188,416 a------- c:\windows\system32\atipdlxx.dll
2008-12-01 14:40 147,456 a------- c:\windows\system32\Oemdspif.dll
2008-12-01 14:40 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2008-12-01 14:40 43,520 a------- c:\windows\system32\ati2edxx.dll
2008-12-01 14:40 143,360 a------- c:\windows\system32\ati2evxx.dll
2008-12-01 14:38 598,016 a------- c:\windows\system32\ati2evxx.exe
2008-12-01 14:37 53,248 a------- c:\windows\system32\ATIDDC.DLL
2008-12-01 14:35 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-12-01 14:27 4,120,384 a------- c:\windows\system32\ati3duag.dll
2008-12-01 14:19 307,200 a------- c:\windows\system32\atiiiexx.dll
2008-12-01 14:11 2,495,360 a------- c:\windows\system32\ativvaxx.dll
2008-12-01 13:57 48,640 a------- c:\windows\system32\amdpcom32.dll
2008-12-01 13:53 401,408 a------- c:\windows\system32\atikvmag.dll
2008-12-01 13:53 45,056 a------- c:\windows\system32\amdcalrt.dll
2008-12-01 13:53 45,056 a------- c:\windows\system32\amdcalcl.dll
2008-12-01 13:52 86,016 a------- c:\windows\system32\atiadlxx.dll
2008-12-01 13:52 17,408 a------- c:\windows\system32\atitvo32.dll
2008-12-01 13:50 286,720 a------- c:\windows\system32\atiok3x2.dll
2008-12-01 13:50 3,252,224 a------- c:\windows\system32\Amdcaldd.dll
2008-12-01 13:45 577,536 a------- c:\windows\system32\ati2cqag.dll
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe

============= FINISH: 11:13:19.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 meadams314

meadams314
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 14 February 2009 - 12:50 PM

Basically, the long and short of it is this- Antivirus/Anti Malware programs will not update. Communication with all tested antivirus update servers is blocked, kaspersky will not run anymore- I've tried Adaware, Super Anti Spyware, Smitfraud Fix, SDFix, Malwarebytes, Zone Alarm, and Kaspersky none of which worked. Several found DNS changer trojans and removed them, but still having problems. Also my system clock is now in 24 hour format, and I've developed a long lag period when loading windows during which explorer will sometimes crash.

Help would be immensely appreciated, thanks in advance!

#3 meadams314

meadams314
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 14 February 2009 - 05:36 PM

Tried completely uninstalling kaspersky, then re-installing.. still no luck. I'm tempted to back up my stuff and just do a full format...

#4 meadams314

meadams314
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 February 2009 - 12:50 PM

Nevermind. I went ahead and downloaded/ran combofix which cleared up several rootkit items, and kaspersky was able to run/update again and cleared up 14 more infected items.... PC seems to be running normally again except for the clock still being in 24 hour format.

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:28 AM

Posted 18 February 2009 - 07:24 PM

Windows XP - Change the system time from 24 hour to 12 hour!
http://www.pixel2life.com/publish/tutorial...our_to_12_hour/


Thanks for informing us.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users