Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan, spyware, adware

Started by marko polo , Nov 03 2006 04:14 PM

  • Please log in to reply

#1
marko polo
Posted 03 November 2006 - 04:14 PM

marko polo

    New Member

  • Member
  • Pip
  • 4 posts
I thought all the pre-steps you guys provided cleared whatever is eating my computer
but within the next day or two it was back. please help me get rid of this.


Active Scan results:

Incident Status Location

Spyware:spyware/searchcentrix Not disinfected Windows Registry
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\My Documents\?dobe\??plorer.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe

AVG Anti-Spyware results:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:46:05 PM 10/31/2006

+ Scan result:



Nothing found.


::Report end


Hijack This results:
Logfile of HijackThis v1.99.1
Scan saved at 11:13:57 AM, on 11/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Cosmi Firewall\firewall.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol....p...09&nlogin=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {ACFA8973-3DCE-1233-B78D-60640F884E95} - C:\WINDOWS\System32\tqs.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {ACFA8973-3DCE-1233-B78D-60640F884E95} - C:\WINDOWS\System32\tqs.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Cosmi Firewall] C:\Program Files\Cosmi Firewall\firewall.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [win32] C:\WINDOWS\System32\winpack32.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\STEM32~1\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Nveot] C:\Documents and Settings\Owner\My Documents\?dobe\??plorer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)
  • 0

Advertisements

#2
loophole
Posted 03 November 2006 - 06:16 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Please run a scan with HijackThis and check the following lines for removal:

R3 - URLSearchHook: (no name) - {ACFA8973-3DCE-1233-B78D-60640F884E95} - C:\WINDOWS\System32\tqs.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {ACFA8973-3DCE-1233-B78D-60640F884E95} - C:\WINDOWS\System32\tqs.dll (file missing)
O4 - HKCU\..\Run: [win32] C:\WINDOWS\System32\winpack32.exe
O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\STEM32~1\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Nveot] C:\Documents and Settings\Owner\My Documents\?dobe\??plorer.exe

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
marko polo
Posted 04 November 2006 - 08:10 PM

marko polo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
i checked and fixed the first 4 files you said but the last 2 were not on the list

O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\STEM32~1\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Nveot] C:\Documents and Settings\Owner\My Documents\?dobe\??plorer.exe

i was browsing through the site earlier today and downloaded and ran combofix which is probably why they didnt show

combofix log:
Owner - 06-11-04 12:12:35.43 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\inetget
C:\Program Files\Common Files\inetget

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Owner\My Documents\DOBE~1
C:\QooBox\Purity\WINDOWS\system32\STEM32~1
C:\QooBox\Purity\WINDOWS\system32\WNSXS~1
C:\QooBox\Purity\WINDOWS\system32\STEM32~1\??stem32


((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 ))))))))))))))))))))))))))))))))))


