Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojan & Worm Infections Causing Start Up Error


  • Please log in to reply
6 replies to this topic

#1 Reg Ulatory

Reg Ulatory

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 11 September 2008 - 06:19 AM

First off, I have teenage sons, say no more. I did SpyBot, Ad-Aware and Stinger scans, and HiJack this. I also added Avast and a firewall in response (already had AVG).

The problem is I get a gray box command error that I can't click away without ctrl-alt-del terminating explorer.exe and restarting it.

This was the Stinger file:

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 BackDoor-ALI\par
BackDoor-AQJ\par
BackDoor-AQJ.b\par
BackDoor-CEB\par
BackDoor-CEB!bat\par
BackDoor-CEB!hosts\par
BackDoor-CEB.b\par
BackDoor-CEB.c\par
BackDoor-CEB.d\par
BackDoor-CEB.dll\par
BackDoor-CEB.dr\par
BackDoor-CEB.e\par
BackDoor-CEB.f\par
BackDoor-CEB.sys\par
BackDoor-CFB\par
BackDoor-JZ\par
BackDoor-JZ.dam\par
BackDoor-JZ.dr\par
BackDoor-JZ.gen\par
BackDoor-JZ.gen.b\par
Bat/Mumu.worm\par
Cleanup\par
CoreFlood\par
Coreflood!psexec\par
Coreflood.dldr\par
CoreFlood.dll\par
CoreFlood.dr\par
Danmec\par
Downloader-DN.a\par
Downloader-DN.b\par
Downloader-UA\par
Exploit-DcomRpc\par
Exploit-DcomRpc.b\par
Exploit-DcomRpc.dll\par
Exploit-Lsass\par
Exploit-Lsass.dll\par
Exploit-MS04-011\par
Exploit-MS04-011.gen\par
Exploit-MSExcel.k\par
Exploit-MSExcel.l\par
Exploit-MSExcel.m\par
Exploit-MSExcel.n\par
Exploit-MSExcel.o\par
Exploit-MSExcel.p\par
Exploit-PDF.b\par
FakeAlert-AO\par
Fribet\par
Generic!atr\par
HideWindow\par
HideWindow.dll\par
HTool-T2W\par
IPCScan\par
IRC/Flood.ap\par
IRC/Flood.ap.bat\par
IRC/Flood.ap.dr\par
IRC/Flood.bi\par
IRC/Flood.bi.dr\par
IRC/Flood.cd\par
JS/Downloader-AUE\par
NTServiceLoader\par
ProcKill\par
Proxy-Agent.af\par
Proxy-Agent.af.dr\par
PWS-Banker.dldr\par
PWS-FireMing\par
PWS-FireMing.dll\par
PWS-FireMing.dr\par
PWS-Gamania.gen.a\par
PWS-Narod\par
PWS-Narod.dll\par
PWS-Narod.gen\par
PWS-Sincom\par
PWS-Sincom.dll\par
PWS-Sincom.dr\par
rootkit\par
W32/Anig.worm\par
W32/Anig.worm.dll\par
W32/Bagle\par
W32/Bagle!eml.gen\par
W32/Bagle!pwdzip\par
W32/Bagle.ad!src\par
W32/Bagle.dldr\par
W32/Bagle.dll.dr\par
W32/Bagle.eml\par
W32/Bagle.fb!pwdzip\par
W32/Bagle.fc!pwdzip\par
W32/Bagle.fd!pwdzip\par
W32/Bagle.fe!pwdzip\par
W32/Bagle.fm.dldr\par
W32/Bagle.gen\par
W32/Bagle@MM!cpl\par
W32/Blaster.worm\par
W32/Blaster.worm.k\par
W32/Bropia.worm\par
W32/Bugbear\par
W32/Bugbear.a.dam\par
W32/Bugbear.b!data\par
W32/Bugbear.b.dam\par
W32/Bugbear.gen@MM\par
W32/Bugbear.h@MM\par
W32/Bugbear@MM\par
W32/Deborm.worm.ah\par
W32/Deborm.worm.gen\par
W32/Doomjuice.worm\par
W32/Dumaru\par
W32/Dumaru.ad@MM\par
W32/Dumaru.al.dll\par
W32/Dumaru.dll\par
W32/Dumaru.eml\par
W32/Dumaru.gen\par
W32/Dumaru.gen@MM\par
W32/Dumaru.w.gen\par
W32/Elkern.cav\par
W32/Elkern.cav.c\par
W32/Elkern.cav.c.dam\par
W32/Fizzer\par
W32/Fizzer.dll\par
W32/Fujacks!htm\par
W32/FunLove\par
W32/FunLove.apd\par
W32/Gaobot.worm\par
W32/Harwig.worm\par
W32/IRCbot\par
W32/IRCbot.worm\par
W32/IRCbot.worm.dll\par
W32/Klez\par
W32/Klez.dam\par
W32/Klez.eml\par
W32/Klez.gen.b@MM\par
W32/Klez.rar\par
W32/Korgo.worm\par
W32/Lirva\par
W32/Lirva.c.htm\par
W32/Lirva.eml\par
W32/Lirva.gen@MM\par
W32/Lirva.htm\par
W32/Lirva.txt\par
W32/Lovgate\par
W32/Mimail\par
W32/Mimail.c@MM\par
W32/Mimail.i!data\par
W32/Mimail.q@MM\par
W32/MoFei.worm\par
W32/MoFei.worm.dr\par
W32/Mumu.b.worm\par
W32/Mydoom\par
W32/Mydoom!bat\par
W32/Mydoom!ftp\par
W32/Mydoom.b!hosts\par
W32/Mydoom.dam\par
W32/Mydoom.t.dll\par
W32/Mytob\par
W32/Mytob.gen@MM\par
W32/Mytob.worm\par
W32/MyWife\par
W32/MyWife.dll\par
W32/MyWife@MM\par
W32/Nachi!tftpd\par
W32/Nachi.worm\par
W32/Netsky\par
W32/Netsky.af@MM\par
W32/Nimda\par
W32/Nimda.dam\par
W32/Nimda.eml\par
W32/Nimda.gen@MM\par
W32/Nimda.htm\par
W32/Nuwar\par
W32/Nuwar.dam\par
W32/Nuwar.sys\par
W32/Nuwar@MM\par
W32/Nuwar@MM!rar\par
W32/Pate\par
W32/Pate!dam\par
W32/Pate.dam\par
W32/Pate.dr\par
W32/Polip\par
W32/Polip!mem\par
W32/Polybot\par
W32/Polybot.bat\par
W32/Sasser.worm\par
W32/Sasser.worm!ftp\par
W32/Sdbot\par
W32/Sdbot!irc\par
W32/Sdbot.bat\par
W32/Sdbot.cli\par
W32/Sdbot.dll\par
W32/Sdbot.dr\par
W32/Sdbot.worm\par
W32/Sdbot.worm!ftp\par
W32/Sdbot.worm.bat.b\par
W32/Sdbot.worm.dr\par
W32/Sdbot.worm.gen\par
W32/Sdbot.worm.gen.a\par
W32/Sdbot.worm.gen.b\par
W32/Sdbot.worm.gen.c\par
W32/Sdbot.worm.gen.d\par
W32/Sdbot.worm.gen.e\par
W32/Sdbot.worm.gen.q\par
W32/Sober\par
W32/Sober!data\par
W32/Sober.dam\par
W32/Sober.eml\par
W32/Sober.f.dam\par
W32/Sober.g.dam\par
W32/Sober.q!spam\par
W32/Sober.r.dr\par
W32/Sober.r@MM\par
W32/Sobig\par
W32/Sobig.dam\par
W32/Sobig.eml\par
W32/Sobig.f.dam\par
W32/Sobig.gen@MM\par
W32/Spybot.worm\par
W32/SQLSlammer.worm\par
W32/Swen\par
W32/Swen@MM\par
W32/Virut\par
W32/Virut!mem\par
W32/Yaha.eml\par
W32/Yaha.gen@MM\par
W32/Yaha.y@MM\par
W32/Yaha@MM\par
W32/Zafi\par
W32/Zafi.b.dam\par
W32/Zindos.worm\par
W32/Zotob.worm\par
W32/Zotob.worm!hosts\par
}

This was the Hijack file (also attached):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:16 PM, on 10-Sep-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Dad\Desktop\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/openmanage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - D:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - D:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [DLCJCATS] rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA4574] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0069.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4144] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0051.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7235] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0051.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6159] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0050.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8820] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0050.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8300] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0048.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2601] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0048.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7782] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0049.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC473] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0049.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9345] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0047.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6761] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0047.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2754] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0043.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2852] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0043.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6333] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0044.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC667] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0044.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6840] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0045.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8964] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0045.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8854] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0046.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2026] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0046.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5262] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0042.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1256] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0042.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9796] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0041.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4676] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0041.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5550] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0040.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7544] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0040.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8540] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0039.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4905] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0039.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5350] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\cover.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7592] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\cover.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2649] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0031.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9418] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0031.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2381] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0029.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9791] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0029.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA247] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0038.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC859] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0038.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1002] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0027.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2538] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0027.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1813] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0030.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1886] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0032.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1096] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0032.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7051] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0034.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6278] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0034.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3343] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0025.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6556] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0025.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1274] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0028.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5967] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0028.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9702] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0035.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1208] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0035.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3274] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0036.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7861] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0036.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2908] command /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0037.jpg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2361] cmd /c del "D:\Documents and Settings\Mikey\Desktop\random files\older school\Augustus Project folder\Anna AP-Mist\MET-ART_deo_9_0037.jpg"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: avgw.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://D:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcj_device - Unknown owner - D:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - D:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

--
End of file - 16247 bytes

Can someone please help? Thanks so much for being here!

BC AdBot (Login to Remove)

 


#2 Reg Ulatory

Reg Ulatory
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 12 September 2008 - 07:20 AM

Added note: this morning Avast did a boot scan and moved several instances of Win32:urlbot [Trj] infected files to the chest.

Unfortunately, the command.pif gray box still persisted. I also get the numerous Spybot registry change notices e.g. System Startup global entry, Key deleted, SpybotDeletingA4144, command /c del "D:\Documents and Settings...jpg"

When I click through the OK button several times rapidly a black dos windows box pops up and vanishes a few times and my desktop is restored.

When you get a chance to respond, I'd appreciate it!

http://www.bleepingcomputer.com/forums/sty...default/dry.gif

Edited by Reg Ulatory, 12 September 2008 - 07:23 AM.


#3 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 25 September 2008 - 04:04 PM

Hi

Your hijackthis log is clean :thumbsup:

Those O4 - HKLM\..\RunOnce: [SpybotDeleting ... entries are not malicious, but they should only appear once, & not after a reboot ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#4 Reg Ulatory

Reg Ulatory
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 24 October 2008 - 05:30 PM

:thumbsup:

Malwarebytes' Anti-Malware 1.30
Database version: 1316
Windows 5.1.2600 Service Pack 2

24-Oct-08 6:27:13 PM
mbam-log-2008-10-24 (18-27-13).txt

Scan type: Quick Scan
Objects scanned: 83301
Time elapsed: 10 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Documents and Settings\Dan\Local Settings\Temp\laf25.tmp (Trojan.Zlob) -> Quarantined and deleted successfully.

#5 Reg Ulatory

Reg Ulatory
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 24 October 2008 - 05:56 PM

:thumbsup:

ComboFix 08-10-24.02 - Dad 2008-10-24 18:48:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.439 [GMT -4:00]
Running from: D:\Documents and Settings\Dad\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Dad\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\command.pif
D:\WINDOWS\system32\nvsvc32.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.

2008-10-24 18:12 . 2008-10-24 18:12 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 18:12 . 2008-10-24 18:12 <DIR> d-------- D:\Documents and Settings\Dad\Application Data\Malwarebytes
2008-10-24 18:12 . 2008-10-24 18:12 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-24 18:12 . 2008-10-22 16:28 38,496 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-24 18:12 . 2008-10-22 16:28 15,504 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-10-23 21:58 . 2008-10-23 21:59 <DIR> d-------- D:\Documents and Settings\Dan\Application Data\FUJIFILM
2008-10-09 21:10 . 2008-10-10 05:10 <DIR> d-------- D:\Documents and Settings\Dad\Application Data\WholeSecurity
2008-10-09 21:09 . 2008-10-09 21:09 <DIR> d-------- D:\Program Files\TI Education
2008-10-09 21:09 . 2008-10-09 21:09 <DIR> d-------- D:\Program Files\Common Files\TI Shared
2008-10-09 21:09 . 2004-02-04 10:27 49,536 --a------ D:\WINDOWS\system32\drivers\tiehdusb.sys
2008-10-09 21:09 . 2004-01-28 15:03 21,456 --a------ D:\WINDOWS\system32\drivers\SilvrLnk.sys
2008-10-07 15:01 . 2008-10-07 15:01 <DIR> d-------- D:\Documents and Settings\Mike.LIBRARY\Application Data\FUJIFILM
2008-10-06 21:34 . 2008-10-06 21:34 <DIR> d-------- D:\Documents and Settings\Mom\.thumbnails
2008-10-06 21:33 . 2008-10-06 21:34 <DIR> d-------- D:\Documents and Settings\Mom\.gimp-2.2
2008-10-06 21:23 . 2008-10-06 21:23 <DIR> d-------- D:\Documents and Settings\Mom\Application Data\FUJIFILM
2008-10-06 21:14 . 2008-10-13 07:36 <DIR> d-------- D:\Documents and Settings\Dad\Application Data\FUJIFILM
2008-10-06 21:13 . 2008-10-06 21:13 <DIR> d-------- D:\Program Files\REGSHAVE
2008-10-06 21:13 . 2008-10-13 07:36 <DIR> d-------- D:\Program Files\FinePixViewer
2008-10-06 21:13 . 2003-09-03 16:45 274,432 --a------ D:\WINDOWS\system32\FFTIFF16.dll
2008-10-06 21:13 . 2006-07-12 14:39 208,896 --a------ D:\WINDOWS\system32\FFRafShellEx.dll
2008-10-06 21:13 . 2004-07-24 21:28 155,648 --a------ D:\WINDOWS\system32\FFRAFLIB.DLL
2008-10-06 21:13 . 2001-11-25 07:11 81,924 --------- D:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-10-06 21:13 . 2002-02-05 12:33 69,632 --------- D:\WINDOWS\system32\FREGSHEX.DLL
2008-10-06 21:13 . 2002-02-27 07:27 65,536 --------- D:\WINDOWS\system32\FINFCHECK.dll
2008-10-06 21:13 . 2002-06-25 10:06 45,056 --------- D:\WINDOWS\system32\FINFCOPY.dll
2008-10-06 21:13 . 2002-02-13 06:00 45,056 --------- D:\WINDOWS\system32\FCLKBTN.DLL
2008-09-26 21:55 . 2008-09-26 21:55 <DIR> d-------- D:\Documents and Settings\Dan\Application Data\vlc
2008-09-26 20:18 . 2008-09-26 20:18 <DIR> d-------- D:\Documents and Settings\Dan\Application Data\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 22:33 --------- d-----w D:\Program Files\Dl_cats
2008-10-24 22:05 --------- d-----w D:\Documents and Settings\Dad\Application Data\AVG7
2008-10-24 12:00 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-10-16 12:31 --------- d-----w D:\Program Files\Blue Coat K9 Web Protection
2008-10-10 01:08 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-10-07 01:15 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-10-06 01:46 --------- d-----w D:\Documents and Settings\Mike.LIBRARY\Application Data\U3
2008-09-25 03:54 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-09-25 01:47 --------- d-----w D:\Documents and Settings\Julia\Application Data\gtk-2.0
2008-09-18 18:09 --------- d-----w D:\Documents and Settings\Julia\Application Data\Songbird1
2008-09-15 11:57 1,846,016 ----a-w D:\WINDOWS\system32\win32k.sys
2008-09-11 03:59 --------- d-----w D:\Program Files\Sygate
2008-09-11 03:29 --------- d-----w D:\Program Files\Lavasoft
2008-09-11 03:29 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-09-10 09:28 --------- d-----w D:\Program Files\Spybot - Search & Destroy
2008-09-10 03:19 --------- d-----w D:\Program Files\Alwil Software
2008-09-06 23:55 --------- d-----w D:\Documents and Settings\Dad\Application Data\gtk-2.0
2008-09-04 04:35 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-08-31 15:15 --------- d-----w D:\Program Files\Moss Bay Software
2008-08-29 12:32 --------- d-----w D:\Program Files\Microsoft Silverlight
2008-08-28 10:04 333,056 ----a-w D:\WINDOWS\system32\drivers\srv.sys
2008-08-25 18:11 --------- d-----w D:\Documents and Settings\Julia\Application Data\vlc
2008-08-20 05:38 659,456 ----a-w D:\WINDOWS\system32\wininet.dll
2008-08-14 09:55 2,142,720 ----a-w D:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:18 2,020,864 ----a-w D:\WINDOWS\system32\ntkrnlpa.exe
2008-05-07 00:05 18,368 ----a-w D:\Documents and Settings\Dan\Application Data\GDIPFONTCACHEV1.DAT
2008-03-01 12:04 92,064 ----a-w D:\Documents and Settings\Dad\mqdmmdm.sys
2008-03-01 12:04 9,232 ----a-w D:\Documents and Settings\Dad\mqdmmdfl.sys
2008-03-01 12:04 79,328 ----a-w D:\Documents and Settings\Dad\mqdmserd.sys
2008-03-01 12:04 66,656 ----a-w D:\Documents and Settings\Dad\mqdmbus.sys
2008-03-01 12:04 6,208 ----a-w D:\Documents and Settings\Dad\mqdmcmnt.sys
2008-03-01 12:04 5,936 ----a-w D:\Documents and Settings\Dad\mqdmwhnt.sys
2008-03-01 12:04 4,048 ----a-w D:\Documents and Settings\Dad\mqdmcr.sys
2008-03-01 12:04 25,600 ----a-w D:\Documents and Settings\Dad\usbsermptxp.sys
2008-03-01 12:04 22,768 ----a-w D:\Documents and Settings\Dad\usbsermpt.sys
2007-10-29 20:52 17,536 ----a-w D:\Documents and Settings\Mike\Application Data\GDIPFONTCACHEV1.DAT
2007-09-05 13:59 17,144 ----a-w D:\Documents and Settings\Dad\Application Data\GDIPFONTCACHEV1.DAT
2007-07-07 05:05 145 ----a-w D:\Documents and Settings\Dad\autoexec.bat
2007-01-14 13:03 8 ----a-w D:\Documents and Settings\Dad\Application Data\usb.dat.bin
2004-04-23 05:00 13,824 ----a-w D:\Documents and Settings\Mikey\cnmss Canon PIXMA iP1500 (Local).exe
.
<pre>
----a-w		 1,165,701 2003-02-01 23:55:56  D:\Documents and Settings\Dad\Desktop\Old F Drive\My Documents\Share\need for speed hot pursuit 2 WORKING crack + serial .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-20 1510640]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ccleaner"="D:\Program Files\CCleaner\ccleaner.exe" [2008-08-22 1234160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCJCATS"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SmcService"="D:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]
"<NO NAME>"="" [N/A]

D:\Documents and Settings\TEMP.LIBRARY\Start Menu\Programs\Startup\
prfDE.tmp [2008-05-31 0]

D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2007-01-14 1757]
avgw.exe [2007-10-22 219136]
ExifLauncher2.lnk - D:\Program Files\FinePixViewer\QuickDCF2.exe [2008-10-06 303104]
Microsoft Office.lnk.disabled [2006-11-22 1730]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-28 06:39 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SigmatelSysTrayApp"=stsystra.exe
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe"
"eBayToolbar"=D:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
"DLCJCATS"=rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
"AVG7_CC"=D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"D:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"D:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"D:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cwmtdi;cwmtdi;D:\WINDOWS\system32\drivers\cwmtdi.sys [2007-05-14 48640]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;D:\WINDOWS\system32\DRIVERS\mr97310v.sys [2002-11-06 116078]
S3 PIXMCV;JVC Communication PIX-MCV Driver;D:\WINDOWS\system32\Drivers\pixmcvc.sys [2003-12-05 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;D:\WINDOWS\system32\Drivers\pixmcva.sys [2003-12-05 27961]
S3 PIXMCVV;JVC PIX-MCV Video Capture;D:\WINDOWS\system32\Drivers\pixmcvv.sys [2003-12-05 20953]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-24 D:\WINDOWS\Tasks\AVG Free Control Center.job
- D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2008-10-16 16:28]

2008-09-10 D:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-06-18 21:02]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\8h6320vi.default\
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF -: plugin - D:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - D:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - D:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - D:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - D:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 18:51:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


D:\DOCUME~1\Dad\LOCALS~1\Temp\RGI4.tmp 7075 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMSwissArmy]
"ImagePath"="\??\D:\WINDOWS\system32\drivers\mbamswissarmy.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-10-24 18:53:12
ComboFix-quarantined-files.txt 2008-10-24 22:53:10

Pre-Run: 16,702,025,728 bytes free
Post-Run: 18,293,370,880 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

202 --- E O F --- 2008-10-24 07:01:04

#6 Reg Ulatory

Reg Ulatory
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 27 October 2008 - 01:31 PM

just to let you know, I still get trojan warnings with AVAST antivirus a few times a day (via windows/command). Some try to use my printer / scanner port.

#7 Reg Ulatory

Reg Ulatory
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 05 December 2008 - 06:37 AM

This is never going to be answered, is it? I keep getting the TrojanGen pop up to the Avast antivirus about once or several times a day. I guess I just have to live with it..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users