Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Downloader.Zlob!gen.2


  • Please log in to reply

#1
slan

slan

    New Member

  • Member
  • Pip
  • 3 posts
I have run my norton anti virus and it says that i have the virus 'Downloader.Zlob!gen.2'. It also states that i have numerous other viruses sucha as Downloader.MisleadApp(x6), Trojan.Vundo.B, Trojan.Zlob, Downloader and Downloader.Zlob!gen.2 (x9). I hve searched numerous amounts of sites to delete these files but the have all ended fruitless. Even Norton anti virus states that i have to buy the full version in order for it to delete the viruses. Please can you help!!!

Attached Files


  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello slan

Welcome to G2Go. :)
=====================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
slan

slan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you for your help. I hvae followed the commands and this is the report on notepad.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:24, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1203751650\ee\AOLSoftware.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\2.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203751650\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [20a5d7c2] rundll32.exe "C:\WINDOWS\system32\pnwaampj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uvkwluxh] C:\WINDOWS\system32\qdsbsbkj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 6522 bytes
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
slan

slan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you very much for your help, it is very appreciated. I saved Combofix.exe on my desktop and ran the software. The log is as follows..

ComboFix 08-04-27.3 - Aslan 2008-04-28 19:42:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.241 [GMT 1:00]
Running from: C:\Documents and Settings\Aslan\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\#SharedObjects\7BDFUKGN\iforex.com
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\#SharedObjects\7BDFUKGN\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\PC-Cleaner
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\awttqpOh.dll
C:\WINDOWS\system32\awturSjK.dll
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\cbXOExYO.dll
C:\WINDOWS\system32\CdfgOUvw.ini
C:\WINDOWS\system32\CdfgOUvw.ini2
C:\WINDOWS\system32\dyxdqlfn.ini
C:\WINDOWS\system32\egtdjswv.ini
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\fuqyuqyv.ini
C:\WINDOWS\system32\hgGxvWPj.dll
C:\WINDOWS\system32\hOpqttwa.ini
C:\WINDOWS\system32\hOpqttwa.ini2
C:\WINDOWS\system32\jpmaawnp.ini
C:\WINDOWS\system32\KjSrutwa.ini
C:\WINDOWS\system32\KjSrutwa.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\otswxpeh.ini
C:\WINDOWS\system32\ovmrcchr.ini
C:\WINDOWS\system32\OYxEOXbc.ini
C:\WINDOWS\system32\OYxEOXbc.ini2
C:\WINDOWS\system32\pnwaampj.dll
C:\WINDOWS\system32\qmphvnvm.ini
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\wvUOgfdC.dll
C:\WINDOWS\system32\xiyxpjwi.ini
C:\WINDOWS\system32\yurfpgvd.ini
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-28 19:25 . 2008-04-28 19:25 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-28 19:25 . 2008-04-28 19:25 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-04-28 17:44 . 2008-04-28 17:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 19:41 . 2008-04-27 19:41 <DIR> d-------- C:\VundoFix Backups
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Program Files\Sun
2008-04-25 21:27 . 2008-04-25 21:26 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-04-25 21:27 . 2008-04-25 21:26 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 21:14 . 2008-04-25 21:26 <DIR> d-------- C:\Program Files\Java
2008-04-25 17:46 . 1995-01-30 00:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-04-25 17:46 . 1994-12-06 00:00 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-04-23 20:25 . 2008-04-23 17:54 294 --ahs---- C:\WINDOWS\system32\bkqudxio.ini
2008-04-23 17:54 . 2008-04-23 17:54 1,540,729 --ahs---- C:\WINDOWS\system32\bkqudxio.tmp
2008-04-22 17:04 . 2008-04-22 17:04 53,312 --a------ C:\WINDOWS\system32\darmhsjp.dll
2008-04-21 17:02 . 2008-04-21 17:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-21 16:57 . 2008-04-21 17:31 <DIR> d-------- C:\SDFix
2008-04-21 16:20 . 2008-04-21 16:20 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-21 16:04 . 2008-04-21 16:04 53,312 --a------ C:\WINDOWS\system32\dddanjjj.dll
2008-04-21 16:03 . 2008-04-21 16:03 <DIR> d-------- C:\Documents and Settings\Aslan\Application Data\TmpRecentIcons
2008-04-21 09:45 . 2008-04-21 10:14 <DIR> d-------- C:\Documents and Settings\Ali.HOME.000\Application Data\TmpRecentIcons
2008-04-21 00:54 . 2008-04-21 00:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\laxwhylm
2008-04-20 22:36 . 2008-04-20 22:36 <DIR> d-------- C:\Documents and Settings\Aslan\Application Data\Canon
2008-04-20 12:35 . 2008-04-20 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 12:35 . 2008-04-20 12:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-19 18:57 . 2000-02-29 18:20 64,000 --a------ C:\WINDOWS\_detmp.2
2008-04-19 18:57 . 2008-04-19 14:39 2,881 --a------ C:\WINDOWS\_detmp.1
2008-04-19 14:38 . 2008-04-19 14:38 <DIR> d-------- C:\Program Files\QuickTime
2008-04-19 14:38 . 2008-04-19 14:38 <DIR> d-------- C:\Program Files\DK Interactive Learning
2008-04-19 14:38 . 2008-04-19 14:38 <DIR> d-------- C:\Program Files\directx
2008-04-19 14:34 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-19 14:27 . 2008-04-19 14:27 <DIR> d-------- C:\Documents and Settings\Ali.HOME.000\WINDOWS
2008-04-18 09:41 . 2008-04-18 09:41 <DIR> d-------- C:\Documents and Settings\Ali.HOME.000\Application Data\Canon
2008-04-08 18:01 . 2008-04-08 18:01 <DIR> d-------- C:\Program Files\MiDigiWorld

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 22:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-27 17:55 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-25 18:36 --------- d-----w C:\Program Files\LimeWire
2008-04-19 17:55 --------- d-----w C:\Program Files\LogMeIn
2008-03-24 00:06 --------- d-----w C:\Program Files\Common Files\snpstd2
2008-03-24 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 00:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 22:41 --------- d-----w C:\Documents and Settings\Aslan\Application Data\LimeWire
2008-03-11 02:20 --------- d-----w C:\Documents and Settings\Ali.HOME.000\Application Data\AdobeUM
2008-03-01 21:48 --------- d--h--w C:\Documents and Settings\Ali.HOME.000\Application Data\yahoo!
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-04-25 21:26 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-04-25 21:26 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"uvkwluxh"="C:\WINDOWS\system32\qdsbsbkj.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-18 16:33 45056 C:\WINDOWS\system32\NVATray.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 1581056 C:\WINDOWS\mixer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-29 13:13 579072]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-09 21:00 185896]
"HostManager"="C:\Program Files\Common Files\AOL\1203751650\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 16:38 1410600]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 19:34 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-04-25 21:26 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-28 13:05 219136]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-11 21:34:40 10252288]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 22:51:54 45568]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL 9.0 VRb\\waol.exe"=
"C:\\Program Files\\AOL 9.0 VRe\\waol.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 23:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 14:28]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 17:32:13 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 19:43:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 4

**************************************************************************
.
Completion time: 2008-04-28 19:45:43
ComboFix-quarantined-files.txt 2008-04-28 18:45:39

Pre-Run: 51,266,699,264 bytes free
Post-Run: 51,256,070,144 bytes free

199 --- E O F --- 2008-04-13 06:41:05
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When prompted to scan for infected files chose no, when done a log named CF_RC.txt will open. Please post the contents of that log.


Please do not reboot your machine until we have reviewed the log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP