BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Trojan Horse
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > Trojan Horse  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : Trojan Horse Printable version of : Trojan Horse
[ << Previous Thread | Next Thread >> ]

Sinks Ships
New Member


Date Joined Sep 2010
Total Posts : 4
 
   Posted 9/8/2010 7:45 AM (GMT +2)    Quote: Trojan HorseAlert an admin about: Trojan Horse
Hi,

I'm a bit new (brand new) to virus removal and it seems like I might have a couple lurking inside my computer... Can anyone suggest anything that could help? I have a free AVG at the moment that has come up with the below, but can't actually get rid of them!

"Infection";"Trojan horse PSW.Lineage.BVE";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\krnln.fnr";"";"28/08/2010, 12:27:56"
"Infection";"Virus found Win32/Heur";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\eCompress.fne";"";"28/08/2010, 12:27:59"
"Infection";"Virus found Win32/Heur";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\RegEx.fnr";"";"28/08/2010, 12:28:00"
"Infection";"Virus found Win32/Heur";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\spec.fne";"";"28/08/2010, 12:28:00"
"Infection";"Trojan horse PSW.Lineage.BVE";"C:\WINDOWS\system32\758E8C\krnln.fnr";"";"28/08/2010, 12:28:33"
"Infection";"Virus found Win32/Heur";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\RegEx.fnr";"";"28/08/2010, 12:43:02"
"Infection";"Virus found Win32/Heur";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\eCompress.fne";"";"28/08/2010, 13:16:34"
"Infection";"Trojan horse PSW.Lineage.BVE";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\krnln.fnr";"";"28/08/2010, 13:16:40"
"Infection";"Virus found Win32/Heur";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\spec.fne";"";"28/08/2010, 13:16:44"
"Infection";"Trojan horse PSW.Lineage.BVE";"C:\WINDOWS\system32\457C85\74C6C2.EXE";"";"28/08/2010, 13:16:47"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Rozi\Application Data\Mozilla\Firefox\Profiles\c7fua2fi.default\cookies.sqlite";"";"28/08/2010, 13:17:14"
"Infection";"Trojan horse PSW.Lineage.BVE";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\krnln.fnr";"";"01/09/2010, 23:09:57"
"Infection";"Virus found Win32/Heur";"C:\DOCUME~1\Rozi\LOCALS~1\Temp\E_N4\eCompress.fne";"";"01/09/2010, 23:10:01"
"Infection";"Trojan horse Generic2_c.BMHD";"c:\WINDOWS\system32\4FBC81\wif8ffe.exe";"";"06/09/2010, 19:19:27"
"Infection";"Trojan horse Generic2_c.BMHD";"c:\WINDOWS\system32\4FBC81\wif8ffe.exe";"";"06/09/2010, 23:20:58"

Any help much appreciated ;-)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 9/8/2010 9:17 AM (GMT +2)    Quote: Trojan HorseAlert an admin about: Trojan Horse
Hello and welcome   smile
 
 
We need to get a comprehensive report of what is present in your system.
Therefore,
please follow this guide:

 Follow the instructions and copy the logs here,
in this Topic.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
 

 

Back to Top
 

Sinks Ships
New Member


Date Joined Sep 2010
Total Posts : 4
 
   Posted 9/8/2010 4:36 PM (GMT +2)    Quote: Trojan HorseAlert an admin about: Trojan Horse
Ahh, right ok, thanks Ive done that... Here's the info that you requested...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:58, on 08/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\Baal\EtEngine.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\686ADB\004637.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\proXPN\bin\proxpn.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\proXPN\bin\openvpn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Rozi\My Documents\Downloads\jxpiinstall.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search

Settings\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search

Settings\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [BaalInsuExec] C:\WINDOWS\system32\Baal\EtEngine.exe
O4 - HKLM\..\Run: [RunPatch] C:\WINDOWS\RunPatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [4E92D1] C:\WINDOWS\system32\457C85\74C6C2.EXE
O4 - HKLM\..\Run: [881F19] C:\WINDOWS\system32\686ADB\004637.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BatteryLifeExtender] C:\Program

Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe /2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rozi\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [proXPN] C:\Program Files\proXPN\bin\proxpn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: 9523C5.lnk = C:\WINDOWS\system32\7373C5\169235.EXE
O4 - Startup: 9D09DB.lnk = C:\WINDOWS\system32\457C85\74C6C2.EXE
O4 - Startup: B31200.lnk = C:\WINDOWS\system32\686ADB\004637.EXE
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) -

http://support.kornet.net/sw5/order/Speed/cab/KTSpeedNewCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260548295062
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application

Updater\ApplicationUpdater.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program

Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program

Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe

--
End of file - 9828 bytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4569

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/09/2010 21:58:22
mbam-log-2010-09-08 (21-58-22).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 230004
Time elapsed: 1 hour(s), 15 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4 (Worm.Autorun) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D0FB848-E68F-4A1D-9352-35082FC643ED}\RP239\A0050440.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D0FB848-E68F-4A1D-9352-35082FC643ED}\RP239\A0050443.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0D0FB848-E68F-4A1D-9352-35082FC643ED}\RP239\A0050444.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\17B65B\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\17B65B\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\17B65B\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\17B65B\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4FBC81\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4FBC81\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4FBC81\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4FBC81\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\758E8C\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\758E8C\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\758E8C\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\758E8C\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\eCompress.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\RegEx.fnr (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\shell.fne (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Rozi\Local Settings\Temp\E_N4\spec.fne (Worm.Autorun) -> Delete on reboot.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Rozi at 22:25:55.29 on 08/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.254 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k yksvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\Baal\EtEngine.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\686ADB\004637.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\igfxext.exe
C:\Program Files\proXPN\bin\proxpn.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\proXPN\bin\openvpn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Rozi\My Documents\Downloads\jxpiinstall.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Rozi\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BatteryLifeExtender] c:\program files\samsung\batterylifeextender\BatteryLifeExtender.exe /2
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
uRun: [Google Update] "c:\documents and settings\rozi\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [proXPN] c:\program files\proxpn\bin\proxpn.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SUPBackGround] c:\program files\samsung\samsung update plus\SUPBackGround.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [BaalInsuExec] c:\windows\system32\baal\EtEngine.exe
mRun: [RunPatch] c:\windows\RunPatch.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [4E92D1] c:\windows\system32\457c85\74C6C2.EXE
mRun: [881F19] c:\windows\system32\686adb\004637.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\rozi\startm~1\programs\startup\9523c5.lnk - c:\windows\system32\7373c5\169235.EXE
StartupFolder: c:\docume~1\rozi\startm~1\programs\startup\9d09db.lnk - c:\windows\system32\457c85\74C6C2.EXE
StartupFolder: c:\docume~1\rozi\startm~1\programs\startup\b31200.lnk - c:\windows\system32\686adb\004637.EXE
StartupFolder: c:\docume~1\rozi\startm~1\programs\startup\banshe~1.lnk - c:\program files\banshee screamer alarm\alarm.exe
StartupFolder: c:\docume~1\rozi\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\rozi\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} - hxxp://support.kornet.net/sw5/order/Speed/cab/KTSpeedNewCtrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260548295062
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rozi\applic~1\mozilla\firefox\profiles\c7fua2fi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.guardian.co.uk/
FF - component: c:\documents and settings\rozi\application data\mozilla\firefox\profiles\c7fua2fi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\search settings\ff\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\rozi\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\rozi\application data\mozilla\firefox\profiles\c7fua2fi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\rozi\application data\mozilla\firefox\profiles\c7fua2fi.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\rozi\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-12 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-12 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-12 243024]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-7 380928]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-12-11 4300]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2003-3-31 14336]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-12-11 238464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-11 1684736]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-8-1 19840]
S3 Usbnic;OTi Network Driver Module;c:\windows\system32\drivers\Usbnic.sys [2009-12-13 18184]

=============== Created Last 30 ================

2010-09-28 02:19:37 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-09-28 02:19:37 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-09-28 02:19:37 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-09-28 02:19:37 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-09-28 02:19:37 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-09-28 02:19:37 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-09-28 02:19:36 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-09-28 02:19:36 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-09-28 02:19:34 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-09-28 02:19:34 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-09-28 02:19:31 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-09-28 02:19:31 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-09-08 14:09:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-09-08 11:20:18 0 d-----w- c:\docume~1\rozi\applic~1\Malwarebytes
2010-09-08 11:19:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 11:19:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-08 11:19:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 11:19:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-01 15:04:38 0 d-----w- c:\windows\system32\F8FFED
2010-09-01 15:04:38 0 d-----w- c:\windows\system32\8DB54C
2010-09-01 15:04:38 0 d-----w- c:\windows\system32\4FBC81
2010-09-01 15:04:27 0 d-----w- c:\windows\system32\686ADB
2010-08-30 02:50:38 0 d-----w- c:\program files\proXPN

