Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/worm/malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 CheddarCheese

CheddarCheese

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 27 July 2008 - 12:59 PM

Hi All,

well I was stupid enough to trust a file a friend gave me and now I seem to be infected with god knows what. I've ran Spybot twice and it has removed some elements but the infection is still there. I have just ran ComboFix and it did seem to clear some things also but just this minute my anti-virus program (AVAST Home) has just reported another virus in memory. Spybot detected the following:
26.07.2008 23:50:29 - ##### check started #####
26.07.2008 23:50:29 - ### Version: 1.4
26.07.2008 23:50:29 - ### Date: 26/07/2008 23:50:29
26.07.2008 23:50:31 - ##### checking bots #####
26.07.2008 23:54:10 - found: GrokLoader Settings
27.07.2008 00:10:13 - found: Win32.Agent.frl Settings
27.07.2008 00:48:53 - found: AdRevolver Tracking cookie (Internet Explorer: ChrisSilke)
27.07.2008 00:48:55 - found: MediaPlex Tracking cookie (Internet Explorer: ChrisSilke)
27.07.2008 00:48:56 - found: AdRevolver Tracking cookie (Internet Explorer: ChrisSilke)
27.07.2008 00:48:58 - found: Statcounter Tracking cookie (Internet Explorer: ChrisSilke)
27.07.2008 00:48:58 - found: TagASaurus Tracking cookie (Internet Explorer: ChrisSilke)
27.07.2008 00:49:01 - found: MediaPlex Tracking cookie (Internet Explorer: ChrisSilke)
27.07.2008 00:49:02 - found: AdRevolver Tracking cookie (Internet Explorer: ChrisSilke)
27.07.2008 00:49:02 - found: DoubleClick Tracking cookie (Internet Explorer: ChrisSilke)
27.07.2008 00:49:13 - ##### check finished #####

--- Report generated: 2008-07-27 18:32 ---

Win32.Banker.aipy.rtk: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmandrv

Win32.Banker.aipy.rtk: Library (File, nothing done)
C:\WINDOWS\system32\qmopt.dll


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-07-15 Includes\Adware.sbi (*)
2008-07-15 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-07-07 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-07-10 Includes\Hijackers.sbi (*)
2008-07-08 Includes\HijackersC.sbi (*)
2008-07-15 Includes\Keyloggers.sbi (*)
2008-07-15 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-07-23 Includes\Malware.sbi (*)
2008-07-23 Includes\MalwareC.sbi (*)
2008-07-15 Includes\PUPS.sbi (*)
2008-07-22 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-07-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-07-11 Includes\Spyware.sbi (*)
2008-07-15 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-07-23 Includes\Trojans.sbi (*)
2008-07-22 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

Apologies for including this as I know you are supposed to be asked first but I figured it may save some time. Combo Fix Log:
ComboFix 08-07-27.1 - ChrisSilke 2008-07-27 19:18:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.173 [GMT 2:00]
Running from: C:\Documents and Settings\ChrisSilke\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ChrisSilke\Desktop\WinXP_EN_PRO_BF.EXE
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\70534.exe
C:\WINDOWS\system32\byXNghEV.dll
C:\WINDOWS\system32\kcopt.dll
C:\WINDOWS\system32\KernelDrv.exe
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\lanmandrv.sys
C:\WINDOWS\system32\ljJAQJYQ.dll
C:\WINDOWS\system32\qsAdLRqr.ini
C:\WINDOWS\system32\qsAdLRqr.ini2
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll

----- BITS: Possible infected sites -----

http://www.graboid.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LANMANDRV


