Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Claria Virus

Started by darthinvader69 , Sep 23 2006 08:37 PM

  • Please log in to reply

#1
darthinvader69
Posted 23 September 2006 - 08:37 PM

darthinvader69

    New Member

  • Member
  • Pip
  • 1 posts
I got this CLaria virus from Kazaa, and I cant get rid of it Ive ran everything I can. i can get rid of the spyware but not the virus itself and naturally the spyware comes back enclosed is my combofix report. Im completely computer stupid and I need help.

Owner - 06-09-23 22:33:25.35 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-23 to 2006-09-23 ))))))))))))))))))))))))))))))))))


2006-09-23 20:44 78,488 --a------ C:\WINDOWS\system32\XMD5.dll
2006-09-23 17:03 176,128 --a------ C:\WINDOWS\system32\titiau.dll
2006-09-23 16:55 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-23 16:54 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-23 16:54 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-23 16:54 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-23 16:54 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-23 16:54 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-23 16:54 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-23 16:54 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-23 16:54 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-23 16:54 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-23 16:54 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-23 16:54 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-23 16:54 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-23 16:54 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-23 16:54 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-23 16:54 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-23 16:54 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-23 16:54 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-23 16:54 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-23 16:54 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-23 16:54 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-23 01:15 35,328 --a------ C:\WINDOWS\system32\iprip.dll
2006-09-23 01:15 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2006-09-23 01:15 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2006-09-23 01:15 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2006-09-01 20:17 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-09-01 20:17 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-09-01 20:17 131,072 -ra------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-09-01 20:14 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2006-09-01 20:14 518,560 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-09-01 20:14 2,155,712 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-09-01 20:13 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-09-01 20:13 207,360 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-09-01 20:02 159,744 --a------ C:\WINDOWS\system32\igfxres.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-23 21:35 -------- d-------- C:\Program Files\SpywareBot
2006-09-23 19:44 -------- d-------- C:\Program Files\Lavasoft
2006-09-23 19:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-09-23 19:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2006-09-23 19:20 -------- d-------- C:\Program Files\McAfee
2006-09-23 19:17 -------- d-------- C:\Program Files\SiteAdvisor
2006-09-23 19:16 -------- d-------- C:\Program Files\Common Files\McAfee
2006-09-23 19:15 -------- d-------- C:\Program Files\Common Files
2006-09-23 17:43 88272 --a------ C:\Documents and Settings\Owner\Application Data\winantispyware2006freeinstall[1].exe
2006-09-23 17:33 -------- d-------- C:\Program Files\vb
2006-09-23 17:28 -------- d-------- C:\Program Files\WinMediaCodec
2006-09-23 16:54 -------- d-------- C:\Program Files\Windows NT
2006-09-23 01:27 -------- d-------- C:\Program Files\iTunes
2006-09-23 01:27 -------- d-------- C:\Program Files\iPod
2006-09-23 01:26 -------- d-------- C:\Program Files\QuickTime
2006-09-23 01:25 -------- d-------- C:\Program Files\Apple Software Update
2006-09-23 01:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-23 01:10 -------- d-------- C:\Program Files\Yahoo!
2006-09-23 01:10 -------- d-------- C:\Program Files\Real
2006-09-23 01:10 -------- d-------- C:\Program Files\Common Files\Real
2006-09-23 01:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-09-23 01:06 -------- d-------- C:\Program Files\ATI Technologies
2006-09-23 00:57 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-23 00:53 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-21 23:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\IrfanView
2006-09-21 02:37 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-21 02:37 -------- d-------- C:\Program Files\AOL
2006-09-21 02:37 -------- d-------- C:\Program Files\AOD
2006-09-17 14:10 -------- d-------- C:\Program Files\IrfanView
2006-09-15 21:47 -------- d-------- C:\Program Files\Need2Find
2006-09-14 04:37 -------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2006-09-14 04:36 -------- d-------- C:\Program Files\Microsoft Office
2006-09-14 04:36 -------- d-------- C:\Program Files\Common Files\System
2006-09-14 04:36 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-13 01:35 -------- d-------- C:\Program Files\MorpheusBar
2006-09-13 01:31 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-09-12 14:36 -------- d-------- C:\Program Files\Google
2006-09-12 04:26 -------- d-------- C:\Program Files\Internet Explorer
2006-09-02 20:48 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-09-02 16:12 -------- d-------- C:\Program Files\BigFix
2006-09-02 15:54 -------- d-------- C:\Program Files\LucasArts
2006-09-02 15:54 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-01 22:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\Help
2006-09-01 20:27 -------- d-------- C:\Program Files\Valve
2006-09-01 20:20 -------- d-------- C:\Program Files\msaccrt
2006-09-01 20:19 -------- d-------- C:\Program Files\Windows Media Components
2006-09-01 20:18 -------- d-------- C:\Program Files\Common Files\CyberLink
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-14 16:26 37832 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2006-08-14 16:25 33928 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2006-08-14 16:25 31752 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2006-08-14 16:25 162504 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2006-08-14 13:00 104536 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2006-08-09 19:36 -------- d-------- C:\Program Files\McAfee.com
2006-08-09 19:33 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-09 19:32 -------- d-------- C:\Program Files\Windows Media Player
2006-08-09 19:32 -------- d-------- C:\Program Files\Adobe
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Iomega Active Disk"="C:\\Program Files\\Iomega\\AutoDisk\\AD2KClient.exe"
"Steam"="\"C:\\Program Files\\Valve\\Steam\\Steam.exe\" -silent"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\
55,41,52,44,2e,45,58,45,00
"Iomega Startup Options"="C:\\Program Files\\Iomega\\Common\\ImgStart.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SemanticInsight"="C:\\Program Files\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1158820624\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"spywarebot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"AAW"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe\" \"+b1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\Setup]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"pmsngr.exe"="C:\\Program Files\\WinMediaCodec\\pmsngr.exe"
"homepage.monitor.exe"="C:\\Program Files\\WinMediaCodec\\isamonitor.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"eeler"="{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

Completion time: Sat 09/23/2006 22:34:51.40
ComboFix.txt
  • 0

Advertisements

#2
Technical_1
Posted 28 September 2006 - 06:09 PM

Technical_1

    Visiting Staff

  • Member
  • PipPipPip
  • 735 posts
Welcome to the G2G Malware Forum.


Let's get a Hijack This log to analyze.
  • Create a new folder on your desktop and name it HJT.
  • Please follow this link to get Hijack This.
  • Run Hijack This.
  • Click Scan and Save Log File.
  • Copy the log to this thread.
We'll get a look at it and see what shows up.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP