Jump to content

Just been infected with Trojan


Recommended Posts

Hi there ,

Realise you guys are way busy at the moment , i been screwed over the last few days with a nasty Trojan that would not let me open any AV program malabytes anything, it also kept redirecting my browser to obscure sites and not what i wanted. Anyway I done a fresh wipe and reinstall, Everythis was great and last night I got the thing again (I know what website its on now and what music file not to download :/ ) Anyway done some searching followed some advice and ran a program called Avenger which deleted the file that was stopping me load any AV program. I ran Malabytes and a host of others and removed them. Working great now but today I picked up a trojan but it got removed and healed so something could still be in my system. Here is logs if somebody has time to take a quick peek , i would appreciate

Thanks

ComboFix 09-08-06.01 - Robsta 07/08/2009 17:35.1.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3311.2506 [GMT 1:00]

Running from: e:\various program downloads\New Program Files\PC scanning tools\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\run.log

c:\windows\system32\Data

c:\windows\system32\Drivers\ikdkgg.sys

c:\windows\system32\Drivers\owbuc.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))

.

2009-08-07 16:21 . 2009-08-07 16:21 -------- d-----w- c:\program files\Trend Micro

2009-08-07 16:04 . 2009-08-07 16:04 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2009-08-07 16:04 . 2009-08-07 16:10 54 ----a-w- c:\windows\system32\rp_stats.dat

2009-08-07 16:04 . 2009-08-07 16:10 39 ----a-w- c:\windows\system32\rp_rules.dat

2009-08-07 14:29 . 2009-08-07 14:29 -------- d-----w- c:\program files\VDJ5

2009-08-06 20:53 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-06 20:53 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-06 20:52 . 2009-08-07 15:08 -------- d--h--w- C:\$AVG8.VAULT$

2009-08-06 20:34 . 2009-08-06 20:34 0 ----a-w- C:\backup.reg

2009-08-06 20:24 . 2009-08-06 20:24 -------- d-sh--w- c:\documents and settings\Administrator.ROBSTA-197410GB\IECompatCache

2009-08-06 20:16 . 2009-08-06 20:16 -------- d-sh--w- c:\documents and settings\Administrator.ROBSTA-197410GB\PrivacIE

2009-08-06 18:00 . 2009-08-07 16:10 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2009-08-06 17:56 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-08-06 17:44 . 2009-08-06 17:44 -------- d-sh--w- c:\documents and settings\Administrator.ROBSTA-197410GB\IETldCache

2009-08-06 17:28 . 2009-08-06 17:28 -------- d-----w- c:\windows\Sun

2009-08-05 21:04 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2009-08-05 21:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-08-05 21:01 . 2004-06-15 06:00 7680 ----a-w- c:\windows\system32\CNMVS61.DLL

2009-08-05 21:01 . 2004-06-15 06:00 116736 ----a-w- c:\windows\system32\CNMLM61.DLL

2009-08-05 21:01 . 2004-06-04 16:34 86016 ----a-w- c:\windows\system32\CNMCP61.exe

2009-08-05 21:01 . 2009-08-05 21:01 -------- d--h--w- C:\BJPrinter

2009-08-05 20:29 . 2000-06-26 10:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll

2009-08-05 20:29 . 2001-06-26 07:15 38912 ------w- c:\windows\system32\picn20.dll

2009-08-05 20:28 . 2001-07-06 11:44 544768 ------w- c:\windows\system32\imagx5.dll

2009-08-05 20:28 . 2001-07-06 17:24 283920 ------w- c:\windows\system32\ImagXpr5.dll

2009-08-05 20:28 . 2001-07-06 13:41 569344 ------w- c:\windows\system32\imagr5.dll

2009-08-05 20:28 . 2009-08-05 20:32 -------- d-----w- c:\program files\Common Files\Ahead

2009-08-05 20:28 . 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2009-08-05 20:28 . 2009-08-05 20:29 -------- d-----w- c:\program files\Ahead

2009-08-05 20:08 . 2009-08-07 14:46 -------- d-----w- c:\documents and settings\Robsta\Application Data\BitTorrent

2009-08-05 20:08 . 2009-08-05 20:08 -------- d-----w- c:\program files\BitTorrent

2009-08-05 19:40 . 2009-08-05 19:39 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-08-05 19:39 . 2009-08-05 19:39 -------- d-----w- c:\program files\Java

2009-08-05 19:39 . 2009-08-05 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-08-05 19:39 . 2009-08-05 20:16 -------- d-----w- c:\program files\NOS

2009-08-05 19:39 . 2009-08-05 19:39 152576 ----a-w- c:\documents and settings\Robsta\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-05 18:13 . 2009-08-05 20:41 -------- d-----w- c:\program files\mIRC

2009-08-05 18:09 . 2009-08-05 18:09 -------- d-----w- c:\program files\Virtual DJ Studio

2009-08-05 18:07 . 2005-11-30 21:20 2314332 ----a-w- c:\windows\system32\LIBMMD.DLL

2009-08-05 17:56 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2009-08-05 17:55 . 2009-08-05 17:55 -------- d-----w- c:\program files\Microsoft Works

2009-08-05 17:55 . 2009-08-05 17:55 -------- d-----w- c:\program files\MSBuild

2009-08-05 17:52 . 2009-08-05 17:55 -------- d-----w- c:\windows\SHELLNEW

2009-08-05 17:52 . 2009-08-05 17:52 -------- d-----w- c:\documents and settings\Robsta\Local Settings\Application Data\Microsoft Help

2009-08-05 17:52 . 2009-08-05 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-05 17:52 . 2009-08-05 17:52 -------- d--h--r- C:\MSOCache

2009-08-05 17:45 . 2009-08-05 17:45 -------- d-----w- c:\documents and settings\Robsta\Application Data\Windows Search

2009-08-05 17:40 . 2009-08-05 17:40 -------- d-----w- c:\documents and settings\Robsta\Local Settings\Application Data\Identities

2009-08-05 17:40 . 2009-08-05 17:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-08-05 17:40 . 2009-08-05 20:16 -------- d-----w- c:\program files\Windows Desktop Search

2009-08-05 17:40 . 2009-08-05 17:40 -------- d-----w- c:\windows\system32\GroupPolicy

2009-08-05 17:40 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2009-08-05 17:40 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2009-08-05 17:40 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2009-08-05 17:39 . 2009-08-05 17:39 -------- d-----w- c:\program files\Windows Media Connect 2

2009-08-05 17:38 . 2009-08-05 17:39 -------- d-----w- c:\windows\system32\drivers\UMDF

2009-08-05 17:38 . 2009-08-05 17:38 -------- d-----w- c:\windows\system32\LogFiles

2009-08-05 17:38 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-08-05 17:19 . 2009-08-05 17:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-08-05 17:08 . 2009-08-05 17:08 -------- d-----w- c:\windows\system32\scripting

2009-08-05 17:08 . 2009-08-05 17:08 -------- d-----w- c:\windows\system32\en

2009-08-05 17:08 . 2009-08-05 17:08 -------- d-----w- c:\windows\l2schemas

2009-08-05 17:08 . 2009-08-05 17:08 -------- d-----w- c:\windows\system32\bits

2009-08-05 17:06 . 2009-08-05 17:08 -------- d-----w- c:\windows\ServicePackFiles

2009-08-05 17:02 . 2009-08-05 17:02 -------- d-----w- c:\windows\EHome

2009-08-05 16:41 . 2009-08-05 17:40 -------- d-----w- c:\windows\ie8updates

2009-08-05 16:40 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-08-05 16:40 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-08-05 16:40 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-08-05 16:40 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-08-05 16:40 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-08-05 16:32 . 2009-08-05 16:32 -------- d-sh--w- c:\documents and settings\Robsta\IECompatCache

2009-08-05 16:32 . 2009-08-05 16:32 -------- d-sh--w- c:\documents and settings\Robsta\PrivacIE

2009-08-05 16:31 . 2009-08-05 16:31 -------- d-sh--w- c:\documents and settings\Robsta\IETldCache

2009-08-05 16:29 . 2009-08-05 16:29 -------- dc-h--w- c:\windows\ie8

2009-08-05 16:20 . 2009-08-05 16:20 -------- d-----w- C:\9255d1afcc709e42dc7a9a

2009-08-05 16:16 . 2004-08-03 21:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2009-08-05 16:02 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-08-05 16:02 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-08-05 16:01 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-08-05 16:01 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-08-05 16:01 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-08-05 16:01 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2009-08-05 16:01 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-08-05 16:01 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-08-05 16:01 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-08-05 16:01 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-08-05 16:01 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-08-05 16:01 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-08-05 16:01 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-08-05 16:01 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-08-05 15:56 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-08-05 15:56 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-08-05 15:55 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-08-05 15:55 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-08-05 15:53 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-08-05 15:52 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2009-08-05 15:52 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-08-05 15:51 . 2009-08-05 16:00 -------- d-----w- c:\documents and settings\Robsta\Application Data\mIRC

2009-08-04 23:13 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-08-04 23:13 . 2009-08-04 23:13 -------- d-----w- c:\documents and settings\Robsta\Application Data\Malwarebytes

2009-08-04 23:13 . 2009-08-06 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-04 23:13 . 2009-08-04 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-04 23:12 . 2009-08-04 23:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-08-04 23:12 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe

2009-08-04 23:12 . 2009-08-04 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-08-04 23:12 . 2009-08-04 23:12 -------- d-----w- c:\program files\Lavasoft

2009-08-04 23:09 . 2009-08-04 23:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-04 23:09 . 2009-08-04 23:09 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-08-04 23:09 . 2009-08-04 23:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-04 23:09 . 2009-08-04 23:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-04 23:09 . 2009-08-07 13:39 -------- d-----w- c:\windows\system32\drivers\Avg

2009-08-04 23:09 . 2009-08-04 23:09 -------- d-----w- c:\program files\AVG

2009-08-04 23:09 . 2009-08-04 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-08-04 23:05 . 2009-08-06 17:29 69240 ----a-w- c:\documents and settings\Robsta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-04 23:04 . 2009-08-04 23:04 -------- d-----w- c:\documents and settings\Robsta\Application Data\AVG8

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-06 20:39 . 2009-08-04 21:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-06 20:22 . 2009-08-06 20:22 8 ----a-w- c:\program files\bemucocw.txt

2009-08-05 21:07 . 2009-08-05 18:20 -------- d-----w- c:\program files\Winamp

2009-08-05 20:33 . 2009-08-04 21:49 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-05 20:20 . 2009-08-05 20:20 -------- d-----w- c:\program files\Common Files\MGI Shared

2009-08-05 20:20 . 2009-08-05 20:20 -------- d-----w- c:\program files\MGI

2009-08-05 20:20 . 2009-08-05 20:20 -------- d-----w- c:\documents and settings\Robsta\Application Data\MGI

2009-08-05 18:28 . 2009-08-05 18:20 -------- d-----w- c:\documents and settings\Robsta\Application Data\Winamp

2009-08-05 17:09 . 2009-08-04 21:41 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-08-04 22:45 . 2009-08-04 22:45 -------- d-----w- c:\program files\Belkin

2009-08-04 22:44 . 2009-08-04 22:44 -------- d-----w- c:\documents and settings\Robsta\Application Data\AdobeUM

2009-08-04 22:43 . 2009-08-04 22:43 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-04 22:20 . 2009-08-04 22:20 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-08-04 22:15 . 2009-08-04 21:48 -------- d-----w- c:\program files\Common Files\InstallShield

2009-08-04 22:13 . 2009-08-04 22:12 -------- d-----w- c:\program files\Creative

2009-08-04 22:04 . 2009-08-04 22:04 -------- d-----w- c:\program files\AGEIA Technologies

2009-08-04 21:57 . 2009-08-04 21:57 -------- d-----w- c:\program files\NVIDIA Corporation

2009-08-04 21:57 . 2009-08-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2009-08-04 21:52 . 2009-08-04 21:52 -------- d-----w- c:\program files\DIFX

2009-08-04 21:48 . 2009-08-04 21:48 -------- d-----w- c:\program files\VIA

2009-08-04 21:42 . 2009-08-04 21:42 -------- d-----w- c:\program files\microsoft frontpage

2009-08-04 21:39 . 2009-08-04 21:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-14 18:54 . 2009-08-04 21:57 485920 ----a-w- c:\windows\system32\nvudisp.exe

2009-07-14 18:54 . 2009-08-04 21:56 868352 ----a-w- c:\windows\system32\nvapi.dll

2009-07-14 18:54 . 2009-08-04 21:56 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-07-14 18:54 . 2009-08-04 21:56 2189856 ----a-w- c:\windows\system32\nvcuvid.dll

2009-07-14 18:54 . 2009-08-04 21:56 2002944 ----a-w- c:\windows\system32\nvcuda.dll

2009-07-14 18:54 . 2009-08-04 21:56 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-07-14 18:54 . 2009-08-04 21:56 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-07-14 18:54 . 2009-08-04 21:56 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-07-14 18:54 . 2009-08-04 21:56 10457088 ----a-w- c:\windows\system32\nvoglnt.dll

2009-07-14 18:54 . 2009-08-04 21:56 5842816 ----a-w- c:\windows\system32\nv4_disp.dll

2009-07-14 18:54 . 2009-08-04 21:56 1597690 ----a-w- c:\windows\system32\nvdata.bin

2009-07-14 12:34 . 2009-07-14 12:34 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-07-14 12:34 . 2009-07-14 12:34 8085504 ----a-w- c:\windows\system32\nvdispsr.dll

2009-07-14 12:34 . 2009-07-14 12:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll

2009-07-14 12:34 . 2009-07-14 12:34 4640768 ----a-w- c:\windows\system32\nvgamesr.dll

2009-07-14 12:34 . 2009-07-14 12:34 458752 ----a-w- c:\windows\system32\nvmccssr.dll

2009-07-14 12:34 . 2009-07-14 12:34 3547136 ----a-w- c:\windows\system32\nvgames.dll

2009-07-14 12:34 . 2009-07-14 12:34 2854912 ----a-w- c:\windows\system32\nvmoblsr.dll

2009-07-14 12:34 . 2009-07-14 12:34 188416 ----a-w- c:\windows\system32\nvmccss.dll

2009-07-14 12:34 . 2009-07-14 12:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-07-14 12:34 . 2009-07-14 12:34 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-07-14 12:34 . 2009-07-14 12:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

2009-07-14 12:34 . 2009-07-14 12:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll

2009-07-14 12:34 . 2009-07-14 12:34 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-07-10 06:01 . 2009-08-04 21:57 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-04 2000152]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Belkin Wireless Utility.lnk - c:\program files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe [2009-8-4 1523712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-04 23:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [05/08/2009 00:13 64160]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/08/2009 00:09 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [05/08/2009 00:09 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [05/08/2009 00:09 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/08/2009 00:09 297752]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 15:49 1029456]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [04/08/2009 23:45 17149]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-07 17:39

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3560)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2009-08-07 17:41 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-07 16:41

Pre-Run: 95,846,961,152 bytes free

Post-Run: 95,800,053,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

310 --- E O F --- 2009-08-05 17:49

Malwarebytes' Anti-Malware 1.40

Database version: 2574

Windows 5.1.2600 Service Pack 3

07/08/2009 17:03:43

mbam-log-2009-08-07 (17-03-43).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 143206

Time elapsed: 15 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:21:36, on 07/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\Rundll32.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.bat

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5847 bytes

Link to post
Share on other sites

PS i meant to say I have 3 AV type programs , AVG 8.0 Free, Malabytes and Ad-Aware Anniversary edition but for some reason ad-aware will not run at all. That makes me thing something is lurking about in there. I am trying to download superantispyware and wish to install that again. Is there an alternative to Ad-aware it dont seem great

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Since you appear to no longer be monitoring this post we will assume that you've already addressed the issue and no logner require assistance and we will close the post now.

If however you do still require assistance please send a private message to open the post again.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.