Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ISSUES: windows security alert pop up, home page changed to softwarere


  • This topic is locked This topic is locked

#16
Jessikuh

Jessikuh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Deckard's System Scanner v20071014.68
Run by Jaycia on 2008-06-13 14:13:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
133: 2008-06-13 21:13:43 UTC - RP933 - Deckard's System Scanner Restore Point
132: 2008-06-13 00:24:44 UTC - RP932 - System Checkpoint
131: 2008-06-11 16:32:45 UTC - RP931 - Software Distribution Service 3.0
130: 2008-06-11 05:54:00 UTC - RP930 - Installed Java™ 6 Update 6
129: 2008-06-11 05:49:49 UTC - RP929 - Removed Java™ 6 Update 6


-- First Restore Point --
1: 2008-06-04 07:14:12 UTC - RP801 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jaycia.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jaycia\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jaycia.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/br...H...RR&d=homerr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\MYDOWN~1\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\MYDOWN~1\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-9c40c2bfe...ad/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} - http://zone.msn.com/...rp.cab56961.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC664F3C-1181-421E-AED6-268E3B3D15BF}: Domain = extremities.com
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6241 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080610-162013-455 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20080610-162013-807 O3 - Toolbar: (no name) - {EC2B736E-2B50-4709-A63E-F69855335854} - (no file)
backup-20080610-162013-203 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
backup-20080610-162013-839 O21 - SSODL: vltdfabw - {A432D9EC-4A92-4F88-B77C-3B5BB07B9A79} - C:\WINDOWS\vltdfabw.dll
backup-20080610-162013-267 O21 - SSODL: vregfwlx - {3B5D658A-965D-40E9-8F97-0CD0BD244449} - C:\WINDOWS\vregfwlx.dll
backup-20080612-143141-910 O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
backup-20080612-143141-997 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
backup-20080612-143141-777 O4 - HKLM\..\Run: [a02a91f3] rundll32.exe "C:\WINDOWS\system32\hjxwsadn.dll",b
backup-20080612-143141-172 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
backup-20080612-143141-954 O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
backup-20080612-143141-828 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080612-143141-908 O20 - Winlogon Notify: urqrqrs - urqrqrs.dll (file missing)
backup-20080612-143141-685 O20 - Winlogon Notify: xxyyw - C:\WINDOWS\system32\xxyyw.dll (file missing)
backup-20080612-143141-757 O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
backup-20080612-143744-138 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 SMBios (Intel ® System Managment BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Managment BIOS Driver>