==================== Find3M ====================

2010-07-16 13:26:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:26:50 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:26:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-12-14 02:58:06 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-12-14 02:58:06 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009120720091214\index.dat
2009-12-14 02:58:06 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121420091215\index.dat

============= FINISH: 22:27:15.00 ===============
Back to Top
 

Sinks Ships
New Member


Date Joined Sep 2010
Total Posts : 4
 
   Posted 9/8/2010 4:37 PM (GMT +2)    Quote: Trojan HorseAlert an admin about: Trojan Horse
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/12/2009 23:04:04
System Uptime: 09/08/2010 22:13:54 (720 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N310
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1596/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 10.71 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&192AC53F&0&00E0
Manufacturer: Atheros
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&192AC53F&0&00E0
Service: AR5416

==== System Restore Points ===================

RP234: 11/06/2010 07:01:20 - System Checkpoint
RP235: 11/06/2010 12:28:30 - Software Distribution Service 3.0
RP236: 11/06/2010 21:20:51 - Installed Java(TM) 6 Update 20
RP237: 16/06/2010 00:42:40 - Installed Rosetta Stone V3.
RP238: 17/06/2010 01:53:06 - System Checkpoint
RP239: 17/06/2010 23:08:44 - Removed Dealio Toolbar v4.0.2.
RP240: 17/06/2010 23:56:53 - Removed Rosetta Stone V3.
RP241: 18/06/2010 00:08:44 - Installed Rosetta Stone V3.
RP242: 18/06/2010 00:29:01 - Removed Rosetta Stone V3.
RP243: 18/06/2010 00:30:25 - Installed Rosetta Stone V3.
RP244: 18/06/2010 00:30:52 - Installed Rosetta Stone V3.
RP245: 18/06/2010 00:38:54 - Installed Rosetta Stone V3.
RP246: 18/06/2010 01:10:23 - SPTD setup V1.69
RP247: 18/06/2010 01:28:30 - Removed Rosetta Stone V3.
RP248: 18/06/2010 20:42:36 - Installed Rosetta Stone Version 3
RP249: 20/06/2010 08:15:47 - System Checkpoint
RP250: 22/06/2010 03:04:02 - System Checkpoint
RP251: 24/06/2010 16:00:25 - Software Distribution Service 3.0
RP252: 25/06/2010 07:47:56 - Avg Update
RP253: 28/06/2010 01:10:29 - System Checkpoint
RP254: 06/07/2010 06:50:41 - System Checkpoint
RP255: 07/07/2010 07:15:49 - System Checkpoint
RP256: 10/07/2010 08:32:51 - System Checkpoint
RP257: 11/07/2010 09:25:02 - System Checkpoint
RP258: 13/07/2010 03:58:20 - System Checkpoint
RP259: 14/07/2010 23:39:08 - Software Distribution Service 3.0
RP260: 16/07/2010 21:25:46 - Avg Update
RP261: 16/07/2010 21:27:02 - Avg Update
RP262: 18/07/2010 22:58:55 - System Checkpoint
RP263: 20/07/2010 12:10:31 - System Checkpoint
RP264: 25/07/2010 10:00:37 - System Checkpoint
RP265: 27/07/2010 18:05:59 - System Checkpoint
RP266: 29/07/2010 06:16:52 - System Checkpoint
RP267: 30/07/2010 07:35:08 - System Checkpoint
RP268: 03/08/2010 01:59:26 - System Checkpoint
RP269: 05/08/2010 15:01:08 - System Checkpoint
RP270: 06/08/2010 16:39:44 - System Checkpoint
RP271: 08/08/2010 01:57:33 - System Checkpoint
RP272: 09/08/2010 22:47:56 - System Checkpoint
RP273: 10/08/2010 21:44:36 - Software Distribution Service 3.0
RP274: 17/08/2010 22:10:39 - System Checkpoint
RP275: 18/08/2010 22:13:45 - System Checkpoint
RP276: 20/08/2010 15:58:14 - System Checkpoint
RP277: 24/08/2010 17:44:28 - System Checkpoint
RP278: 26/08/2010 00:11:20 - Avg Update
RP279: 26/09/2010 11:06:21 - System Checkpoint
RP280: 26/09/2010 11:38:17 - Software Distribution Service 3.0
RP281: 03/09/2010 04:29:56 - System Checkpoint
RP282: 04/09/2010 05:20:29 - System Checkpoint
RP283: 07/09/2010 01:13:59 - System Checkpoint
RP284: 08/09/2010 01:29:14 - System Checkpoint
RP285: 08/09/2010 19:25:59 - Removed Java(TM) 6 Update 16
RP286: 08/09/2010 22:11:28 - Removed Java(TM) 6 Update 17
RP287: 08/09/2010 22:27:01 - Installed Java(TM) 6 Update 21

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.4
Alarm Clock v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
µTorrent
AVG Free 9.0
BatteryLifeExtender
Bonjour
CCleaner
Easy Display Manager
Easy Network Manager
Easy Resolution Manager
Facebook Plug-In
Free Mp3 Wma Converter V 1.9
GOM Player
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Magic FLAC to MP3 Converter 3.72
Magic Keyboard
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.9)
MPEG2 Codec(libmpeg2/mad)
MyDefrag v4.2.6
Namuga 1.3M Webcam
OpenOffice.org 3.1
Paint.NET v3.5.3
proXPN 2.2.7
QuickTime
Realtek High Definition Audio Driver
Rosetta Stone Version 3
Samsung Battery Manager
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Search Settings v1.2.3
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skype Toolbars
Skype™ 4.2
SmartSync LT - Fix device error
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
VobSub v2.23 (Remove Only)
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

28/09/2010 12:11:27, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MAC002332CA10FC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ECC4AD0A-D5F. The master browser is stopping or an election is being forced.
28/09/2010 12:05:52, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is PC-200911201232.
28/09/2010 11:50:52, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.102. The machine with the IP address 192.168.1.127 did not allow the name to be claimed by this machine.
28/09/2010 00:33:52, error: Dhcp [1002] - The IP address lease 192.168.1.141 for the Network Card with network address 0026B6203DD0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
26/09/2010 11:53:43, error: W32Time [34] - The time service has detected that the system time needs to be changed by -2678397 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.141:123->207.46.197.32:123) is working properly.
26/09/2010 11:38:57, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 9/8/2010 5:19 PM (GMT +2)    Quote: Trojan HorseAlert an admin about: Trojan Horse
Please download combofix:  Here
Save it to Desktop.
 
 

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.
Usually located in c:\combofix.txt, please post it to your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.



Please read:  Forum Rules
Click here:   Before-posting-a-log
 
 

 

Back to Top
 

Sinks Ships
New Member


Date Joined Sep 2010
Total Posts : 4
 
   Posted 9/8/2010 6:45 PM (GMT +2)    Quote: Trojan HorseAlert an admin about: Trojan Horse
OK, done!

