Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Rbot.Aeu


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kharibdis99

Kharibdis99

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 17 August 2009 - 03:00 AM

Some programs will not open up, task bar and startmenu dissapeared from some time but i got that to reappear by making a creating a new taskbar. Scanned with Spybot Search And Destroy picked up Win32.Rbot.aeu, tried to run malwarebytes antimalware got an error saying Failed to load Conrtrol 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Tried to use system restore got an error saying cannot restore try restarting computer. I also ran SDfix that i found was given to another user for this same problem i still dont have a start menu or taskbar, and i cannot move any icons on my desktop nor can i copy and paste. The report is below the other 2 HJT reports. Also something that caught my eye as i was reading over the SDfix Report it says Wed 4 aug 2004 12,336 ..SHR --- 'C:\WINDOWS\System32\Svchost.exe. My computer was Created around january 09.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 3:49:55.68 on Mon 08/17/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12

============== Pseudo HJT Report ===============

mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
mRun: [DRam prosessor] svchost
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-RR80R.exe" /REG
mRunServices: [Windows Manager System] winoper.exe
mRunServices: [DRam prosessor] svchost
uPolicies-explorer: NoSimpleStartMenu =
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\xttiuyoa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-08-17 03:31 687,104 a------- c:\windows\is-RR80R.exe
2009-08-17 03:31 10,498 a------- c:\windows\is-RR80R.msg
2009-08-17 03:31 430 a------- c:\windows\is-RR80R.lst
2009-08-17 03:27 <DIR> --d----- c:\program files\Safer Networking
2009-08-17 02:25 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-08-17 00:09 <DIR> --d----- C:\c85e4cd8c800b61489
2009-08-16 23:50 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-08-16 20:55 388,300 a------- c:\windows\tminstall_new.exe
2009-08-11 23:53 270,848 ---shr-- c:\windows\system32\explorer.exe
2009-08-11 23:53 239,616 ---shr-- c:\windows\system32\svchost
2009-07-29 18:13 <DIR> --d----- c:\windows\pss
2009-07-29 18:03 <DIR> --d-h--- c:\windows\PIF
2009-07-25 20:44 <DIR> --d----- c:\docume~1\admini~1\applic~1\IconChanger
2009-07-25 20:43 <DIR> --d----- c:\program files\IconChanger
2009-07-23 00:50 <DIR> --d----- c:\program files\WinPcap
2009-07-23 00:49 <DIR> --d----- c:\program files\Cain
2009-07-23 00:40 <DIR> --d----- c:\docume~1\admini~1\applic~1\mIRC
2009-07-23 00:34 <DIR> --d----- c:\docume~1\admini~1\applic~1\TeamViewer
2009-07-23 00:34 <DIR> --d----- c:\program files\TeamViewer
2009-07-23 00:33 <DIR> --d----- c:\documents and settings\administrator\temp
2009-07-22 15:24 <DIR> --d----- c:\docume~1\admini~1\applic~1\Mp3tag
2009-07-22 15:24 <DIR> --d----- c:\program files\Mp3tag
2009-07-21 19:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-07-21 19:27 <DIR> --d----- c:\docume~1\admini~1\applic~1\AVS4YOU
2009-07-21 19:26 <DIR> --d----- c:\program files\common files\AVSMedia
2009-07-21 19:26 658,432 a------- c:\windows\system32\cc3270mt.dll
2009-07-21 19:26 487,424 a------- c:\windows\system32\msvcp70.dll
2009-07-21 19:26 24,576 a------- c:\windows\system32\msxml3a.dll
2009-07-21 19:26 <DIR> --d----- c:\program files\AVS4YOU

==================== Find3M ====================

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-12 12:27 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 08:48 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-22 13:24 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-06-22 12:26 138,920 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-22 12:26 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-05-20 20:54 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-20 14:59 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2009-05-20 14:59 2,250,024 a------- c:\windows\system32\pbsvc.exe
2006-06-24 02:48 32,768 -----r-- c:\windows\inf\UpdateUSB.exe
2004-08-04 08:00 14,336 ---shr-- c:\windows\system32\svchost.exe

============= FINISH: 3:50:30.43 ===============



==== Installed Programs ======================

7-Zip 4.65
AAC Decoder
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 6.0.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
Aim Plugin for QQ Games
AIM Search
AIM Toolbar
Aion
Alarm Clock v1.0
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
AVG Free 8.5
AVS Audio Converter version 5.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Battlefield 2™
Battlefield 2142
Blaze Media Pro
Bonjour
BuddyList Ops 1.0.0.1
Cain & Abel v4.9.31
Call of Duty® 4 - Modern Warfare™
Command & Conquer™ Red Alert™ 3 Worldbuilder
Command & Conquer™ Red Alert™ 3
Condition Zero
Critical Update for Windows Media Player 11 (KB959772)
DAEMON Tools Toolbar
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
EPU-WS Engine
EVGA Precision 1.3.0
Far Cry 2
Free Mp3 Wma Converter V 1.81
Google Chrome
Google Earth
Google Update Helper
Google Updater
Guild Wars
Guitar Pro 5.2
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
IconChanger
ImTOO MP4 Video Converter
iTunes
Java™ 6 Update 12
LimeWire 5.0.11
Malwarebytes' Anti-Malware
Marvell MRU
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeChat
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
mIRC
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.19)
Mp3tag v2.43
MSN
MSXML 6.0 Parser (KB933579)
NCsoft Launcher
NVIDIA Drivers
PDF Settings
PunkBuster Services
QQ BlackJack
QQ Bubble Arena
QQ Chess
QQ Games
QQ Hearts
QQ Match Master
QQ Pool
QQ Puzzle Dasher
QQ Robo
QQ Treasure Hunter
QuickTime
Razer Tarantula
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RunAlyzer
Safari
Samsung Master
Samsung USB Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Spybot - Search & Destroy
Stardock MyColors
Steam
Team Fortress 2 Dedicated Server
Teaming Utility
TeamViewer 4
Unlocker 1.8.7
Update for Windows XP (KB898461)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Viewpoint Media Player
VLC media player 0.9.9
Vuze
Vuze Toolbar
Warhammer Online - Age of Reckoning
WebFldrs XP
WinAce Archiver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
WinPcap 4.1 beta5
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.2 final uninstall
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== End Of File ===========================



SDFix: Version 1.240
Run by Administrator on Mon 08/17/2009 at 05:08 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Administrator\Desktop\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\explorer.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 17:17:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:d4,47,2f,4d,ba,06,cb,e5,70,14,c2,21,fe,58,6a,f8,63,f0,df,1c,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b9,09,9e,f3,f6,5c,97,b7,91,38,12,b6,47,5f,82,8f,8f,..
"khjeh"=hex:32,0c,aa,e3,fd,67,90,e5,01,e0,75,09,eb,b9,0d,57,6b,7c,f1,e4,fc,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6c,22,f0,9a,3d,c6,4c,c2,0e,0d,71,9c,fb,13,10,4e,86,1c,64,2f,22,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:d4,47,2f,4d,ba,06,cb,e5,70,14,c2,21,fe,58,6a,f8,63,f0,df,1c,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b9,09,9e,f3,f6,5c,97,b7,91,38,12,b6,47,5f,82,8f,8f,..
"khjeh"=hex:32,0c,aa,e3,fd,67,90,e5,01,e0,75,09,eb,b9,0d,57,6b,7c,f1,e4,fc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6c,22,f0,9a,3d,c6,4c,c2,0e,0d,71,9c,fb,13,10,4e,86,1c,64,2f,22,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Marvell\\61xx\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Marvell\\61xx\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\system32\\windirxappx.exe"="C:\\WINDOWS\\system32\\windirxappx.exe:*:Enabled:windirxappx"
"C:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"="C:\\Program Files\\Tencent\\QQ Games\\QQGames.exe:*:Enabled:QQ Games"
"C:\\Program Files\\Cain\\Cain.exe"="C:\\Program Files\\Cain\\Cain.exe:*:Enabled:Cain - Password Recovery Utility"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 4 Aug 2004 14,336 ..SHR --- "C:\WINDOWS\system32\svchost.exe"
Tue 16 Jun 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 19 May 2009 243,712 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\~152.tmp"
Tue 19 May 2009 243,712 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\~15B.tmp"
Tue 17 Mar 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 24 May 2009 2,861 A..HR --- "C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Edited by Kharibdis99, 17 August 2009 - 11:16 PM.


BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 29 August 2009 - 07:07 PM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,903 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:52 PM

Posted 05 September 2009 - 05:30 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users