S1 AEC671X - c:\windows\system32\drivers\aec671x.sys <Not Verified; Acard Technology Corp.; Acard® AEC-671X PCI Ultra/W SCSC-3 Controller>
S1 DMX3191 - c:\windows\system32\drivers\dmx3191.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
S2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys (file missing)
S2 UDNT - c:\windows\system32\drivers\udnt.sys
S3 ATWPKT2 - c:\program files\america online 8.0\atwpkt2.sys <Not Verified; America Online; ATW Protocol Driver>
S3 DVXUSBKS (DVXCEL Streaming Class Driver) - c:\windows\system32\drivers\dvxusbks.sys <Not Verified; Dazzle Multimedia; DVXCEL Streaming Class Driver>
S3 HCF_MSFT - c:\windows\system32\drivers\hcf_msft.sys (file missing)
S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys (file missing)
S3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys (file missing)
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-13 14:12:08 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 11:26:20 0 d--hs---- C:\FOUND.005
2008-06-12 15:14:01 0 d-------- C:\Documents and Settings\Jaycia\Application Data\Malwarebytes
2008-06-12 15:13:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 15:13:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 15:12:33 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-10 22:54:44 0 d-------- C:\Program Files\Java
2008-06-10 22:54:07 0 d-------- C:\Program Files\Common Files\Java
2008-06-10 22:40:02 0 d--hs---- C:\FOUND.004
2008-06-10 22:05:31 0 d-------- C:\cmdcons
2008-06-10 22:03:48 68096 --a------ C:\WINDOWS\zip.exe
2008-06-10 22:03:48 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-10 22:03:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-10 22:03:47 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-10 22:03:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-10 22:03:47 98816 --a------ C:\WINDOWS\sed.exe
2008-06-10 22:03:47 80412 --a------ C:\WINDOWS\grep.exe
2008-06-10 22:03:47 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-10 16:12:30 0 d--hs---- C:\FOUND.003
2008-06-04 15:30:28 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-06-04 14:31:31 0 d-------- C:\Documents and Settings\Jaycia\Application Data\Talkback
2008-06-04 14:29:36 0 d--hs---- C:\FOUND.002
2008-06-04 14:20:29 262144 --a------ C:\Documents and Settings\Default User\ntuser.dat
2008-06-04 10:46:23 0 d-------- C:\WINDOWS\CSC
2008-06-04 02:53:10 0 d-------- C:\Program Files\a-squared HiJackFree
2008-06-04 02:44:32 0 d-------- C:\Program Files\Trend Micro
2008-06-04 00:33:26 0 d-------- C:\Program Files\Enigma Software Group
2008-06-04 00:12:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-04 00:12:35 0 d-------- C:\WINDOWS\Zoomify
2008-06-04 00:12:35 0 d-------- C:\Documents and Settings\Jaycia\Incomplete
2008-06-03 23:17:16 0 d-------- C:\Program Files\StompSoft
2008-06-03 16:22:08 0 d--hs---- C:\FOUND.001
2008-06-03 09:53:46 0 d--hs---- C:\FOUND.000
2008-06-03 01:03:58 8417280 --a------ C:\Documents and Settings\Jaycia\ntuser.dat
2008-05-28 15:53:22 0 d-------- C:\Program Files\Sun
2008-05-17 18:30:57 0 d-------- C:\Program Files\InterActual


-- Find3M Report ---------------------------------------------------------------

2008-05-28 18:41:46 121 --a------ C:\WINDOWS\system32\SQSDRVRM.SYS
2008-05-28 18:40:46 71 --ahs---- C:\WINDOWS\system32\SYSDRVREB.SYS
2008-05-11 00:28:52 0 d-------- C:\Documents and Settings\Jaycia\Application Data\NewsRover
2008-05-11 00:28:38 0 d-------- C:\Program Files\NewsRover
2008-04-30 10:04:08 0 d-------- C:\Documents and Settings\Jaycia\Application Data\Sun
2008-04-30 03:47:04 0 d-------- C:\Program Files\Three Rings Design
2008-04-13 15:55:10 0 d-------- C:\Documents and Settings\Jaycia\Application Data\eBay
2008-04-13 15:54:22 0 d-------- C:\Program Files\eBay
2008-04-13 03:00:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Airlink101 WLAN Monitor]
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C88 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\lwinkndt.exe SKY009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onfuxboA]
C:\WINDOWS\onfuxboA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\WINDOWS\System32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
"C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sdsr]
"C:\WINDOWS\CROSOF~1\ati2evxx.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\hbpqeykg.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwas7cw]
"C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2007 Free]
"C:\Program Files\WinAntiSpyware 2007\was7.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ylngg]
"C:\Program Files\?asks\w?nword.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A9-91-15-5C-ZN}]
C:\windows\system32\mjdsregr.exe SKY009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe"




-- End of Deckard's System Scanner: finished at 2008-06-13 14:16:26 ------------
  • 0

Advertisements


#17
Jessikuh

Jessikuh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

  • 0

#18
Jessikuh

Jessikuh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Thank you so much for your help. I think virus is trying to come back because

on start menu if i click on help and support i recieve a message saying windows cannot create a shortcut here.

also i cannot open windows explorer

and on control panel there are two icons that are not labled or clickable one is a folder icon and the other is the data icon

I will try kaspersky and then i am going to turn it off and hook up my other hard drive in hopes of preventing this one from getting worse.

thank you again for the help if i am able to do a scan with the kaspersky then i will post within an hour(at most) if no post then i couldnt do it thank you again for you help and paitence.

  • 0

#19
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
I take it that you couldn't get Kaspersky to run, so lets try something different:

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the box that says Include MD5
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Check the Radio button under Drivers for Non Microsoft
  • Check the radio button under Rootkit Search for Yes
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 7 days)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please zip the log and attach the zipped file in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
Regards,
RatHat
  • 0

#20
Jessikuh

Jessikuh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
okay here is the log.
  • 0

#21
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

RatHat is very busy so I will take over this thread. I will look over your log and get back to you soon :)

Thanks,

Mike
  • 0

#22
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

I want to get a better idea on how your computer is running, would you mind giving me a description?

Click on Start, click on Run
Copy and paste the following in bold in the open window and then click OK

"%userprofile%\desktop\dss.exe" /config

This will open up DSS configurationClick on Check All
Click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#23
Jessikuh

Jessikuh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hello,
thank you for taking over for him. I ran into a problem. I clicked on run and recieved a message that said "windows cannot create a shortcut here do you want it to be placed on your desktop instead?" i said yes i clicked on the shortcut and it did nothing i right clicked and open was not there nor was there any thing similar to it so i tried find target and highlighted the shorcut went to file and i couldent open it from there either. :) (Im so frustrated) Any other ideas?
Thank you in advance.
  • 0

#24
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Does this error happen when opening all programs? Or just certain ones?

When you say you click on "run", do you mean that you right click the file and press "run" from the menu that appears?

Try re-running combofix for me please.

Thanks,

Mike

Edited by Mike, 18 June 2008 - 06:51 AM.

  • 0

#25
Jessikuh

Jessikuh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
When I select some things from start menu it gives me the message about creating a shortcut on the desktop. this happens when i select the following
Run, Search, Help and Support, and set program access and defaults.

i mean (left) click when i try form the start menu and when i do the same for the shortcut on the desktop nothing happens so i right click the file but there is no 'run' for me to select
okay here is the combofix log




thank you for your effort
  • 0

Advertisements


#26
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there :)

Let's try and make some progress :).


Please click Start then Run, in the window appears type in Notepad.exe. If you cannot open it this was, go to C:\Windows\System32, find notepad.exe and double click on it.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
http://www.geekstogo.com/forum/ISSUES-windows-security-alert-pop-up-home-page-changed-to-softwarere-t201079.html

Collect::
C:\windows\system32\Winkp26.sys

File::
C:\New Compressed (zipped) Folder.zip
C:\WINDOWS\system32\lwinkndt.exe
C:\WINDOWS\onfuxboA.exe
C:\WINDOWS\system32\hbpqeykg.dll
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\windows\system32\mjdsregr.exe

Folder::
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\WINDOWS\CROSOF~1
C:\Program Files\?asks
C:\Program Files\WinPop

DirLook::
C:\WINDOWS\Zoomify

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp26.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\onfuxboA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sdsr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwas7cw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiSpyware 2007 Free]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ylngg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A9-91-15-5C-ZN}]
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.
  • 0

#27
Jessikuh

Jessikuh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
couldnt run from start menu but i did it the other way. so okay here is the report,


ComboFix 08-06-10.1 - Jaycia 2008-06-19 19:32:35.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.663 [GMT -7:00]
Running from: C:\Documents and Settings\Jaycia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jaycia\Desktop\cfscript.txt
* Created a new restore point

FILE ::
C:\New Compressed (zipped) Folder.zip
C:\WINDOWS\onfuxboA.exe
C:\WINDOWS\system32\hbpqeykg.dll
C:\WINDOWS\system32\lwinkndt.exe
C:\windows\system32\mjdsregr.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\usrmlnka.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\New Compressed (zipped) Folder.zip
C:\WINDOWS\SYSTEM32\usrmlnka.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-18 17:20 . 2008-06-18 17:20 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-13 14:13 . 2008-06-13 14:13 <DIR> d-------- C:\Deckard
2008-06-13 11:26 . 2008-06-13 11:26 <DIR> d--hs---- C:\FOUND.005
2008-06-12 15:14 . 2008-06-12 15:14 <DIR> d-------- C:\Documents and Settings\Jaycia\Application Data\Malwarebytes
2008-06-12 15:13 . 2008-06-12 15:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 15:13 . 2008-06-12 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-12 15:13 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-12 15:13 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 15:12 . 2008-06-12 15:12 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-10 22:55 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-10 22:54 . 2008-06-10 22:54 <DIR> d-------- C:\Program Files\Java
2008-06-10 22:54 . 2008-06-10 22:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-10 22:40 . 2008-06-10 22:40 <DIR> d--hs---- C:\FOUND.004
2008-06-10 22:19 . 2008-04-14 04:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 16:30 . 2008-06-09 14:25 <DIR> d-------- C:\SDFix
2008-06-10 16:12 . 2008-06-10 16:12 <DIR> d--hs---- C:\FOUND.003
2008-06-04 15:30 . 2008-06-04 15:30 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-06-04 15:22 . 2008-06-04 15:22 96 --a------ C:\index.ini
2008-06-04 14:31 . 2008-06-04 14:31 <DIR> d-------- C:\Documents and Settings\Jaycia\Application Data\Talkback
2008-06-04 14:29 . 2008-06-04 14:29 <DIR> d--hs---- C:\FOUND.002
2008-06-04 02:53 . 2008-06-04 02:53 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-06-04 02:44 . 2008-06-04 02:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 00:33 . 2008-06-04 00:33 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-04 00:12 . 2008-06-04 00:12 <DIR> d-------- C:\WINDOWS\Zoomify
2008-06-04 00:12 . 2008-06-04 00:12 <DIR> d-------- C:\Documents and Settings\Jaycia\Incomplete
2008-06-04 00:12 . 2008-06-04 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-03 23:17 . 2008-06-03 23:17 <DIR> d-------- C:\Program Files\StompSoft
2008-06-03 16:22 . 2008-06-03 16:22 <DIR> d--hs---- C:\FOUND.001
2008-06-03 09:53 . 2008-06-03 09:53 <DIR> d--hs---- C:\FOUND.000
2008-05-28 15:53 . 2008-05-28 15:53 <DIR> d-------- C:\Program Files\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 01:30 --------- d-----w C:\Program Files\InterActual
2008-05-11 07:28 --------- d-----w C:\Program Files\NewsRover
2008-05-11 07:28 --------- d-----w C:\Documents and Settings\Jaycia\Application Data\NewsRover
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-30 10:47 --------- d-----w C:\Program Files\Three Rings Design
2008-04-24 05:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2005-04-25 17:29 4,918,270 ----a-w C:\Program Files\Firefox Setup 1.0.exe
2005-04-08 21:41 1,671,262 ------w C:\Program Files\hmk-april05_setup.exe
2005-04-07 23:02 7,351,496 ----a-w C:\Program Files\INSTALL_MSN_MESSENGER_DL.EXE
2005-01-13 17:03 6,044,184 ----a-w C:\Program Files\LimeWireWin.exe
2004-12-07 18:40 16,706,560 ----a-w C:\Program Files\AdbeRdr60_enu_full.exe
2004-12-07 18:40 10,477,568 ----a-w C:\Program Files\RealPlayer10-5GOLD.exe
2004-12-07 18:39 6,815,744 ----a-w C:\Program Files\psa201se_us.exe
2004-12-07 18:39 5,349,376 ----a-w C:\Program Files\kfpsetup.exe
2004-12-07 18:39 479,232 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2004-12-07 18:38 4,739,072 ----a-w C:\Program Files\RipEditBurnTrial.exe
2004-12-07 18:38 10,136,064 ----a-w C:\Program Files\MPSetupXP.exe
2004-12-07 18:38 1,900,544 ----a-w C:\Program Files\winzip81.exe
2004-12-07 18:37 491,008 ----a-w C:\Program Files\ie6setup.exe
2004-12-07 18:37 1,543,680 ----a-w C:\Program Files\WindowsXP-KB824146-x86-ENU.exe
2004-12-07 18:37 1,291,264 ----a-w C:\Program Files\WindowsXP-KB823980-x86-ENU.exe
2004-12-07 18:37 1,229,312 ----a-w C:\Program Files\CDMP3RIPPER10.EXE
2004-12-07 18:36 1,383,424 ----a-w C:\Program Files\sfld.exe
2004-12-07 18:32 671,744 ----a-w C:\Program Files\MMsetup_8000101.exe
2004-12-07 18:31 61,440 ----a-w C:\Program Files\msnaddin.exe
2004-10-04 21:28 1,213,973 ----a-w C:\Program Files\AMFM.TEX
2004-02-04 05:13 6,289 ----a-w C:\Program Files\FAQ.txt
2003-12-20 17:13 234,608 ----a-w C:\Program Files\CDSTART.EXE
2003-09-24 15:00 4,890,400 ----a-w C:\Program Files\SetupDl.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\Zoomify ----

