Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected W/winantivirus


  • Please log in to reply
5 replies to this topic

#1 jankali

jankali

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 13 October 2006 - 10:09 AM

Hello! Zone Alarm has alerted me that I am infected w/the Win32Darksma.J virus. It is unable to remove them from my computer. I'm running Windows XP Pro. I did run Combo Fix and got these results:
ComboFix 06.10.12 - Running from: "C:\Documents and Settings\Jan\Desktop"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\corey\Application Data\Dxccwrd.dll
C:\Documents and Settings\corey\Application Data\Dxcknwrd.dll
C:\Documents and Settings\corey\Application Data\Dxcuknwrd.dll
C:\Documents and Settings\Jan\Application Data\Dxccwrd.dll
C:\Documents and Settings\Jan\Application Data\Dxcdmns.dll
C:\Documents and Settings\Jan\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Jan\Application Data\Dxcuknwrd.dll
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Deskbar


((((((((((((((((((((((((((((((( Files Created from 2006-09-13 to 2006-10-13 ))))))))))))))))))))))))))))))))))


2006-10-13 07:06 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-13 07:06 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-13 07:06 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-13 07:06 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-13 07:05 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-12 15:40 77,824 --a------ C:\WINDOWS\system32\driverif.dll
2006-10-12 15:40 75,776 --a------ C:\WINDOWS\zllsputility.exe
2006-10-12 15:40 733,236 --a------ C:\WINDOWS\system32\vete.dll
2006-10-12 15:40 541,733 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-12 15:40 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-10-12 15:40 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-10-12 15:40 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2006-10-12 15:40 108,453 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-10-12 08:40 98,324 --a------ C:\WINDOWS\system32\bmiqrehm.dll
2006-10-10 21:51 57,344 --a------ C:\WINDOWS\system32\COMMTB32.DLL
2006-10-10 21:51 169,984 --a------ C:\WINDOWS\system32\P2D.DLL
2006-10-10 21:51 161,552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL
2006-10-09 21:38 846,864 ---hs---- C:\WINDOWS\system32\ehkmp.ini2
2006-10-07 09:27 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-07 09:18 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-29 07:59 1,233 --a------ C:\WINDOWS\system32\jpn175fc.sys
2006-09-28 17:13 73,748 --a------ C:\WINDOWS\system32\eubwdgrd.dll
2006-09-27 07:13 902,465 ---hs---- C:\WINDOWS\system32\ehkmp.bak2
2006-09-26 07:12 902,754 ---hs---- C:\WINDOWS\system32\ehkmp.bak1
2006-09-26 07:12 577,588 ---hs---- C:\WINDOWS\system32\pmkhe.dll
2006-09-26 07:12 143,380 --a------ C:\WINDOWS\system32\oeyfoqbj.exe
2006-09-25 22:04 589,876 ---hs---- C:\WINDOWS\system32\ddccb.dll
2006-09-25 21:58 589,876 ---hs---- C:\WINDOWS\system32\ddcyx.dll
2006-09-25 21:53 589,876 ---hs---- C:\WINDOWS\system32\jkhff.dll
2006-09-25 21:47 589,876 ---hs---- C:\WINDOWS\system32\gebyv.dll
2006-09-25 21:41 589,876 ---hs---- C:\WINDOWS\system32\jkkjh.dll
2006-09-25 21:30 589,876 ---hs---- C:\WINDOWS\system32\ddabb.dll
2006-09-25 21:24 589,876 ---hs---- C:\WINDOWS\system32\ddabc.dll
2006-09-25 21:19 589,876 ---hs---- C:\WINDOWS\system32\ssttt.dll
2006-09-25 21:13 589,876 ---hs---- C:\WINDOWS\system32\vturo.dll
2006-09-25 21:07 589,876 ---hs---- C:\WINDOWS\system32\geedd.dll
2006-09-25 20:56 589,876 ---hs---- C:\WINDOWS\system32\gebcd.dll
2006-09-25 20:51 589,876 ---hs---- C:\WINDOWS\system32\pmkjj.dll
2006-09-25 20:46 589,876 ---hs---- C:\WINDOWS\system32\vtutq.dll
2006-09-25 20:30 589,876 ---hs---- C:\WINDOWS\system32\geeda.dll
2006-09-25 20:25 589,876 ---hs---- C:\WINDOWS\system32\ddabx.dll
2006-09-25 20:19 589,876 ---hs---- C:\WINDOWS\system32\jkhfc.dll
2006-09-25 20:14 589,876 ---hs---- C:\WINDOWS\system32\awvvs.dll
2006-09-25 20:08 589,876 ---hs---- C:\WINDOWS\system32\mljgf.dll
2006-09-25 20:03 589,876 ---hs---- C:\WINDOWS\system32\jkklj.dll
2006-09-21 16:42 618,328 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-13 09:03 -------- d-a------ C:\Program Files\Common Files
2006-10-13 07:06 -------- d-------- C:\Documents and Settings\Jan\Application Data\AVG7
2006-10-13 07:05 -------- d---s---- C:\Documents and Settings\Jan\Application Data\Microsoft
2006-10-13 07:05 -------- d-------- C:\Program Files\Grisoft
2006-10-12 15:52 -------- d-------- C:\Documents and Settings\Jan\Application Data\MailFrontier
2006-10-12 15:40 -------- d-------- C:\Program Files\Zone Labs
2006-10-12 13:02 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-12 11:13 -------- d-------- C:\Program Files\Java
2006-10-12 11:11 -------- d-------- C:\Program Files\Common Files\Java
2006-10-12 11:04 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-12 10:46 -------- d-------- C:\Program Files\Windows Installer Clean Up
2006-10-12 10:45 -------- d-------- C:\Program Files\MSECACHE
2006-10-12 08:36 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-12 08:31 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-12 07:50 -------- d-------- C:\Documents and Settings\Jan\Application Data\Windows Live Safety Center
2006-10-11 07:44 -------- d-------- C:\Program Files\PC MightyMax
2006-10-10 21:51 -------- d-------- C:\Program Files\ActiveX Control Pad
2006-10-10 20:14 -------- d-------- C:\Program Files\QuickTime
2006-10-10 20:12 -------- d-------- C:\Program Files\iTunes
2006-10-10 20:11 -------- d-------- C:\Program Files\Internet Explorer
2006-10-09 21:40 -------- d-------- C:\Documents and Settings\Jan\Application Data\Logs
2006-10-08 11:13 -------- d-------- C:\Documents and Settings\Jan\Application Data\Registry Booster
2006-10-08 11:00 -------- d-------- C:\Program Files\Outlook Express
2006-10-08 11:00 -------- d-------- C:\Program Files\Common Files\System
2006-10-08 11:00 -------- d-------- C:\Program Files\Common Files\Services
2006-10-08 09:37 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-07 18:03 -------- d-------- C:\Documents and Settings\Jan\Application Data\MSN6
2006-10-07 09:18 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-10-06 23:32 -------- d-------- C:\Program Files\Microsoft Baseline Security Analyzer
2006-09-29 08:49 -------- d-------- C:\Program Files\Motive
2006-09-29 08:48 -------- d-------- C:\Program Files\Common Files\Motive
2006-09-29 08:36 -------- d-------- C:\Documents and Settings\Jan\Application Data\Mozilla
2006-09-29 07:58 -------- d-------- C:\Documents and Settings\Jan\Application Data\Symantec
2006-09-27 07:39 -------- d-------- C:\Program Files\Viewpoint
2006-09-27 07:37 -------- d-------- C:\Program Files\Trend Micro
2006-09-27 07:27 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-27 07:27 -------- d-------- C:\Program Files\iPod
2006-09-27 07:25 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-19 20:32 -------- d-------- C:\Documents and Settings\Jan\Application Data\Sun
2006-09-19 19:59 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-08-16 13:20 -------- d-------- C:\Program Files\Google
2006-07-13 18:53 8464 --a------ C:\WINDOWS\system32\sporder.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"PopUpStopperFreeEdition"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"USRpdA"="C:\\WINDOWS\\SYSTEM32\\USRmlnkA.exe RunServices \\Device\\3cpipe-USRpdA"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1154058123\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,90,01,00,00,00,00,00,00,90,01,00,00,36,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,90,01,00,00,00,00,00,00,90,01,00,00,36,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"msnmsgr"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"msnmsgr"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableCAD"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-10-13 10:52:19.35
ComboFix.txt
combofix2.txt
combofix3.txt

Can anyone help me w/the next step?
I will post the HJT log in that forum. Thanks, Jan

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:45 PM

Posted 13 October 2006 - 11:37 AM

Hey there Jan, welcome to BleepingComputer.

I can see from the Combofix log that you have a Vundo infection.

Please read the selfhelp instructions which can be found here. Please use those instructions as a guide to removing Vundo from your computer. If you are not happy doing it by yourself and would like 1 to 1 help, or cannot remove the program using the self-help guide please reply and we can consider the options possible.

#3 jankali

jankali
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 13 October 2006 - 02:28 PM

Hello again. I ran the Vundofix and then removed the Vundo. Here is my new combofix report. How's it look? Thanks again!
ComboFix 06.10.12 - Running from: "C:\Documents and Settings\Jan\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-13 to 2006-10-13 ))))))))))))))))))))))))))))))))))


2006-10-13 07:06 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-13 07:06 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-13 07:06 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-13 07:06 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-13 07:05 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-12 15:40 77,824 --a------ C:\WINDOWS\system32\driverif.dll
2006-10-12 15:40 75,776 --a------ C:\WINDOWS\zllsputility.exe
2006-10-12 15:40 733,236 --a------ C:\WINDOWS\system32\vete.dll
2006-10-12 15:40 541,733 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-10-12 15:40 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2006-10-12 15:40 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2006-10-12 15:40 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2006-10-12 15:40 108,453 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-10-10 21:51 57,344 --a------ C:\WINDOWS\system32\COMMTB32.DLL
2006-10-10 21:51 169,984 --a------ C:\WINDOWS\system32\P2D.DLL
2006-10-10 21:51 161,552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL
2006-10-07 09:27 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-07 09:18 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-29 07:59 1,233 --a------ C:\WINDOWS\system32\jpn175fc.sys
2006-09-21 16:42 618,328 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required
Rootkit driver msguard is present. A rootkit scan is required
Rootkit driver lzx32 is present. A rootkit scan is required

2006-10-13 09:03 -------- d-a------ C:\Program Files\Common Files
2006-10-13 07:06 -------- d-------- C:\Documents and Settings\Jan\Application Data\AVG7
2006-10-13 07:05 -------- d---s---- C:\Documents and Settings\Jan\Application Data\Microsoft
2006-10-13 07:05 -------- d-------- C:\Program Files\Grisoft
2006-10-12 15:52 -------- d-------- C:\Documents and Settings\Jan\Application Data\MailFrontier
2006-10-12 15:40 -------- d-------- C:\Program Files\Zone Labs
2006-10-12 13:02 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-12 11:13 -------- d-------- C:\Program Files\Java
2006-10-12 11:11 -------- d-------- C:\Program Files\Common Files\Java
2006-10-12 11:04 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-12 10:46 -------- d-------- C:\Program Files\Windows Installer Clean Up
2006-10-12 10:45 -------- d-------- C:\Program Files\MSECACHE
2006-10-12 08:36 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-12 08:31 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-12 07:50 -------- d-------- C:\Documents and Settings\Jan\Application Data\Windows Live Safety Center
2006-10-11 07:44 -------- d-------- C:\Program Files\PC MightyMax
2006-10-10 21:51 -------- d-------- C:\Program Files\ActiveX Control Pad
2006-10-10 20:14 -------- d-------- C:\Program Files\QuickTime
2006-10-10 20:12 -------- d-------- C:\Program Files\iTunes
2006-10-10 20:11 -------- d-------- C:\Program Files\Internet Explorer
2006-10-09 21:40 -------- d-------- C:\Documents and Settings\Jan\Application Data\Logs
2006-10-08 11:13 -------- d-------- C:\Documents and Settings\Jan\Application Data\Registry Booster
2006-10-08 11:00 -------- d-------- C:\Program Files\Outlook Express
2006-10-08 11:00 -------- d-------- C:\Program Files\Common Files\System
2006-10-08 11:00 -------- d-------- C:\Program Files\Common Files\Services
2006-10-08 09:37 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-07 18:03 -------- d-------- C:\Documents and Settings\Jan\Application Data\MSN6
2006-10-07 09:18 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-10-06 23:32 -------- d-------- C:\Program Files\Microsoft Baseline Security Analyzer
2006-09-29 08:49 -------- d-------- C:\Program Files\Motive
2006-09-29 08:48 -------- d-------- C:\Program Files\Common Files\Motive
2006-09-29 08:36 -------- d-------- C:\Documents and Settings\Jan\Application Data\Mozilla
2006-09-29 07:58 -------- d-------- C:\Documents and Settings\Jan\Application Data\Symantec
2006-09-27 07:39 -------- d-------- C:\Program Files\Viewpoint
2006-09-27 07:37 -------- d-------- C:\Program Files\Trend Micro
2006-09-27 07:27 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-27 07:27 -------- d-------- C:\Program Files\iPod
2006-09-27 07:25 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-19 20:32 -------- d-------- C:\Documents and Settings\Jan\Application Data\Sun
2006-09-19 19:59 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2006-08-16 13:20 -------- d-------- C:\Program Files\Google
2006-07-13 18:53 8464 --a------ C:\WINDOWS\system32\sporder.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"PopUpStopperFreeEdition"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"USRpdA"="C:\\WINDOWS\\SYSTEM32\\USRmlnkA.exe RunServices \\Device\\3cpipe-USRpdA"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1154058123\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,90,01,00,00,00,00,00,00,90,01,00,00,36,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,90,01,00,00,00,00,00,00,90,01,00,00,36,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"msnmsgr"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe\" -quiet"
"msnmsgr"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe /background"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableCAD"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-10-13 15:23:18.56
ComboFix.txt
combofix2.txt
combofix3.txt

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:45 PM

Posted 13 October 2006 - 02:36 PM

I see some very nasty threats in this log, and some rootkits have been flagged.

I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem. As the guide says, after you have completed the scans that are recommended, please post your HijackThis log in a new topic in the forum found here. Please add your system infomation and also what problems you are having.

Please be patient, and a HJT team member will help you to clean up your system.

#5 jankali

jankali
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 13 October 2006 - 09:23 PM

Ok, thanks for all of your help. I took all of the steps reccomended and posted my HJT log in that forum. All my scans said I was clean...crossing my fingers! Thanks again! Jan

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:45 PM

Posted 14 October 2006 - 09:38 AM

Ok, good luck with the Hijackthis log. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users