2006-11-03 16:37 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2006-11-03 00:29 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-03 00:29 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-03 00:26 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-11-03 00:26 614,431 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-11-03 00:26 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-11-03 00:26 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2006-11-03 00:26 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2006-11-03 00:26 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-11-03 00:26 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2006-11-03 00:26 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-11-03 00:26 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-11-03 00:26 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-11-03 00:26 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-11-03 00:26 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-11-03 00:26 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-11-03 00:26 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2006-11-03 00:26 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-11-03 00:26 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-11-03 00:26 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2006-11-03 00:26 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2006-11-02 22:28 991,232 --a------ C:\WINDOWS\system32\esent.dll
2006-11-02 22:27 260,096 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-02 22:27 172,544 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-02 22:27 10,752 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-01 20:02 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-01 19:58 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-11-01 19:58 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-11-01 19:58 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-11-01 19:58 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-01 19:50 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-31 17:50 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-31 17:50 10,752 --a------ C:\WINDOWS\hh.exe
2006-10-31 17:49 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-10-31 17:49 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-31 17:49 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-31 17:49 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-31 17:49 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-31 17:49 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-31 17:49 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-31 17:49 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-31 17:49 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-31 17:49 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-31 17:49 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-10-31 17:49 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-31 17:49 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-31 17:49 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-31 17:49 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-31 17:48 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-10-31 17:48 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-10-31 17:48 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-31 17:48 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-31 17:48 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-10-31 17:47 38,912 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-10-31 17:47 128,000 --a------ C:\WINDOWS\system32\itss.dll
2006-10-29 19:03 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-10-29 19:03 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-10-29 19:02 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-10-29 19:02 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-10-29 19:02 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-10-29 19:02 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-29 19:02 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-10-29 19:02 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-10-29 01:16 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-21 22:11 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2006-10-21 22:11 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2006-10-21 22:11 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2006-10-21 22:11 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2006-10-21 21:52 61,440 --a------ C:\WINDOWS\system32\cygz.dll
2006-10-21 21:52 3,624,960 --a------ C:\WINDOWS\system32\mkgpmp.exe
2006-10-21 13:18 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-21 13:18 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-10-21 13:18 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2006-10-21 13:18 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2006-10-21 13:18 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-21 10:52 41 --a------ C:\WINDOWS\system32\winitn.dll
2006-10-21 10:51 90,112 --a------ C:\WINDOWS\system32\agsaami.dll
2006-10-21 10:51 753,664 --a------ C:\WINDOWS\system32\agsaamg.dll
2006-10-21 10:51 626,688 --a------ C:\WINDOWS\system32\agsaamh.dll
2006-10-21 10:51 551,424 --a------ C:\WINDOWS\system32\agsaame.dll
2006-10-21 10:51 544,256 --a------ C:\WINDOWS\system32\agsaamd.dll
2006-10-21 10:51 538,624 --a------ C:\WINDOWS\system32\agsaamb.dll
2006-10-21 10:51 40,960 --a------ C:\WINDOWS\system32\VBAME.DLL
2006-10-21 10:51 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll
2006-10-21 10:51 331,776 --a------ C:\WINDOWS\system32\agsaama.dll
2006-10-21 10:51 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2006-10-21 10:51 2,846,720 --a------ C:\WINDOWS\system32\agsaamj.dll
2006-10-21 10:51 151,040 --a------ C:\WINDOWS\system32\wimadll.dll
2006-10-21 10:51 1 --a------ C:\WINDOWS\acdddl.dll
2006-10-18 15:58 47,360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-04 12:17 -------- d-------- C:\Program Files\Common Files
2006-11-04 12:05 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-04 12:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2006-11-03 00:16 -------- d-------- C:\Program Files\Windows Media Player
2006-11-02 23:59 -------- d-------- C:\Program Files\Outlook Express
2006-11-02 23:59 -------- d-------- C:\Program Files\Common Files\System
2006-11-01 16:13 -------- d-------- C:\Program Files\DivX
2006-10-31 17:51 -------- d-------- C:\Program Files\messenger
2006-10-31 17:08 -------- d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2006-10-31 17:07 -------- d-------- C:\Program Files\iTunes
2006-10-31 17:06 -------- d-------- C:\Program Files\Internet Explorer
2006-10-31 17:05 -------- d-------- C:\Program Files\Cosmi Firewall
2006-10-31 13:06 -------- d-------- C:\Program Files\Lavasoft RegHance
2006-10-31 12:20 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-10-31 12:19 -------- d-------- C:\Program Files\Lavasoft
2006-10-29 19:02 -------- d-------- C:\Program Files\Ahead
2006-10-29 19:00 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-29 19:00 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-29 01:16 -------- d-------- C:\Program Files\Grisoft
2006-10-28 06:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\U3
2006-10-21 22:11 -------- d-------- C:\Program Files\Cucusoft
2006-10-21 20:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2006-10-21 19:03 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-21 19:03 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-10-21 18:53 -------- d-------- C:\Program Files\Kaspersky Lab
2006-10-21 18:23 -------- d-------- C:\Program Files\Common Files\Sonic
2006-10-21 18:23 -------- d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2006-10-21 18:22 -------- d-------- C:\Program Files\Sonic
2006-10-21 18:22 -------- d-------- C:\Program Files\RecordNow!
2006-10-21 18:22 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-10-21 17:00 -------- d-------- C:\Program Files\Common Files\AVSMedia
2006-10-19 13:37 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-10-19 12:31 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-10-17 20:25 -------- d-------- C:\Program Files\Adobe
2006-10-17 20:23 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-17 20:22 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-14 20:59 -------- d-------- C:\Program Files\VideoraiPodConverter
2006-10-14 20:59 -------- d-------- C:\Program Files\AviSynth 2.5
2006-10-13 22:16 -------- d-------- C:\Documents and Settings\Owner\Application Data\Seven Zip
2006-10-11 17:01 -------- d-------- C:\Program Files\AC3Filter
2006-10-11 16:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\DivX
2006-10-09 20:59 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-09 18:29 -------- d-------- C:\Program Files\WinRAR
2006-10-08 19:41 -------- d-------- C:\Program Files\PowerISO
2006-10-08 17:28 -------- d-------- C:\Program Files\utorrent
2006-10-03 18:57 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-26 12:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Template
2006-09-16 18:15 -------- d-------- C:\Program Files\iPod
2006-09-16 18:13 -------- d-------- C:\Program Files\QuickTime
2006-09-16 18:11 -------- d-------- C:\Program Files\Apple Software Update
2006-09-15 17:23 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2006-09-14 18:44 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-09-14 18:43 -------- d-------- C:\Program Files\Google
2006-09-14 18:43 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-13 00:09 1110528 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-05 01:19 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-25 10:53 561664 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 04:14 595968 --a------ C:\WINDOWS\system32\xpsp2res.dll
2006-08-16 07:14 95232 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 07:14 70656 --a------ C:\WINDOWS\system32\ws2_32.dll
2006-08-16 07:14 54272 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-08-16 07:14 31232 --a------ C:\WINDOWS\system32\inetmib1.dll
2006-08-16 07:14 13312 --a------ C:\WINDOWS\system32\wship6.dll
2006-08-16 04:42 159232 --a------ C:\WINDOWS\system32\xpob2res.dll
2006-08-16 04:28 48640 --a------ C:\WINDOWS\system32\ipv6.exe
2006-08-16 04:27 83456 --a------ C:\WINDOWS\system32\netsh.exe
2006-08-10 18:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-10 18:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"win32"="C:\\WINDOWS\\System32\\winpack32.exe"
"RecordNow!"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"VTTimer"="VTTimer.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Cosmi Firewall"="C:\\Program Files\\Cosmi Firewall\\firewall.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"UpdateManager"="\"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoChangeStartMenu"=dword:00000000
"NoClose"=dword:00000000
"NoLogOff"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="STOPzilla"
"hkey"="HKLM"
"command"="C:\\Program Files\\STOPzilla!\\STOPzilla.exe /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-04 12:18:31.00
C:\ComboFix.txt ... 06-11-04 12:18
  • 0

#4
loophole
Posted 05 November 2006 - 04:13 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Can you post a new hijack log please.

Thanks
  • 0

#5
marko polo
Posted 05 November 2006 - 09:05 PM

marko polo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:04:51 PM, on 11/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Cosmi Firewall\firewall.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol....p...09&nlogin=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cosmi Firewall] C:\Program Files\Cosmi Firewall\firewall.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162428491015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP