.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
ThUnDeR
-
Content Count
5,800 -
Joined
-
Last visited
About ThUnDeR
-
Rank
Fear the Camaro!
- Birthday 12/25/1985
-
do you still log into YIM anymore?
-
Anyone play it? I've been playing a lot of gun game on a really decent server. A Pit game would be decent if theres enough people.
-
That's a pretty sweet PC.
-
Thats a pretty awesome deal you both have received. Good part on Bruce. Nothing like trying to spread around the knowledge with a little help. I never ventured into Linux, but thats the way to start. Just a simple machine to toy around with.
-
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
everything is doing alright so far. Computer is no longer having issues with popups. I appreciate the help very much! -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:17:46 PM, on 11/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\AIM\aim.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\steam\steam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\Documents and Settings\Ahmad\Desktop\Ahmad.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: (no name) - {639DB5AF-9415-468F-B596-AFBF8BC2DD07} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file) O2 - BHO: (no name) - {DBDEC6D9-121B-4613-8A49-F809F9DD5951} - (no file) O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Prayer Times.lnk = C:\HAD\PTW.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: fymsrkwy - C:\WINDOWS\ O20 - Winlogon Notify: wvuvttr - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 6669 bytes -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, November 23, 2007 9:15:04 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 23/11/2007 Kaspersky Anti-Virus database records: 464543 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan Statistics: Total number of scanned objects: 67032 Number of viruses found: 9 Number of infected objects: 40 Number of suspicious objects: 0 Duration of the scan process: 01:12:26 C:\Documents and Settings\Ahmad\Desktop\backups\backup-20071121-112724-809.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\Ahmad\Desktop\backups\backup-20071121-195253-445.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\Ahmad\Desktop\backups\backup-20071122-110621-335.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\Ahmad\Desktop\backups\backup-20071122-120041-215.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\Ahmad\Desktop\backups\backup-20071122-130210-244.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\Ahmad\Desktop\backups\backup-20071122-130412-238.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\Ahmad\Desktop\backups\backup-20071122-130423-256.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\Ahmad\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe WiseSFX: infected - 2 skipped C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe WiseSFX Dropper: infected - 2 skipped C:\Program Files\Steam\Steam.log Object is locked skipped C:\qoobox\Quarantine\C\WINDOWS\system32\ydftyata.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\qoobox\Quarantine\catchme2007-11-22_121346.29.zip/wvuvttr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\qoobox\Quarantine\catchme2007-11-22_121346.29.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{327927C2-E094-4FFF-9034-E8B02AD12AB4}\RP2\A0001001.exe Infected: Trojan.Win32.Obfuscated.kp skipped C:\System Volume Information\_restore{327927C2-E094-4FFF-9034-E8B02AD12AB4}\RP2\A0002230.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{327927C2-E094-4FFF-9034-E8B02AD12AB4}\RP2\A0002231.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{327927C2-E094-4FFF-9034-E8B02AD12AB4}\RP6\A0002489.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\System Volume Information\_restore{327927C2-E094-4FFF-9034-E8B02AD12AB4}\RP6\change.log Object is locked skipped C:\_OTMoveIt\MovedFiles\SDFix\backups\backups.zip/backups/b128.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped C:\_OTMoveIt\MovedFiles\SDFix\backups\backups.zip/backups/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped C:\_OTMoveIt\MovedFiles\SDFix\backups\backups.zip ZIP: infected - 2 skipped C:\_OTMoveIt\MovedFiles\VundoFix Backups\cppzuaod.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\_OTMoveIt\MovedFiles\VundoFix Backups\efiaxqgt.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\_OTMoveIt\MovedFiles\VundoFix Backups\fymsrkwy.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\_OTMoveIt\MovedFiles\VundoFix Backups\hcstljfi.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\_OTMoveIt\MovedFiles\VundoFix Backups\hvpftrut.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\_OTMoveIt\MovedFiles\VundoFix Backups\injnuxjt.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\_OTMoveIt\MovedFiles\VundoFix Backups\mghfdndu.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\_OTMoveIt\MovedFiles\VundoFix Backups\wqxmflum.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\_OTMoveIt\MovedFiles\WINDOWS\Fonts\svchost.exe Infected: Trojan.Win32.Agent.cmn skipped C:\_OTMoveIt\MovedFiles\WINDOWS\system32\conajbhy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\_OTMoveIt\MovedFiles\WINDOWS\system32\eywpiwus.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\_OTMoveIt\MovedFiles\WINDOWS\system32\jkkiiji.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped C:\_OTMoveIt\MovedFiles\WINDOWS\system32\kjolkvmc.exe Infected: Trojan.Win32.Obfuscated.kp skipped C:\_OTMoveIt\MovedFiles\WINDOWS\system32\nnnonll.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped C:\_OTMoveIt\MovedFiles\WINDOWS\system32\yayaywt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\_OTMoveIt\MovedFiles\WINDOWS\system32\yaywutq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped Scan process completed. continuing with your instructions right now -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
I don't know how I can paste the kaspersky log. Its incredibly massive. If i had to guess, it'd be over 10 posts if not more. Is there a more efficient way? -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
Well... File IconC989D247.exe received on 11.23.2007 15:07:25 (CET) Antivirus Version Last Update Result AhnLab-V3 2007.11.23.1 2007.11.23 - AntiVir 7.6.0.34 2007.11.23 - Authentium 4.93.8 2007.11.21 - Avast 4.7.1074.0 2007.11.22 - AVG 7.5.0.503 2007.11.23 - BitDefender 7.2 2007.11.23 - CAT-QuickHeal 9.00 2007.11.22 - ClamAV 0.91.2 2007.11.23 - DrWeb 4.44.0.09170 2007.11.23 - eSafe 7.0.15.0 2007.11.21 - eTrust-Vet 31.3.5318 2007.11.23 - Ewido 4.0 2007.11.23 - FileAdvisor 1 2007.11.23 - Fortinet 3.14.0.0 2007.11.23 - F-Prot 4.4.2.54 2007.11.22 - F-Secure 6.70.13030.0 2007.11.23 - Ikarus T3.1.1.12 2007.11.23 - Kaspersky 7.0.0.125 2007.11.21 - McAfee 5169 2007.11.22 - Microsoft 1.3007 2007.11.23 - NOD32v2 2681 2007.11.23 - Norman 5.80.02 2007.11.22 - Panda 9.0.0.4 2007.11.23 - Prevx1 V2 2007.11.23 - Rising 20.19.41.00 2007.11.23 - Sophos 4.23.0 2007.11.23 - Sunbelt 2.2.907.0 2007.11.22 - Symantec 10 2007.11.23 - TheHacker 6.2.9.138 2007.11.22 - VBA32 3.12.2.5 2007.11.23 - VirusBuster 4.3.26:9 2007.11.23 - Webwasher-Gateway 6.0.1 2007.11.23 - Additional information File size: 4608 bytes MD5: 756ecd7a63948637e6c95f0f4ea560c4 SHA1: fc026cea6bce5e213e187cce9eed79c399d38f78 it did not find the first file you asked me to look for. So far with Kaspersky, its up to 9 viruses and 40 infected files. I noticed the number of viruses jumped when it searched the System Volume Information folder. -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
I'm currently scanning with Kaspersky... its taking quite a while, only 30% through, but it so far as shown 4 viruses and 14 infected objects -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
I might have spoken too soon Seems combofix found those files again, and deleted them. ComboFix 07-11-19.3 - Ahmad 2007-11-23 7:09:31.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.313 [GMT -6:00] Running from: C:\Documents and Settings\Ahmad\Desktop\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Ahmad\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\fiotyyao.dll C:\WINDOWS\system32\hcstljfi.dll C:\WINDOWS\system32\kycqfolt.ini C:\WINDOWS\system32\mghfdndu.dll C:\WINDOWS\system32\ydftyata.dll C:\WINDOWS\system32\yhbjanoc.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\fiotyyao.dll C:\WINDOWS\system32\kycqfolt.ini C:\WINDOWS\system32\ydftyata.dll C:\WINDOWS\system32\yhbjanoc.ini . ((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))) . 2007-11-21 19:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2007-11-21 12:57 <DIR> d-------- C:\Program Files\Sun 2007-11-21 12:56 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-21 12:55 5,097 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log 2007-11-21 12:53 <DIR> d-------- C:\Program Files\Java 2007-11-21 12:53 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-21 11:57 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-20 06:29 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-20 06:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-20 06:29 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-19 17:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2007-11-19 16:46 <DIR> d-------- C:\Documents and Settings\Ahmad\Application Data\Grisoft 2007-11-19 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-19 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-19 14:28 2,110 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-19 14:28 0 --a------ C:\WINDOWS\system32\tmp.txt 2007-11-18 23:04 681,286 ---hs---- C:\WINDOWS\system32\ghqfvkho.ini 2007-11-18 19:26 <DIR> d-------- C:\Program Files\Steam 2007-11-18 13:59 <DIR> d-------- C:\Program Files\Webroot 2007-11-18 13:59 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared 2007-11-18 13:59 <DIR> d-------- C:\Documents and Settings\Ahmad\Application Data\Webroot 2007-11-18 13:59 56,832 --a------ C:\WINDOWS\Unwash6.exe 2007-11-18 11:57 <DIR> d-------- C:\Program Files\Advanced Windows Cleaner 2007-11-18 10:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-18 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-04 11:27 <DIR> d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor 2007-11-04 11:27 374,752 --a------ C:\WINDOWS\system32\WUSBGXP.sys 2007-11-04 11:27 339,488 --a------ C:\WINDOWS\system32\WUSB20XP.sys 2007-11-04 11:27 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2007-11-04 11:27 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD 2007-11-04 11:27 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2007-11-04 11:27 8,090 --a------ C:\WINDOWS\system32\WUSB54G.cat 2007-11-04 11:27 1,668 --a------ C:\WINDOWS\system32\WLAN.INI 2007-11-01 21:28 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime 2007-11-01 21:28 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime 2007-11-01 21:28 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime 2007-11-01 21:28 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime 2007-11-01 21:28 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime 2007-11-01 21:28 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls 2007-11-01 21:27 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime 2007-11-01 21:27 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-11-01 21:27 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-11-01 21:27 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll 2007-11-01 21:26 101,888 --a--c--- C:\WINDOWS\system32\dllcache\evntagnt.dll 2007-11-01 21:26 92,160 --a--c--- C:\WINDOWS\system32\dllcache\evntwin.exe 2007-11-01 21:26 57,856 --a--c--- C:\WINDOWS\system32\dllcache\esuimgd.dll 2007-11-01 21:26 45,056 --a--c--- C:\WINDOWS\system32\dllcache\esunid.dll 2007-11-01 21:26 31,744 --a--c--- C:\WINDOWS\system32\dllcache\esucmd.dll 2007-11-01 21:26 25,856 --a--c--- C:\WINDOWS\system32\dllcache\et4000.sys 2007-11-01 21:26 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe 2007-11-01 21:26 24,064 --a--c--- C:\WINDOWS\system32\dllcache\evntcmd.exe 2007-11-01 21:26 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll 2007-11-01 21:25 189,440 --a--c--- C:\WINDOWS\system32\dllcache\smtpadm.dll 2007-11-01 21:25 188,494 --a--c--- C:\WINDOWS\system32\dllcache\fpcount.exe 2007-11-01 21:25 76,800 --a--c--- C:\WINDOWS\system32\dllcache\logui.ocx 2007-11-01 21:25 68,608 --a--c--- C:\WINDOWS\system32\dllcache\iisext51.dll 2007-11-01 21:25 45,056 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll 2007-11-01 21:25 20,536 --a--c--- C:\WINDOWS\system32\dllcache\shtml.dll 2007-11-01 21:25 16,437 --a--c--- C:\WINDOWS\system32\dllcache\shtml.exe 2007-11-01 21:25 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll 2007-11-01 21:25 5,632 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll 2007-11-01 21:24 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll 2007-11-01 21:24 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe 2007-11-01 21:23 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2007-11-01 21:23 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2007-11-01 21:23 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2007-11-01 21:23 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2007-11-01 21:13 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-11-01 21:13 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-11-01 21:13 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2007-11-01 21:12 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT 2007-11-01 21:12 31,281 --a--c--- C:\WINDOWS\system32\dllcache\FP4.CAT 2007-11-01 21:12 13,753 --a--c--- C:\WINDOWS\system32\dllcache\IMS.CAT 2007-11-01 21:12 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT 2007-11-01 21:12 9,581 --a--c--- C:\WINDOWS\system32\dllcache\MSMSGS.CAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-23 12:10 --------- d-----w C:\Program Files\Al Muhaddith 2007-11-21 20:51 --------- d-----w C:\Documents and Settings\Ahmad\Application Data\Xfire 2007-11-21 02:17 --------- d-s---w C:\Program Files\Xfire 2007-11-18 18:21 --------- d-----w C:\Program Files\iTunes 2007-11-18 16:28 --------- d-----w C:\Program Files\Lavasoft 2007-11-18 16:28 --------- d-----w C:\Documents and Settings\Ahmad\Application Data\Lavasoft 2007-11-18 16:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-18 16:21 --------- d-----w C:\Program Files\Viewpoint 2007-11-18 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-18 16:20 --------- d-----w C:\Program Files\The Weather Channel FW 2007-11-18 16:19 --------- d-----w C:\Program Files\Maxthon 2007-11-18 16:19 --------- d-----w C:\Program Files\Google 2007-11-18 16:19 --------- d-----w C:\Program Files\EA SPORTS 2007-11-18 16:18 --------- d-----w C:\Program Files\Air France TravelDesk 2007-11-18 16:15 --------- d-----w C:\Program Files\Alitalia TravelDesk 2007-11-18 16:14 --------- d-----w C:\Program Files\Pcsx2 2007-11-04 17:27 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-11-04 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2006-08-20 03:28 19,952 -c--a-w C:\Documents and Settings\Younes\Application Data\GDIPFONTCACHEV1.DAT 2006-03-21 01:06 24 -c--a-w C:\Documents and Settings\Ahmad\mylist.dat 2006-03-25 22:34 80 -csha-r C:\WINDOWS\system32\E92AFCCAC8.dll . ((((((((((((((((((((((((((((( [email protected]_12.14.31.03 ))))))))))))))))))))))))))))))))))))))))) . - 2007-08-14 19:02:52 65,390 ----a-w C:\WINDOWS\AisAAAg.dat + 2007-08-15 14:13:48 65,795 ----a-w C:\WINDOWS\AisAAAg.dat - 2007-11-21 17:57:28 4,820,992 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat + 2007-11-22 21:02:41 4,993,024 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat - 2007-11-21 17:57:28 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-11-22 21:02:41 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-11-22 22:54:02 4,608 ----a-r C:\WINDOWS\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe + 2004-10-16 00:17:02 60,496 ----a-w C:\WINDOWS\system32\drivers\Teefer.sys + 2004-10-16 00:32:38 14,568 ----a-w C:\WINDOWS\system32\drivers\wg3n.sys + 2004-10-16 00:32:40 14,568 ----a-w C:\WINDOWS\system32\drivers\wg4n.sys + 2004-10-16 00:32:42 14,568 ----a-w C:\WINDOWS\system32\drivers\wg5n.sys + 2004-10-16 00:32:44 14,568 ----a-w C:\WINDOWS\system32\drivers\wg6n.sys + 2004-10-16 00:18:46 21,075 ----a-w C:\WINDOWS\system32\drivers\wpsdrvnt.sys + 2004-10-16 00:31:58 99,480 ----a-w C:\WINDOWS\system32\FwsVpn.dll + 2004-10-16 00:31:56 218,264 ----a-w C:\WINDOWS\system32\SetAid.dll + 2004-10-16 00:32:10 83,096 ----a-w C:\WINDOWS\system32\SSSensor.dll + 2007-11-23 13:13:46 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_694.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [] "AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 16:18] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] "Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-03-08 10:02] "Steam"="c:\program files\steam\steam.exe" [2007-11-18 19:26] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-28 12:12] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 04:06] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\system32\rundll32.exe] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] Prayer Times.lnk - C:\HAD\PTW.EXE [2006-05-27 09:46:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 06:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-02-23 15:45 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\C:\WINDOWS\system32\Drivers\Aldebaran.sys S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\Madden06.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\RunGame.exe *Newly Created Service* - GTNDIS5 . Contents of the 'Scheduled Tasks' folder "2007-11-22 01:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-23 07:14:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-23 7:16:57 - machine was rebooted C:\ComboFix2.txt ... 2007-11-22 15:11 C:\ComboFix3.txt ... 2007-11-22 12:26 . --- E O F --- -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
alrighty, i'll get on it. As for the firewall, you might have noticed I did get one instead of using windows. I had been using sygate PF for a while, then stopped after i had some issues with it. Now its all good. I'll run the scans here and post the logs. -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
I actually think I have this thing pinned. Heres my latest log. Its not reappearing anymore after i nailed it with redoing all of your instructions, and on top of that, doing a boot time scan with avast. I've been clean for most of this evening (which is a good sign, usually i'm back to infected in less than an hour) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23:07 PM, on 11/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\AIM\aim.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\steam\steam.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Xfire\Xfire.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ahmad\Desktop\Ahmad.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Prayer Times.lnk = C:\HAD\PTW.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 6687 bytes hows that look? -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:01:21 PM, on 11/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Ahmad\Desktop\Ahmad.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mghfdndu.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mghfdndu.dll O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Prayer Times.lnk = C:\HAD\PTW.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: mghfdndu - C:\WINDOWS\SYSTEM32\mghfdndu.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 6541 bytes -
Having a problem with win32.trojandownloader.zlob
ThUnDeR replied to ThUnDeR's topic in Solved Malware Logs
ComboFix 07-11-19.3 - Ahmad 2007-11-22 12:18:35.4 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.365 [GMT -6:00] Running from: C:\Documents and Settings\Ahmad\Desktop\ComboFix(2).exe Command switches used :: C:\Documents and Settings\Ahmad\Desktop\CFScript.txt FILE C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\wvuvttr.dll C:\WINDOWS\system32\wyadd.ini2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mghfdndu.dllbox . ((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 ))))))))))))))))))))))))))))))) . 2007-11-22 11:13 85,056 --a------ C:\WINDOWS\system32\ydftyata.dll 2007-11-22 11:01 145,984 --a------ C:\WINDOWS\system32\mghfdndu.dll 2007-11-22 11:01 145,984 --a------ C:\WINDOWS\system32\hcstljfi.dll 2007-11-21 19:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2007-11-21 12:57 <DIR> d-------- C:\Program Files\Sun 2007-11-21 12:56 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-21 12:55 5,097 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log 2007-11-21 12:53 <DIR> d-------- C:\Program Files\Java 2007-11-21 12:53 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-21 11:57 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-20 23:35 657,841 ---hs---- C:\WINDOWS\system32\yhbjanoc.ini 2007-11-20 06:29 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-19 23:19 816,368 ---hs---- C:\WINDOWS\system32\kycqfolt.ini 2007-11-19 17:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2007-11-19 16:46 <DIR> d-------- C:\Documents and Settings\Ahmad\Application Data\Grisoft 2007-11-19 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-19 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-18 19:26 <DIR> d-------- C:\Program Files\Steam 2007-11-18 13:59 <DIR> d-------- C:\Program Files\Webroot 2007-11-18 13:59 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared 2007-11-18 13:59 <DIR> d-------- C:\Documents and Settings\Ahmad\Application Data\Webroot 2007-11-18 13:59 56,832 --a------ C:\WINDOWS\Unwash6.exe 2007-11-18 11:57 <DIR> d-------- C:\Program Files\Advanced Windows Cleaner 2007-11-18 10:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-18 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-04 11:27 <DIR> d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor 2007-11-04 11:27 374,752 --a------ C:\WINDOWS\system32\WUSBGXP.sys 2007-11-04 11:27 339,488 --a------ C:\WINDOWS\system32\WUSB20XP.sys 2007-11-04 11:27 245,376 --a------ C:\WINDOWS\system32\rt2500usb.sys 2007-11-04 11:27 8,090 --a------ C:\WINDOWS\system32\WUSB54G.cat 2007-11-04 11:27 308 --a------ C:\WINDOWS\system32\results.txt 2007-11-01 21:28 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime 2007-11-01 21:28 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime 2007-11-01 21:28 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime 2007-11-01 21:28 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime 2007-11-01 21:28 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime 2007-11-01 21:28 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls 2007-11-01 21:27 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime 2007-11-01 21:27 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-11-01 21:27 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-11-01 21:27 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll 2007-11-01 21:26 101,888 --a--c--- C:\WINDOWS\system32\dllcache\evntagnt.dll 2007-11-01 21:26 92,160 --a--c--- C:\WINDOWS\system32\dllcache\evntwin.exe 2007-11-01 21:26 57,856 --a--c--- C:\WINDOWS\system32\dllcache\esuimgd.dll 2007-11-01 21:26 45,056 --a--c--- C:\WINDOWS\system32\dllcache\esunid.dll 2007-11-01 21:26 31,744 --a--c--- C:\WINDOWS\system32\dllcache\esucmd.dll 2007-11-01 21:26 25,856 --a--c--- C:\WINDOWS\system32\dllcache\et4000.sys 2007-11-01 21:26 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe 2007-11-01 21:26 24,064 --a--c--- C:\WINDOWS\system32\dllcache\evntcmd.exe 2007-11-01 21:26 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll 2007-11-01 21:25 189,440 --a--c--- C:\WINDOWS\system32\dllcache\smtpadm.dll 2007-11-01 21:25 188,494 --a--c--- C:\WINDOWS\system32\dllcache\fpcount.exe 2007-11-01 21:25 76,800 --a--c--- C:\WINDOWS\system32\dllcache\logui.ocx 2007-11-01 21:25 68,608 --a--c--- C:\WINDOWS\system32\dllcache\iisext51.dll 2007-11-01 21:25 45,056 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll 2007-11-01 21:25 20,536 --a--c--- C:\WINDOWS\system32\dllcache\shtml.dll 2007-11-01 21:25 16,437 --a--c--- C:\WINDOWS\system32\dllcache\shtml.exe 2007-11-01 21:25 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll 2007-11-01 21:25 5,632 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll 2007-11-01 21:24 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll 2007-11-01 21:24 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe 2007-11-01 21:23 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2007-11-01 21:23 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2007-11-01 21:23 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2007-11-01 21:23 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2007-11-01 21:23 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2007-11-01 21:13 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-11-01 21:13 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-11-01 21:13 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-11-01 21:13 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2007-11-01 21:12 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT 2007-11-01 21:12 31,281 --a--c--- C:\WINDOWS\system32\dllcache\FP4.CAT 2007-11-01 21:12 13,753 --a--c--- C:\WINDOWS\system32\dllcache\IMS.CAT 2007-11-01 21:12 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT 2007-11-01 21:12 9,581 --a--c--- C:\WINDOWS\system32\dllcache\MSMSGS.CAT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-22 17:55 --------- d-----w C:\Program Files\Al Muhaddith 2007-11-22 17:15 80,960 ----a-w C:\WINDOWS\system32\fiotyyao.dll 2007-11-21 20:51 --------- d-----w C:\Documents and Settings\Ahmad\Application Data\Xfire 2007-11-21 02:17 --------- d-s---w C:\Program Files\Xfire 2007-11-18 18:21 --------- d-----w C:\Program Files\iTunes 2007-11-18 16:28 --------- d-----w C:\Program Files\Lavasoft 2007-11-18 16:28 --------- d-----w C:\Documents and Settings\Ahmad\Application Data\Lavasoft 2007-11-18 16:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-18 16:21 --------- d-----w C:\Program Files\Viewpoint 2007-11-18 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-18 16:20 --------- d-----w C:\Program Files\The Weather Channel FW 2007-11-18 16:19 --------- d-----w C:\Program Files\Maxthon 2007-11-18 16:19 --------- d-----w C:\Program Files\Google 2007-11-18 16:19 --------- d-----w C:\Program Files\EA SPORTS 2007-11-18 16:18 --------- d-----w C:\Program Files\Air France TravelDesk 2007-11-18 16:15 --------- d-----w C:\Program Files\Alitalia TravelDesk 2007-11-18 16:14 --------- d-----w C:\Program Files\Pcsx2 2007-11-04 17:27 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-11-04 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-04 05:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 05:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe 2006-08-20 03:28 19,952 -c--a-w C:\Documents and Settings\Younes\Application Data\GDIPFONTCACHEV1.DAT 2006-03-21 01:06 24 -c--a-w C:\Documents and Settings\Ahmad\mylist.dat 2003-07-31 23:53 147,456 ----a-w C:\WINDOWS\inf\EL2K_XP.sys 2003-07-31 23:50 448,768 ----a-w C:\WINDOWS\inf\EL2K_N64.sys 2003-07-31 23:43 147,456 ----a-w C:\WINDOWS\inf\EL2K_2K.sys 2006-03-25 22:34 80 -csha-r C:\WINDOWS\system32\E92AFCCAC8.dll . ((((((((((((((((((((((((((((( [email protected]_12.14.31.03 ))))))))))))))))))))))))))))))))))))))))) . - 2007-08-14 19:02:52 65,390 ----a-w C:\WINDOWS\AisAAAg.dat + 2007-08-14 19:22:51 65,471 ----a-w C:\WINDOWS\AisAAAg.dat + 2007-11-22 18:22:48 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_650.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-22 11:01 145984 --a------ C:\WINDOWS\system32\mghfdndu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\mghfdndu.dll [2007-11-22 11:01 145984] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [] "AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 16:18] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] "Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-03-08 10:02] "Steam"="c:\program files\steam\steam.exe" [2007-11-18 19:26] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-28 12:12] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 04:06] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\system32\rundll32.exe] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 06:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] Prayer Times.lnk - C:\HAD\PTW.EXE [2006-05-27 09:46:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mghfdndu] mghfdndu.dll 2007-11-22 11:01 145984 C:\WINDOWS\system32\mghfdndu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 06:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-02-23 15:45 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot R2 WUSB54Gv42SVC;WUSB54Gv42SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe" R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\C:\WINDOWS\system32\Drivers\Aldebaran.sys S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\Madden06.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\RunGame.exe *Newly Created Service* - GTNDIS5 . Contents of the 'Scheduled Tasks' folder "2007-11-22 01:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-22 12:23:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-22 12:26:14 - machine was rebooted C:\ComboFix2.txt ... 2007-11-22 12:15 . --- E O F ---