((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-27 12:57 . 2008-07-27 12:58 323,584 --a------ C:\WINDOWS\system32\rqRLdAsq.dll
2008-07-26 17:25 . 2008-07-26 20:21 24 ---hs---- C:\WINDOWS\S2EEEC5FF.tmp
2008-07-26 17:13 . 2008-07-26 17:15 <DIR> d-------- C:\Program Files\FairUse Wizard 2
2008-07-25 18:15 . 2008-07-25 18:15 <DIR> d-------- C:\Program Files\StaxRip
2008-07-25 18:06 . 2008-07-25 18:06 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-25 18:06 . 2008-07-25 18:06 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-25 18:06 . 2008-07-25 18:06 <DIR> d-------- C:\Program Files\MSBuild
2008-07-25 18:05 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-07-24 22:52 . 2008-07-24 22:52 <DIR> d-------- C:\Program Files\ConvertHelper
2008-07-24 22:47 . 2008-07-24 22:49 <DIR> d-------- C:\Documents and Settings\ChrisSilke\dwhelper
2008-07-22 21:03 . 2008-07-22 21:03 <DIR> d-------- C:\Documents and Settings\ChrisSilke\torrentfiles
2008-07-22 21:03 . 2008-07-22 21:27 <DIR> d-------- C:\Documents and Settings\ChrisSilke\Application Data\deluge
2008-07-22 21:02 . 2008-07-25 20:11 <DIR> d-------- C:\Python25
2008-07-22 18:04 . 2008-07-22 18:04 <DIR> d-------- C:\Program Files\Common Files\Cadsoft
2008-07-22 18:03 . 2008-07-22 18:03 <DIR> d-------- C:\Program Files\IMSIDesign
2008-07-22 18:03 . 2008-07-22 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IMSIDesign
2008-07-22 18:03 . 2008-07-22 18:03 0 --a------ C:\WINDOWS\system32\_r_a_p_.tmp
2008-07-22 17:39 . 2008-07-22 18:08 <DIR> d-------- C:\Program Files\TurboFLOORPLAN Home & Landscape Pro
2008-07-22 16:42 . 2008-07-22 16:42 <DIR> d-------- C:\Program Files\Google
2008-07-18 01:46 . 2006-08-10 03:02 75,264 --a------ C:\WINDOWS\system32\E_FLBBNE.DLL
2008-07-18 01:46 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BBNE.DLL
2008-07-18 01:46 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-07-18 01:45 . 2008-07-18 01:45 <DIR> d-------- C:\Program Files\EPSON
2008-07-18 01:45 . 2008-07-18 01:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-07-18 01:42 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-18 01:42 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-17 09:55 . 2008-07-17 09:55 244 --ah----- C:\sqmnoopt16.sqm
2008-07-17 09:55 . 2008-07-17 09:55 232 --ah----- C:\sqmdata16.sqm
2008-07-16 15:29 . 2008-07-26 23:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-16 15:29 . 2008-07-16 15:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-13 21:53 . 2008-07-13 21:56 <DIR> d-------- C:\Documents and Settings\ChrisSilke\Application Data\Creative
2008-07-12 21:39 . 2008-07-12 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-07-12 21:28 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-07-12 21:26 . 1999-06-25 11:55 149,504 --a------ C:\WINDOWS\UNWISE.EXE
2008-07-12 21:26 . 2003-10-17 02:00 32,768 --a------ C:\WINDOWS\system32\Jb4Inst.crl
2008-07-12 21:18 . 2008-07-17 09:39 <DIR> d-------- C:\Program Files\Creative
2008-06-27 22:02 . 2008-07-22 21:41 <DIR> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 21:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-26 21:26 --------- d-----w C:\Program Files\SlySoft
2008-07-26 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-26 15:45 --------- d-----w C:\Documents and Settings\ChrisSilke\Application Data\uTorrent
2008-07-25 17:09 --------- d-----w C:\Documents and Settings\ChrisSilke\Application Data\gtk-2.0
2008-07-25 16:09 --------- d-----w C:\Program Files\DivX
2008-07-25 15:45 --------- d-----w C:\Documents and Settings\ChrisSilke\Application Data\Pegasys Inc
2008-07-22 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 07:54 --------- d-----w C:\Program Files\MSN Messenger
2008-07-07 17:54 --------- d-----w C:\Documents and Settings\ChrisSilke\Application Data\Vso
2008-07-03 20:03 --------- d-----w C:\Program Files\LimeWire
2008-07-02 20:00 --------- d-----w C:\Program Files\LCleaner
2008-06-24 19:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-24 16:39 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-06-24 16:38 --------- d-----w C:\Program Files\MSECache
2008-06-21 20:06 --------- d-----w C:\Program Files\Sun
2008-06-21 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Launcher
2008-06-20 18:26 --------- d-----w C:\Documents and Settings\ChrisSilke\Application Data\Azureus
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 18:05 36,840 ----a-w C:\Documents and Settings\ChrisSilke\Application Data\GDIPFONTCACHEV1.DAT
