Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avg Keeps Saying I Have A Trojan


  • This topic is locked This topic is locked
6 replies to this topic

#1 Winnin813

Winnin813

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 11 June 2007 - 12:13 AM

ARRRGGGHHHH!!!!!!


This is pretty frustrating. I already scanned with avg in safe mode but the scan couldn't find the virus, I also scanned with ad-aware. Both are updated. I know I have a trojan though because AVG keeps popping up with a message of there being a trojan attack. Also my computer performance has suffered and pop-ups are spamming me. If I posted in the wrong section I apologize.

Heres my HiJack this log if it helps any:

Logfile of HijackThis v1.99.1
Scan saved at 1:08:25 AM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/launchcast/stations/default.asp
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\faeiqyae.dll",realset
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I been scared and battered.
My hopes the wind done scattered.
Snow has friz me,
Sun has baked me,

Looks like between 'em they done
Tried to make me

Stop laughin', stop lovin', stop livin'--
But I don't care!
I'm still here!

-Langston Hughes

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:33 PM

Posted 11 June 2007 - 01:42 AM

Hello,

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Winnin813

Winnin813
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 11 June 2007 - 02:30 PM

Alright Miekiemoes, heres what ya asked for. Many thanks to you in advance also by the way! You were very helpful.

Combofix Log:

ComboFix 07-06-11.3 - C:\Documents and Settings\SBA\Desktop\ComboFix.exe
"SBA" - 2007-06-11 15:11:52 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\faeiqyae.dll
C:\WINDOWS\system32\gwyfwbtk.dll
C:\WINDOWS\system32\uogaufyn.dll
C:\WINDOWS\system32\eayqieaf.ini
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\nyfuagou.ini
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\ssqpm.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\faeiqyae.dll
C:\WINDOWS\system32\gwyfwbtk.dll
C:\WINDOWS\system32\uogaufyn.dll
C:\WINDOWS\system32\eayqieaf.ini
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\nyfuagou.ini
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\ssqpm.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\SBA\APPLIC~1.\macromedia\Flash Player\#SharedObjects\YLH8ZEZD\www.broadcaster.com
C:\DOCUME~1\SBA\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\SBA\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))


2007-06-11 15:11 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 15:11 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 01:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-11 01:52 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-05 14:24 <DIR> d-------- C:\DOCUME~1\SBA\APPLIC~1\DivX
2007-06-04 21:54 36,624 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-04 21:54 36,624 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-04 21:54 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-04 21:54 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-04 21:54 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-04 21:54 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-04 21:54 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-06-04 21:54 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-06-04 21:54 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-04 21:54 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-06-04 21:54 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-04 21:54 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-06-04 21:54 <DIR> d-------- C:\Program Files\DivX
2007-06-04 21:54 <DIR> d-------- C:\Program Files\DivX
2007-06-01 23:24 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-06-01 23:24 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-05-31 02:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-31 02:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-24 21:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-24 21:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-12 01:46 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-05-12 01:46 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 19:19:30 -------- d-----w C:\DOCUME~1\SBA\APPLIC~1\OpenOffice.org2
2007-06-11 05:12:51 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-03 01:07:09 -------- d-----w C:\Program Files\AIM6
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-21 11:30:35 -------- d-----w C:\Program Files\mIRC
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-12 08:28:13 -------- d-----w C:\DOCUME~1\SBA\APPLIC~1\Ventrilo
2007-04-12 08:25:25 -------- d-----w C:\Program Files\Ventrilo
2007-04-12 08:25:09 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-03-20 03:43:57 335 ----a-w C:\WINDOWS\nsreg.dat
2007-03-20 03:41:26 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-03-20 03:41:26 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-03-20 03:37:27 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-03-19 08:13:24 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 19:19:30 -------- d-----w C:\DOCUME~1\SBA\APPLIC~1\OpenOffice.org2
2007-06-11 05:12:51 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-03 01:07:09 -------- d-----w C:\Program Files\AIM6
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-21 11:30:35 -------- d-----w C:\Program Files\mIRC
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-12 08:28:13 -------- d-----w C:\DOCUME~1\SBA\APPLIC~1\Ventrilo
2007-04-12 08:25:25 -------- d-----w C:\Program Files\Ventrilo
2007-04-12 08:25:09 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-03-20 03:43:57 335 ----a-w C:\WINDOWS\nsreg.dat
2007-03-20 03:41:26 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-03-20 03:41:26 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-03-20 03:37:27 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-03-19 08:13:24 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 06:43]
C:\ComboFix\temp00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 06:43]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 03:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-22 14:32]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 03:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 13:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 06:43]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 13:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"Steam"="" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"Steam"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 15:19:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-11 15:22:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-11 15:21

--- E O F ---


HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:26:17 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://music.yahoo.com/launchcast/stations/default.asp
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I been scared and battered.
My hopes the wind done scattered.
Snow has friz me,
Sun has baked me,

Looks like between 'em they done
Tried to make me

Stop laughin', stop lovin', stop livin'--
But I don't care!
I'm still here!

-Langston Hughes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:33 PM

Posted 11 June 2007 - 02:42 PM

Hi,

It looks like Combofix already solved your issue.

Delete next folder: C:\Qoobox

Your logs look clean again.
Let me know in your next reply how things are now...
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Winnin813

Winnin813
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 11 June 2007 - 04:05 PM

Hi,

It looks like Combofix already solved your issue.

Delete next folder: C:\Qoobox

Your logs look clean again.
Let me know in your next reply how things are now...

Everything is awesome. You guys are amazing with this stuff. I think I'll stick around here and see what I can learn.
I been scared and battered.
My hopes the wind done scattered.
Snow has friz me,
Sun has baked me,

Looks like between 'em they done
Tried to make me

Stop laughin', stop lovin', stop livin'--
But I don't care!
I'm still here!

-Langston Hughes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:33 PM

Posted 11 June 2007 - 04:09 PM

Good to hear. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:33 PM

Posted 14 June 2007 - 05:23 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users