Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Agent Winlogon Hook Problem


  • Please log in to reply
1 reply to this topic

#1 oki12345

oki12345

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:44 AM

Posted 11 November 2006 - 07:35 PM

I can't get rid of this virus it just keeps on coming back please help me i have put down the combofix and the hijackthis log ill b waiting for help i really need it :D




CompUSA - 06-11-12 1:09:11.76 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\CompUSA\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\CompUSA\My Documents\SSEMBL~1
C:\QooBox\Purity\Documents and Settings\CompUSA\My Documents\SSEMBL~1\?ssembly
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-12 to 2006-11-12 ))))))))))))))))))))))))))))))))))


2006-11-12 16:05 664,855 ---hs---- C:\WINDOWS\system32\dghhk.bak1
2006-11-12 01:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-11 20:34 94,208 --ah----- C:\WINDOWS\system32\China.dll
2006-11-09 20:23 28,672 --ah----- C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-11-08 22:04 692,276 ---h----- C:\WINDOWS\system32\khhgd.dll
2006-11-08 21:59 40,973 ---hs---- C:\WINDOWS\system32\hgggghe.dll
2006-11-07 17:00 606,911 ---hs---- C:\WINDOWS\system32\mmllm.ini2
2006-11-07 15:24 601,498 ---hs---- C:\WINDOWS\system32\mmllm.bak1
2006-11-05 14:10 601,426 ---hs---- C:\WINDOWS\system32\accdd.ini2
2006-11-04 19:55 121,856 ---h----- C:\WINDOWS\system32\xmllite.dll
2006-11-04 19:45 601,895 ---hs---- C:\WINDOWS\system32\accdd.bak2
2006-11-04 17:24 99,866 --ah----- C:\WINDOWS\system32\VB5DE.dll
2006-11-04 17:24 72,704 --a------ C:\WINDOWS\ST5UNST.EXE
2006-11-04 17:24 29,696 --ah----- C:\WINDOWS\system32\VB5StKit.dll
2006-11-04 13:12 601,168 ---hs---- C:\WINDOWS\system32\accdd.bak1
2006-11-04 12:48 40,973 ---hs---- C:\WINDOWS\system32\iifdcya.dll
2006-11-04 12:47 15,872 --ah----- C:\WINDOWS\system32\winmdw32.dll
2006-10-27 15:09 6,049,280 ---h----- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 ---h----- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 ---h----- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 ---h----- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 71,680 ---h----- C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 13,312 --ah----- C:\WINDOWS\system32\ieudinit.exe
2006-10-23 16:10 127,208 --ah----- C:\WINDOWS\system32\mucltui.dll
2006-10-22 01:46 15,440 --ah----- C:\WINDOWS\system32\drivers\hamachi.sys
2006-10-17 13:05 206,336 ---h----- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 ---h----- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 ---h----- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 ---h----- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 ---h----- C:\WINDOWS\system32\ieapfltr.dll
2006-10-15 21:07 221,184 --ah----- C:\WINDOWS\system32\wmpns.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-12 11:42 -------- d---s---- C:\Documents and Settings\CompUSA\Application Data\Microsoft
2006-11-12 01:05 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-12 01:03 -------- d-------- C:\Program Files\Grisoft
2006-11-12 00:35 -------- d-------- C:\Program Files\Common Files\Softwin
2006-11-12 00:08 -------- d-------- C:\Program Files\Common Files
2006-11-11 23:06 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\Security Alert
2006-11-11 22:55 -------- d-------- C:\Program Files\KalOnlineEng
2006-11-11 21:22 -------- d-------- C:\Program Files\Softwin
2006-11-11 21:20 -------- d-------- C:\Program Files\Lavasoft
2006-11-11 21:20 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\Lavasoft
2006-11-11 17:27 -------- d-------- C:\Program Files\Symantec Technical Support
2006-11-10 08:50 -------- d-------- C:\Program Files\DiskInternals
2006-11-10 08:49 -------- d-------- C:\Program Files\Design Science
2006-11-09 22:05 -------- d-------- C:\Program Files\VSAdd-in
2006-11-09 20:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-08 22:46 -------- d-------- C:\Program Files\Norton Personal Firewall
2006-11-06 23:05 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-11-06 23:05 -------- d-------- C:\Program Files\Windows Live Favorites
2006-11-06 23:01 -------- d-------- C:\Program Files\MSN Apps
2006-11-06 21:47 -------- d-------- C:\Program Files\Norton SystemWorks
2006-11-04 22:55 -------- d-------- C:\Program Files\Agnitum
2006-11-04 19:37 -------- d-------- C:\Program Files\Symantec
2006-11-03 16:35 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\Skype
2006-11-03 08:02 -------- d-------- C:\Program Files\WinRAR
2006-11-03 04:12 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-03 03:09 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\MPEG Streamclip
2006-11-02 17:48 -------- d-------- C:\Program Files\Alliance Mu 0.02
2006-11-02 16:12 -------- d-------- C:\Program Files\Google
2006-11-02 16:12 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\Google
2006-10-29 23:49 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\Creative
2006-10-29 21:40 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\AdobeUM
2006-10-29 05:29 161 --a------ C:\Delme.bat
2006-10-27 15:09 413696 --ah----- C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --ah----- C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --ah----- C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 55296 --ah----- C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --ah----- C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --ah----- C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --ah----- C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --ah----- C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --ah----- C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --ah----- C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --ah----- C:\WINDOWS\system32\ieakui.dll
2006-10-22 04:17 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\Hamachi
2006-10-18 19:36 -------- d-------- C:\Program Files\IGN
2006-10-18 17:51 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\uTorrent
2006-10-17 13:06 78336 --ah----- C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --ah----- C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --ah----- C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --ah----- C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --ah----- C:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --ah----- C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --ah----- C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --ah----- C:\WINDOWS\system32\mshtmler.dll
2006-10-15 21:07 -------- d-------- C:\Program Files\Windows Media Player
2006-10-05 23:40 -------- d-------- C:\Program Files\Games-Masters.com
2006-09-30 23:12 -------- d-------- C:\Program Files\Common Files\ATI Technologies
2006-09-30 23:11 -------- d-------- C:\Program Files\ATI Technologies
2006-09-29 13:15 -------- d-------- C:\Program Files\iTunes
2006-09-29 13:14 -------- d-------- C:\Program Files\iPod
2006-09-29 13:13 -------- d-------- C:\Program Files\QuickTime
2006-09-29 13:11 -------- d-------- C:\Program Files\Apple Software Update
2006-09-23 05:55 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-15 22:52 91904 --ah----- C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --ah----- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 17:00 -------- d-------- C:\Documents and Settings\CompUSA\Application Data\Sun
2006-09-13 06:01 1084416 --ah----- C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --ah----- C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 16:45 617472 --ah----- C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --ah----- C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --ah----- C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --ah----- C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"T-DSL SpeedMgr"="\"C:\\PROGRA~1\\T-DSLS~1\\SpeedMgr.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"LockTaskbar"=dword:00000001
"NoTaskGrouping"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CLSID
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CLSID\{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CLSID\{CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebccaa
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khhgd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjklih
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfrcx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmdw32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#Deskjet#3420.job
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1081789704.job
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1084399477.job
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1089592366.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - CompUSA.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\{10273EA9-8FAC-4148-9FCB-296B97A4CEEF}_AOPEN-COMPUTER_CompUSA.job
C:\WINDOWS\tasks\{416D59DE-854E-4BBC-98C8-8B6ED48F5643}_AOPEN-COMPUTER_CompUSA.job
C:\WINDOWS\tasks\{DDF08908-AA2A-47BD-80D2-B96B42ED5FB9}_AOPEN-COMPUTER_CompUSA.job