2004-02-13 14:38 36 --a------ C:\WINDOWS\Zoomify\Viewer\zoomifyActiveX.ini


((((((((((((((((((((((((((((( snapshot_2008-06-18_15.00.29.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 21:08:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 22:57:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-17 15:30:08 323,648 ----a-w C:\WINDOWS\SoftwareDistribution\Download\Install\mpas-d.exe
+ 2008-06-19 23:00:18 9,540 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{C42F8CFB-415C-426C-816C-588359E7F402}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-21 01:18 171448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Airlink101 WLAN Monitor]
--a------ 2006-10-12 19:38 958464 C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2006-06-29 17:34 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-07-08 11:07 78960 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C88 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-01-10 09:58 28672 C:\WINDOWS\System32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2002-05-29 01:59 520192 C:\Program Files\Logitech\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S1 AEC671X;AEC671X;C:\WINDOWS\system32\drivers\AEC671X.SYS [1998-05-05 10:36]
S1 DMX3191;DMX3191;C:\WINDOWS\system32\drivers\DMX3191.SYS [1999-02-23 00:42]
S2 UDNT;UDNT;C:\WINDOWS\system32\drivers\UDNT.sys [1998-09-18 08:18]
S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 13:58]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
S3 DVXUSBKS;DVXCEL Streaming Class Driver;C:\WINDOWS\system32\DRIVERS\DVXUSBKS.sys [2002-09-12 05:20]
S3 DVXUSBLD;DVXUSBLD;C:\WINDOWS\system32\drivers\DVXUSBLD.SYS [2003-08-28 12:34]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 13:28]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);C:\WINDOWS\system32\drivers\adm8830.sys [2001-08-17 12:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-19 23:18:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 19:34:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-19 19:35:00
ComboFix-quarantined-files.txt 2008-06-20 02:35:00
ComboFix3.txt 2008-06-11 05:18:56
ComboFix2.txt 2008-06-18 22:00:42

Pre-Run: 54,463,102,976 bytes free
Post-Run: 54,468,476,928 bytes free

187 --- E O F --- 2008-06-19 23:01:23
  • 0

#28
Jessikuh

Jessikuh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I have a question what is the name of the virus i am infected with? just curious if you happened to know the name of it (or is it more than just one thing infecting my computer?) thats all thanks again for your help
  • 0

#29
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there :)

I have a question what is the name of the virus i am infected with? just curious if you happened to know the name of it (or is it more than just one thing infecting my computer?) thats all thanks again for your help


You do have more than one virus, to name two - Vundo and Purity. I see you are in GeekU, if you are interested, try analyzing your log with the help of the resources avalible in GeekU if you want to find out all of the infections present.

Now, your combofix log looks good, are you still experiencing a lot of problems?

I see you already have MalwareBytes' Anti-Malware installed. Open the program by double clicking the icon or by going to C:\Program Files\MalwareBytes' Anti-malware and double clicking on mbam.exe

  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then,

Click on your favourite web browser (Internet Explorer, Firefox, etc).

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Post back with the logs for me, also tell me what problems you are still experiencing.
  • 0

#30
Jessikuh

Jessikuh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
here are the logs

Malwarebytes' Anti-Malware 1.17
Database version: 851

3:14:19 PM 6/20/2008
mbam-log-6-20-2008 (15-14-19).txt

Scan type: Quick Scan
Objects scanned: 36435
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



kaspersky report to follow and i will use computer and tell you what problems i encounter while using it in a post tonight :)

Edited by just change the hard drive, 20 June 2008 - 07:01 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP