Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Several Trojans


  • Please log in to reply

#1
jaynikiw

jaynikiw

    Member

  • Member
  • PipPip
  • 13 posts
I have ran McAfee, Malwarebytes, Adaware, and others. I have gone in and removed the xblgen.exe file and ran C-cleaner and I still can't connect to shared drives or printers in my network. Also, Kaspersky is still finding several Trojans when none of these other programs do. I have followed another thread and did everything up to the pint of running Kaspersky and here are the log files I have generated:

Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 24, 2009 16:35:03
Records in database: 1962148
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 90930
Threat name: 5
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 02:19:56


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\adsaddssgl.exe.vir Infected: Trojan.Win32.Agent2.ezc 1
C:\Qoobox\Quarantine\C\adsajfdsgl.exe.vir Infected: Trojan.Win32.Agent2.ezc 1
C:\Qoobox\Quarantine\C\adsasgl.exe.vir Infected: Trojan.Win32.Agent2.ezc 1
C:\Qoobox\Quarantine\C\asgl.exe.vir Infected: Trojan.Win32.Agent2.ezc 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\Fifoed(18)\A0042696.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\Fifoed(18)\A0042697.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\Fifoed(18)\A0042698.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1056\A0068498.exe Infected: Trojan.Win32.Agent2.ezc 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1056\A0068515.exe Infected: Net-Worm.Win32.Kolab.blm 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1057\A0068525.exe Infected: Trojan.Win32.Agent2.ezc 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1090\A0071012.exe Infected: Trojan.Win32.Agent2.ezc 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1092\A0071134.exe Infected: Trojan.Win32.Agent2.ezc 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1093\A0071201.exe Infected: Trojan.Win32.Agent2.ezc 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1093\A0071202.exe Infected: Trojan.Win32.Agent2.ezc 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1093\A0071204.exe Infected: Trojan.Win32.Agent2.ezc 1
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1093\A0071207.exe Infected: Trojan.Win32.Agent2.ezc 1

The selected area was scanned.



HiJackTHis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:59 AM, on 3/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1215474007\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPM3LAK.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1215474007\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPM3LAK.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Billy\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 9848 bytes


Malwarebytes:

Malwarebytes' Anti-Malware 1.34
Database version: 1890
Windows 5.1.2600 Service Pack 3

3/24/2009 7:11:58 AM
mbam-log-2009-03-24 (07-11-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 159244
Time elapsed: 56 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Updatess (Trojan.Zapchast) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Updatess (Trojan.Zapchast) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFIx:

ComboFix 09-03-23.01 - Billy 2009-03-24 8:29:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.359 [GMT -7:00]
Running from: c:\documents and settings\Billy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Billy\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-21 17:27 . 2009-03-21 17:27 <DIR> d--hs---- c:\documents and settings\Billy\IECompatCache
2009-03-21 12:30 . 2009-03-09 12:06 15,688 --a------ c:\windows\SYSTEM32\lsdelete.exe
2009-03-21 10:58 . 2009-03-21 10:58 <DIR> d--hs---- c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache
2009-03-21 08:12 . 2009-03-21 08:12 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-21 08:12 . 2009-03-21 08:12 <DIR> d--hs---- c:\documents and settings\Billy\PrivacIE
2009-03-21 08:10 . 2009-03-21 08:10 <DIR> d--hs---- c:\documents and settings\Billy\IETldCache
2009-03-21 00:20 . 2009-03-21 00:20 <DIR> d-------- c:\windows\ie8updates
2009-03-21 00:14 . 2009-03-21 00:18 <DIR> d--h-c--- c:\windows\ie8
2009-03-21 00:13 . 2009-03-21 00:20 <DIR> d--h----- c:\windows\msdownld.tmp
2009-03-21 00:13 . 2009-03-21 00:13 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-21 00:11 . 2009-02-27 21:55 105,984 -----c--- c:\windows\SYSTEM32\DLLCACHE\iecompat.dll
2009-03-20 23:50 . 2009-03-20 23:50 <DIR> d-------- c:\documents and settings\Billy\Application Data\Windows Search
2009-03-20 23:44 . 2009-03-09 12:06 64,160 --a------ c:\windows\SYSTEM32\DRIVERS\Lbd.sys
2009-03-20 23:43 . 2009-03-20 23:43 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-20 23:42 . 2009-03-20 23:42 <DIR> d-------- c:\program files\Lavasoft
2009-03-20 23:42 . 2009-03-20 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-20 09:04 . 2009-03-20 09:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 09:04 . 2009-03-20 09:04 <DIR> d-------- c:\documents and settings\Billy\Application Data\Malwarebytes
2009-03-20 09:04 . 2009-03-20 09:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-20 09:04 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-20 09:04 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-20 09:02 . 2009-03-20 09:03 <DIR> d-------- c:\program files\CCleaner
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\SYSTEM32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\SYSTEM32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\SYSTEM32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\SYSTEM32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 -----c--- c:\windows\SYSTEM32\DLLCACHE\corpol.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 17:28 --------- d-----w c:\program files\Yahoo!
2009-03-20 16:03 --------- d--h--r c:\documents and settings\Billy\Application Data\yahoo!
2009-03-08 11:34 914,944 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\SYSTEM32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\SYSTEM32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\SYSTEM32\corpol.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\SYSTEM32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\SYSTEM32\iesetup.dll
2009-03-08 11:31 48,128 ----a-w c:\windows\SYSTEM32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\SYSTEM32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\SYSTEM32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\SYSTEM32\msls31.dll
2009-02-17 15:59 --------- d-----w c:\documents and settings\Billy\Application Data\XLink Kai
2009-02-17 04:59 36,928 ----a-w c:\windows\system32\drivers\pssdk41.sys
2009-02-09 11:13 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-01-25 19:39 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-01-08 01:21 26,144 ----a-w c:\windows\SYSTEM32\spupdsvc.exe
2009-01-08 01:20 265,720 ----a-w c:\windows\SYSTEM32\msdbg2.dll
2009-01-08 01:20 26,112 ----a-w c:\windows\SYSTEM32\idndl.dll
2009-01-08 01:20 24,576 ----a-w c:\windows\SYSTEM32\nlsdl.dll
2009-01-08 01:20 23,552 ----a-w c:\windows\SYSTEM32\normaliz.dll
2008-12-24 02:01 31 ----a-w c:\documents and settings\Billy\jagex_runescape_preferences.dat
2005-05-16 22:53 151 ---ha-w c:\documents and settings\Billy\hpothb07.dat
2005-05-16 22:47 164 ---ha-w c:\documents and settings\All Users\hpothb07.dat
2008-09-02 03:20 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090120080902\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-26 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-07-07 26112]
"HostManager"="c:\program files\Common Files\AOL\1215474007\ee\AOLSoftware.exe" [2006-11-14 50736]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-01-22 221247]
Canon PC1200 iC D700 Status Window.LNK - c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPM3LAK.EXE [2003-06-04 30208]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-06-24 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1215474007\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2009-03-20 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R2 RapidPortM3;RapidPortM3;c:\windows\SYSTEM32\DRIVERS\CAPM3LP.SYS [2008-07-07 22976]
S3 PsSdk41;PsSdk41;c:\windows\SYSTEM32\DRIVERS\pssdk41.sys [2009-02-16 36928]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 6TO4
*NewlyCreated* - IP6FW
*NewlyCreated* - LANMANSERVER
*NewlyCreated* - SRV
*NewlyCreated* - TCPIP6
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:06]

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2004-06-29 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2008-04-13 17:12]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Billy\Start Menu\Programs\IMVU\Run IMVU.lnk
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 08:31:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-24 8:33:28
ComboFix-quarantined-files.txt 2009-03-24 15:33:02
ComboFix2.txt 2009-03-24 15:24:46
ComboFix3.txt 2009-03-24 15:09:48

Pre-Run: 22,334,107,648 bytes free
Post-Run: 22,313,906,176 bytes free

172 --- E O F --- 2009-03-21 02:16:17




Thanks you so much for being here to support us, I can usualy fix my computer problems, but this is my kids computer and they have got it realy infected.

JayNikiW
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP