Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantivirus Infection


  • Please log in to reply
3 replies to this topic

#1 INYH

INYH

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 02 October 2006 - 08:27 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:19:55 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
F:\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jeremy Weyrauch\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 October 2006 - 04:41 AM

Hi INYH and Welcome to the Bleeping Computer!


Please download Combofix to your desktop.
http://download.bleepingcomputer.com/sUBs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.

#3 INYH

INYH
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 05 October 2006 - 10:03 PM

Thank you for the quick reply. Here you go and thank you for the help as well:

06-10-05 19:59:30.74 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ismini.exe
C:\Program Files\Common Files\{548AA36E-07D9-1033-0529-060726060001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to 2006-10-05 ))))))))))))))))))))))))))))))))))


2006-10-03 18:13 86,036 --a------ C:\WINDOWS\system32\wugdqrbm.dll
2006-10-02 18:57 884,805 ---hs---- C:\WINDOWS\system32\ddeeg.ini2
2006-09-20 22:16 86,068 --a------ C:\WINDOWS\system32\lspcsbks.dll
2006-09-19 18:09 86,068 --a------ C:\WINDOWS\system32\hcqiouxo.dll
2006-09-18 18:09 86,068 --a------ C:\WINDOWS\system32\amoqplaj.dll
2006-09-16 19:29 857,270 ---hs---- C:\WINDOWS\system32\ddeeg.bak2
2006-09-15 19:29 869,566 ---hs---- C:\WINDOWS\system32\ddeeg.bak1
2006-09-15 19:29 577,588 ---hs---- C:\WINDOWS\system32\geedd.dll
2006-09-15 19:06 40,973 ---hs---- C:\WINDOWS\system32\urqrron.dll
2006-09-07 20:05 94,208 --a------ C:\WINDOWS\system32\ippcv11.dll
2006-09-07 20:05 77,824 --a------ C:\WINDOWS\system32\ippsr11.dll
2006-09-07 20:05 65,536 --a------ C:\WINDOWS\system32\ippj11.dll
2006-09-07 20:05 466,944 --a------ C:\WINDOWS\system32\ippcvw711.dll
2006-09-07 20:05 40,960 --a------ C:\WINDOWS\system32\IPPCPUID.DLL
2006-09-07 20:05 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-07 20:05 266,240 --a------ C:\WINDOWS\system32\ippsrw711.dll
2006-09-07 20:05 225,280 --a------ C:\WINDOWS\system32\ippi11.dll
2006-09-07 20:05 2,592,768 --a------ C:\WINDOWS\system32\ippiw711.dll
2006-09-07 20:05 176,128 --a------ C:\WINDOWS\system32\ipps11.dll
2006-09-07 20:05 159,744 --a------ C:\WINDOWS\system32\ippjw711.dll
2006-09-07 20:05 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2006-09-07 20:05 1,589,248 --a------ C:\WINDOWS\system32\ippsw711.dll
2006-09-07 19:56 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-07 19:54 983,092 --a------ C:\WINDOWS\system32\lxcigf.dll
2006-09-07 19:54 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2006-09-07 19:54 86,016 --a------ C:\WINDOWS\system32\lxcicub.dll
2006-09-07 19:54 770,048 --a------ C:\WINDOWS\system32\lxcihbn3.dll
2006-09-07 19:54 73,728 --a------ C:\WINDOWS\system32\lxcicu.dll
2006-09-07 19:54 704,512 --a------ C:\WINDOWS\system32\lxcicomc.dll
2006-09-07 19:54 69,632 --a------ C:\WINDOWS\system32\lxcicfg.dll
2006-09-07 19:54 630,784 --a------ C:\WINDOWS\system32\lxcipmui.dll
2006-09-07 19:54 491,520 --a------ C:\WINDOWS\system32\lxcilmpm.dll
2006-09-07 19:54 491,520 --a------ C:\WINDOWS\system32\lxcicoms.exe
2006-09-07 19:54 430,080 --a------ C:\WINDOWS\system32\lxciutil.dll
2006-09-07 19:54 413,696 --a------ C:\WINDOWS\system32\lxcicomm.dll
2006-09-07 19:54 40,960 -ra------ C:\WINDOWS\system32\lxcivs.dll
2006-09-07 19:54 372,736 --a------ C:\WINDOWS\system32\lxciih.exe
2006-09-07 19:54 368,640 --a------ C:\WINDOWS\system32\lxcicfg.exe
2006-09-07 19:54 36,864 --a------ C:\WINDOWS\system32\lxcicur.dll
2006-09-07 19:54 196,608 --a------ C:\WINDOWS\system32\lxciinsb.dll
2006-09-07 19:54 155,648 --a------ C:\WINDOWS\system32\lxciprox.dll
2006-09-07 19:54 155,648 --a------ C:\WINDOWS\system32\lxciins.dll
2006-09-07 19:54 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-07 19:54 126,976 --a------ C:\WINDOWS\system32\lxcijswr.dll
2006-09-07 19:54 114,688 --a------ C:\WINDOWS\system32\lxcipplc.dll
2006-09-07 19:54 106,496 --a------ C:\WINDOWS\system32\lxciinsr.dll
2006-09-07 19:54 1,183,744 --a------ C:\WINDOWS\system32\lxciserv.dll
2006-09-07 19:54 1,122,304 --a------ C:\WINDOWS\system32\lxciusb1.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-05 19:59 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-05 19:59 -------- d-------- C:\Program Files\Common Files
2006-10-04 18:46 -------- d-------- C:\Program Files\Lx_cats
2006-10-03 19:09 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\CrystalSpace
2006-10-03 19:09 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\CrystalApp
2006-10-02 18:10 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Lavasoft
2006-10-02 17:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 17:54 -------- d-------- C:\Program Files\Lexmark Applications
2006-10-01 19:34 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\uTorrent
2006-09-28 18:01 -------- d---s---- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Microsoft
2006-09-22 18:51 -------- d-------- C:\Program Files\Simpsons Jeopardy!
2006-09-19 19:15 -------- d-------- C:\Program Files\Trend Micro
2006-09-14 02:27 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-13 19:52 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\AdobeUM
2006-09-10 20:37 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Adobe
2006-09-10 10:05 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Skype
2006-09-07 21:04 -------- d-------- C:\Program Files\Lexmark 7300 Series
2006-09-07 20:19 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\NewSoft
2006-09-07 20:02 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Help
2006-09-06 20:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-09-06 20:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-09-06 20:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-09-04 22:14 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Media Player Classic
2006-09-04 22:12 -------- d-------- C:\Program Files\Combined Community Codec Pack
2006-09-03 11:02 -------- d-------- C:\Program Files\Skype
2006-09-03 10:54 -------- d-------- C:\Program Files\Yahoo!
2006-08-31 21:41 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-31 19:12 -------- d-------- C:\Program Files\XP Codec Pack
2006-08-31 19:04 -------- d-------- C:\Program Files\PowerISO
2006-08-31 18:19 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-31 18:17 96256 --a------ C:\WINDOWS\system32\drivers\sptd2317.sys
2006-08-31 18:17 664064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-08-31 18:12 -------- d-------- C:\Program Files\WinRAR
2006-08-31 18:09 -------- d-------- C:\Program Files\UltraISO
2006-08-31 18:08 -------- d-------- C:\Program Files\Common Files\EZB Systems
2006-08-31 10:42 -------- d-------- C:\Program Files\MSN Messenger
2006-08-30 16:00 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Sun
2006-08-29 20:56 -------- d-------- C:\Program Files\Intuit
2006-08-29 20:52 -------- d-------- C:\Program Files\Common Files\Intuit
2006-08-29 20:47 -------- d-------- C:\Program Files\Microsoft Encarta
2006-08-29 20:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-29 20:24 -------- d-------- C:\Program Files\Microsoft Office
2006-08-29 20:24 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-29 20:24 -------- d-------- C:\Program Files\Common Files\System
2006-08-29 20:24 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-26 20:31 -------- d-------- C:\Program Files\Ahead
2006-08-26 20:30 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-08-26 20:29 -------- d-------- C:\Program Files\Common Files\Nero
2006-08-26 20:29 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-26 20:24 -------- d-------- C:\Program Files\ImgBurn
2006-08-26 20:21 -------- d-------- C:\Program Files\DVD Shrink
2006-08-26 20:16 873 --a------ C:\Documents and Settings\Jeremy Weyrauch\Application Data\AdobeDLM.log
2006-08-26 20:16 0 --a------ C:\Documents and Settings\Jeremy Weyrauch\Application Data\dm.ini
2006-08-26 20:16 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-26 20:16 -------- d-------- C:\Program Files\Adobe
2006-08-26 19:50 -------- d-------- C:\Program Files\Veo Digital Studio
2006-08-26 19:49 -------- d-------- C:\Program Files\Veo Connect
2006-08-25 21:07 -------- d-------- C:\Program Files\Messenger
2006-08-24 22:01 68224 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2006-08-24 22:01 101376 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2006-08-24 21:15 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-24 21:01 -------- d-------- C:\Program Files\GameShadow
2006-08-24 20:56 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Macromedia
2006-08-24 19:24 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Mozilla
2006-08-24 19:07 -------- d-------- C:\Program Files\Malicious Software Removal Tool
2006-08-24 19:07 -------- d-------- C:\Program Files\Internet Explorer
2006-08-24 19:06 -------- d-------- C:\Program Files\Java
2006-08-24 19:06 -------- d-------- C:\Program Files\Common Files\Java
2006-08-24 19:04 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-24 19:02 -------- d-------- C:\Program Files\Outlook Express
2006-08-24 19:00 -------- d-------- C:\Program Files\Microsoft
2006-08-24 18:59 -------- d-------- C:\Program Files\Windows Media Player
2006-08-24 18:58 -------- d-------- C:\Program Files\Pro Imaging Powertoys
2006-08-24 18:52 -------- d-------- C:\Program Files\Windows Journal Viewer
2006-08-24 18:50 -------- d-------- C:\Program Files\HighMAT CD Writing Wizard
2006-08-24 18:49 -------- d-------- C:\Program Files\Adaptec ASPI
2006-08-24 18:48 -------- d-------- C:\Program Files\AutoPatcher
2006-08-24 18:42 -------- d-------- C:\Program Files\ASUS
2006-08-24 18:38 -------- d-------- C:\Program Files\Analog Devices
2006-08-24 18:37 -------- d-------- C:\Program Files\AMD
2006-08-24 18:36 21035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-08-24 18:36 -------- d-------- C:\Program Files\ASUS WiFi-AP Solo
2006-08-24 18:18 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-24 18:18 -------- d-------- C:\Documents and Settings\Jeremy Weyrauch\Application Data\Identities
2006-08-24 18:11 -------- d-------- C:\Program Files\xerox
2006-08-24 18:11 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-24 18:10 0 -rahs---- C:\MSDOS.SYS
2006-08-24 18:10 0 -rahs---- C:\IO.SYS
2006-08-24 18:10 0 --a------ C:\CONFIG.SYS
2006-08-24 18:10 0 --a------ C:\AUTOEXEC.BAT
2006-08-24 18:09 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-24 18:09 -------- d-------- C:\Program Files\NetMeeting
2006-08-24 18:09 -------- d-------- C:\Program Files\Movie Maker
2006-08-24 18:09 -------- d-------- C:\Program Files\Common Files\Services
2006-08-24 18:09 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-24 18:08 -------- d-------- C:\Program Files\Online Services
2006-08-24 18:08 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-24 18:08 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-24 18:07 -------- d-------- C:\Program Files\Windows NT
2006-08-24 18:07 -------- d-------- C:\Program Files\MSN
2006-08-24 11:02 62 --ahs---- C:\Documents and Settings\Jeremy Weyrauch\Application Data\desktop.ini
2006-08-24 11:02 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-24 11:02 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-08 17:38 16384 --a------ C:\WINDOWS\system32\ac3config.exe
2006-08-07 00:16 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 05:36 331776 --a------ C:\WINDOWS\system32\wpdmtpdr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"lxcimon.exe"="\"C:\\Program Files\\Lexmark 7300 Series\\lxcimon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 7300 Series\\ezprint.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
"LXCICATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCItime.dll,_RunDLLEntry@16"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,b0,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnum32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Thu 10/05/2006 19:59:58.95
ComboFix.txt

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 October 2006 - 04:19 PM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users