ComboFix 10-09-07.01 - Rozi 09/09/2010 0:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.708 [GMT 8:00]
Running from: c:\documents and settings\Rozi\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Rozi\LOCALS~1\Temp\E_N4
c:\docume~1\Rozi\LOCALS~1\Temp\E_N4\dp1.fne
c:\docume~1\Rozi\LOCALS~1\Temp\E_N4\eAPI.fne
c:\docume~1\Rozi\LOCALS~1\Temp\E_N4\eCompress.fne
c:\docume~1\Rozi\LOCALS~1\Temp\E_N4\HtmlView.fne
c:\docume~1\Rozi\LOCALS~1\Temp\E_N4\krnln.fnr
c:\docume~1\Rozi\LOCALS~1\Temp\E_N4\shell.fne
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-28 02:19 . 2001-08-17 14:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-09-28 02:19 . 2001-08-17 14:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-09-28 02:19 . 2001-08-17 14:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-09-28 02:19 . 2001-08-17 14:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-09-28 02:19 . 2001-08-17 06:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-09-28 02:19 . 2001-08-17 06:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-09-28 02:19 . 2001-08-17 06:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-09-28 02:19 . 2001-08-17 06:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-09-28 02:19 . 2001-08-17 06:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-09-28 02:19 . 2001-08-17 06:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-09-28 02:19 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-09-28 02:19 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-09-28 01:48 . 2010-09-28 01:48 503808 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-23b40ecb-n\msvcp71.dll
2010-09-28 01:48 . 2010-09-28 01:48 499712 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-23b40ecb-n\jmc.dll
2010-09-28 01:48 . 2010-09-28 01:48 348160 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-23b40ecb-n\msvcr71.dll
2010-09-28 01:48 . 2010-09-28 01:48 61440 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2ff25c0e-n\decora-sse.dll
2010-09-28 01:48 . 2010-09-28 01:48 12800 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2ff25c0e-n\decora-d3d.dll
2010-09-27 05:39 . 2010-09-27 05:58 -------- d-----w- c:\documents and settings\Rozi\Local Settings\Application Data\Temp
2010-09-27 05:39 . 2010-09-27 05:59 -------- d-----w- c:\documents and settings\Rozi\Local Settings\Application Data\Google
2010-09-08 15:49 . 2010-09-08 15:49 100157 ----a-w- c:\documents and settings\Rozi\Application Data\CBS Interactive\CNET TechTracker\uninst.exe
2010-09-08 15:49 . 2010-09-08 15:49 -------- d-----w- c:\documents and settings\Rozi\Application Data\CBS Interactive
2010-09-08 15:43 . 2010-09-08 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-09-08 15:33 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-08 15:33 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-08 15:33 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-08 15:33 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-08 15:33 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-08 15:33 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-08 15:33 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-08 15:32 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-08 15:31 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-08 15:31 . 2010-09-08 15:31 -------- d-----w- c:\program files\Alwil Software
2010-09-08 15:31 . 2010-09-08 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-08 15:30 . 2010-09-08 15:30 -------- d-----w- c:\program files\COMODO
2010-09-08 14:30 . 2010-09-08 14:30 -------- d-----w- c:\program files\Trend Micro
2010-09-08 14:28 . 2010-09-08 14:28 -------- d-----w- c:\program files\Common Files\Java
2010-09-08 14:09 . 2010-09-08 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-09-08 11:20 . 2010-09-08 11:20 -------- d-----w- c:\documents and settings\Rozi\Application Data\Malwarebytes
2010-09-08 11:19 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-08 11:19 . 2010-09-08 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-08 11:19 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-08 11:19 . 2010-09-08 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 19:08 . 2010-09-03 19:08 2618368 ----a-w- c:\documents and settings\Rozi\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
2010-09-01 15:04 . 2010-09-08 14:16 -------- d-----w- c:\windows\system32\4FBC81
2010-09-01 15:04 . 2010-09-06 11:19 -------- d-----w- c:\windows\system32\8DB54C
2010-09-01 15:04 . 2010-09-06 11:19 -------- d-----w- c:\windows\system32\F8FFED
2010-09-01 15:04 . 2010-09-08 16:11 -------- d-----w- c:\windows\system32\686ADB
2010-08-30 02:50 . 2010-08-30 02:51 -------- d-----w- c:\program files\proXPN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 03:36 . 2010-01-31 04:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-08 16:07 . 2009-12-12 07:48 -------- d-----w- c:\documents and settings\Rozi\Application Data\skypePM
2010-09-08 15:25 . 2010-06-15 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-09-08 15:16 . 2009-12-12 07:39 -------- d-----w- c:\documents and settings\Rozi\Application Data\Skype
2010-09-08 14:27 . 2010-06-11 13:21 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 11:27 . 2009-12-12 06:39 -------- d-----w- c:\program files\Java
2010-09-08 11:00 . 2009-12-14 01:55 -------- d-----w- c:\program files\CCleaner
2010-09-08 04:32 . 2009-12-12 06:19 -------- d-----w- c:\documents and settings\Rozi\Application Data\uTorrent
2010-08-30 02:01 . 2009-12-12 06:25 -------- d-----w- c:\documents and settings\Rozi\Application Data\Apple Computer
2010-08-16 23:24 . 2010-01-25 09:55 1 ----a-w- c:\documents and settings\Rozi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-21 02:14 . 2010-07-21 02:14 -------- d-----w- c:\program files\Common Files\Skype
2010-07-15 02:08 . 2010-07-15 02:08 63827 ----a-w- c:\documents and settings\Rozi\Application Data\CBS Interactive\CNET TechTracker\zlib.dll
2010-07-15 02:07 . 2010-07-15 02:07 81920 ----a-w- c:\documents and settings\Rozi\Application Data\CBS Interactive\CNET TechTracker\xmltok.dll
2010-07-15 02:07 . 2010-07-15 02:07 61440 ----a-w- c:\documents and settings\Rozi\Application Data\CBS Interactive\CNET TechTracker\xmlparse.dll
2010-06-30 12:31 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-06-23 02:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-03-31 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-03-31 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 18:44 . 2010-06-17 18:44 50354 ----a-w- c:\documents and settings\Rozi\Application Data\Facebook\uninstall.exe
2010-06-17 17:10 . 2010-06-17 17:10 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-17 14:03 . 2003-03-31 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-12-11 14:59 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 13:21 . 2010-06-11 13:21 503808 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-490d47b3-n\msvcp71.dll
2010-06-11 13:21 . 2010-06-11 13:21 499712 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-490d47b3-n\jmc.dll
2010-06-11 13:21 . 2010-06-11 13:21 348160 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-490d47b3-n\msvcr71.dll
2010-06-11 13:21 . 2010-06-11 13:21 61440 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3dcc9526-n\decora-sse.dll
2010-06-11 13:21 . 2010-06-11 13:21 12800 ----a-w- c:\documents and settings\Rozi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3dcc9526-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BatteryLifeExtender"="c:\program files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe" [2009-03-13 550912]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
"Google Update"="c:\documents and settings\Rozi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-27 136176]
"proXPN"="c:\program files\proXPN\bin\proxpn.exe" [2010-07-08 596008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 17508864]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2009-02-17 141848]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2009-02-17 166424]
"Persistence"="c:\windows\System32\igfxpers.exe" [2009-02-17 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2010-04-20 300912]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"BaalInsuExec"="c:\windows\system32\Baal\EtEngine.exe" [2008-12-16 65536]
"RunPatch"="c:\windows\RunPatch.exe" [2010-02-09 1745920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\Baal\\ETEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/09/2010 23:33 165584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [04/06/2010 11:55 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [01/06/2010 19:00 25240]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [07/01/2010 23:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/09/2010 23:33 17744]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [11/12/2009 23:20 4300]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [31/03/2003 20:00 14336]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [11/12/2009 23:17 238464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/12/2009 23:11 1684736]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [01/08/2006 14:57 19840]
S3 Usbnic;OTi Network Driver Module;c:\windows\system32\drivers\Usbnic.sys [13/12/2009 18:19 18184]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/06/2010 01:10 697328]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CMDAGENT
*NewlyCreated* - CMDGUARD
*NewlyCreated* - CMDHLP
*NewlyCreated* - INSPECT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:34]

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1336601894-682003330-1003Core.job
- c:\documents and settings\Rozi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-27 05:39]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1336601894-682003330-1003UA.job
- c:\documents and settings\Rozi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-27 05:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} - hxxp://support.kornet.net/sw5/order/Speed/cab/KTSpeedNewCtrl.cab
FF - ProfilePath - c:\documents and settings\Rozi\Application Data\Mozilla\Firefox\Profiles\c7fua2fi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.guardian.co.uk/
FF - component: c:\documents and settings\Rozi\Application Data\Mozilla\Firefox\Profiles\c7fua2fi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Rozi\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Rozi\Application Data\Mozilla\Firefox\Profiles\c7fua2fi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Rozi\Application Data\Mozilla\Firefox\Profiles\c7fua2fi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Rozi\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 00:38
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, Z!!!enFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-09 00:41:44
ComboFix-quarantined-files.txt 2010-09-08 16:41

Pre-Run: 10,837,934,080 bytes free
Post-Run: 11,009,003,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - C40B9B74763E381C62FB5642D6C4F438
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 9/9/2010 9:18 AM (GMT +2)    Quote: Trojan HorseAlert an admin about: Trojan Horse
Open notepad and copy/paste the text in the codebox below into it:
Name the file as CFScript
and Save it on the desktop
 
 

Snapshot::
Folder::
c:\windows\system32\4FBC81
c:\windows\system32\8DB54C
c:\windows\system32\F8FFED
c:\windows\system32\686ADB
c:\documents and settings\Rozi\Application Data\uTorrent
 
 
 
 
Once saved drag CFScript.txt into ComboFix.exe.
 
 
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please post it to your next reply.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
 

 

Back to Top
 
You cannot post new topics in this forum. Post reply to : Trojan Horse Printable version of : Trojan Horse
 
Forum Information
Currently it is Friday, November 28, 2014 4:20 PM (GMT +2)
There are a total of 60,789 posts in 13,357 threads.
In the last 3 days there were 7 new threads and 12 reply posts. View Active Threads
Who's Online
This forum has 36874 registered members. Please welcome our newest member, dinjy.
11 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
C:\windows\system32\gaopdxtsmxikxl.dll trojan...can't remove (9)11/28/2014 12:56:12 PM (dinjy)
Stilhaus Kitchens Reviews (0)11/28/2014 12:34:09 PM (ASDFGH)
Amazon infected download (5)11/28/2014 10:51:06 AM (never54)
Stilhaus Kitchens Reviews (0)11/28/2014 6:22:41 AM (forumbaru)
Is there a future for the Forum? (7)11/27/2014 3:26:01 PM (Dickens)