Completion time: 06-11-12 1:14:49.87
C:\ComboFix.txt ... 06-11-12 01:14


////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////




Logfile of HijackThis v1.99.1
Scan saved at 1:22:17 AM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\RioMSC.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Program Files\T-DSL SpeedManager\tsmsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CompUSA\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e05b3e8114274ae6a5bab239b5c7e353
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e05b3e8114274ae6a5bab239b5c7e353
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://symantec.atgnow.com/sdccommon/download/ssrc.cab
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - http://symantec.atgnow.com/sdccommon/download/sprtctlln.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161554826989
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37D78739-1D18-4F37-A400-06FF3FF252EF}: NameServer = 217.237.150.33 217.237.150.188
O17 - HKLM\System\CCS\Services\Tcpip\..\{49258A71-BF41-497F-9FC6-757CC1FE33C6}: NameServer = 44.2.2.22,223.14.41.51
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Program Files\T-DSL SpeedManager\tsmsvc.exe



I hope this will help you.

BC AdBot (Login to Remove)

 


#2 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:07:14 AM

Posted 13 November 2006 - 09:25 AM

Hi oki12345 and welcome to Bleeping Computer :thumbsup:

You got some infections there...

Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.

Please rename HijackThis.exe to Scanner.exe

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis (scanner.exe )log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
UNITE & ASAP member since 2006
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users