2008-06-18 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Graboid Inc
2008-06-18 19:27 --------- d-----w C:\Documents and Settings\ChrisSilke\Application Data\MozillaControl
2008-06-18 19:26 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-18 19:26 --------- d-----w C:\Program Files\Graboid
2008-06-18 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-18 18:36 --------- d-----w C:\Program Files\Vuze
2008-06-16 20:16 --------- d-----w C:\Documents and Settings\ChrisSilke\Application Data\Nero
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 18:20 --------- d-----w C:\Program Files\DVDFab 5
2008-06-06 17:24 --------- d-----w C:\Program Files\Handbrake
2008-06-03 18:51 --------- d-----w C:\Program Files\Wondershare
2008-06-03 18:30 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-03 18:26 --------- d-----w C:\Program Files\Nero
2008-05-31 18:07 --------- d-----w C:\Program Files\PowerQuest
2008-05-31 00:42 55,520 ----a-w C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-05-31 00:42 42,048 ----a-w C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-05-24 17:50 0 ----a-w C:\Documents and Settings\ChrisSilke\Application Data\wklnhst.dat
2007-05-09 20:15 87,608 ----a-w C:\Documents and Settings\ChrisSilke\Application Data\ezpinst.exe
2007-05-09 20:15 47,360 ----a-w C:\Documents and Settings\ChrisSilke\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08F5E1AC-DAA9-42A9-A171-1BDE55A6E818}]
2008-07-27 12:58 323584 --a------ C:\WINDOWS\system32\rqRLdAsq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-03-22 13:57 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-03-22 13:53 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 16:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 16:24 688218]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 14:39 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2006-12-26 23:26 106496 C:\WINDOWS\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingn28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winho28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjw28.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-09-13 12:12 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R265 Series]
--a------ 2006-05-19 05:00 139264 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBNE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2006-04-12 16:15 1261475 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"RioMSC"=2 (0x2)
"LxrSII1s"=2 (0x2)
"de_serv"=3 (0x3)
"DefWatch"=2 (0x2)
"Bonjour Service"=2 (0x2)
"aawservice"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"BlueSoleil Hid Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\T-Mobile\\Communication Center\\AutoUpdateSrv.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\WINDOWS\\system32\\dmremote.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:RPC

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-05-31 02:42]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-05-31 02:42]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2005-05-19 16:48]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 15:52]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\CHRISS~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 G3GRUMDM;G3G R USB Modem;C:\WINDOWS\system32\DRIVERS\g3grumdm.sys [2005-06-10 11:52]
S3 G3GRUSER;G3G R USB Serial;C:\WINDOWS\system32\DRIVERS\g3gruser.sys [2005-06-10 11:52]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2003-07-02 18:15]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 19:27:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-07-27 19:37:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-27 17:37:34

Pre-Run: 7,213,015,040 bytes free
Post-Run: 7,090,409,472 bytes free

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

255 --- E O F --- 2008-07-24 21:01:24


Cheers for any help it would be most appreciated. As this is my main computer I dare not read my email etc until I know its clean.

Chris

BC AdBot (Login to Remove)

 


m

#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 08 August 2008 - 12:31 PM

Hello CheddarCheese,

I apologise for the delay, the forum is too busy.
If you still need help, post a HijackThis log as per my instructions below.
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:13 PM

Posted 14 August 2008 - 12:54 AM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users