Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.3
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 29th, 2010, 4:03pm
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   hey tom		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: hey tom  (Read 1787 times)
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
hey tom
« on: Jan 17th, 2009, 2:14pm »		 Quote Quote  Modify Modify
hey tom sorry bother you but i don't know how this got back in my pc
 
TrojanHunter Scan Report - Saved 2009-01-16 18:36
 
Found trojan file: C:\RECYCLER\S-1-5-21-303586593-3712854003-2074291724-1009\Dc1.exe/hidec. exe (RiskTool.Hidec.100)
Found trojan file: C:\RECYCLER\S-1-5-21-303586593-3712854003-2074291724-1009\Dc1.exe/Upx.hx ggodch/hidec.exe (RiskTool.Hidec.100)
Quarantined file C:\RECYCLER\S-1-5-21-303586593-3712854003-2074291724-1009\Dc1.exe
Unable to quarantine file C:\RECYCLER\S-1-5-21-303586593-3712854003-2074291724-1009\Dc1.exe: Scheduling file to be quarantined when computer is restarted
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #1 on: Jan 17th, 2009, 2:15pm »		 Quote Quote  Modify Modify
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com
[Registered to: Thomas ]
Scan started at: 3:06:28 PM 17 Jan 2009
Using Database v7263
Operating System:  Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System:  NTFS
Data directory:     C:\Documents and Settings\Compaq_Owner\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  C:\Documents and Settings\Compaq_Owner\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges
 
************************************************************
The following Anti-Malware program(s) are loaded:
[AV Warnings are suppressed]
Trojan Hunter
 
************************************************************
 
 
************************************************************
3:06:28 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
 
************************************************************
3:06:28 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
 
************************************************************
3:06:28 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
 
************************************************************
3:06:31 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created:  8/4/2004
Modified: 4/13/2008
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created:  8/4/2004
Modified: 4/13/2008
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created:  8/4/2004
Modified: 4/13/2008
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: THGuard
Value Data: "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
C:\Program Files\TrojanHunter 5.0\THGuard.exe
1056928 bytes
Created:  1/13/2009
Modified: 10/24/2008
Company:  Mischel Internet Security
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created:  1/13/2009
Modified: 1/13/2009
Company:  Sun Microsystems, Inc.
--------------------
Value Name: Malwarebytes' Anti-Malware
Value Data: "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
399504 bytes
Created:  1/13/2009
Modified: 1/14/2009
Company:  Malwarebytes Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created:  1/17/2009
Modified: 1/1/2009
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Y!TunnelPro
Value Data: C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe
1412608 bytes
Created:  1/13/2009
Modified: 9/27/2008
Company:  Digital Asphyxia
--------------------
Value Name: RegistryMechanic
Value Data: C:\Program Files\Registry Mechanic\RegMech.exe /H
C:\Program Files\Registry Mechanic\RegMech.exe
2828184 bytes
Created:  1/13/2009
Modified: 7/8/2008
Company:  PC Tools
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  8/4/2004
Modified: 4/13/2008
Company:  Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
 
************************************************************
3:06:33 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created:  5/26/2008
Modified: 5/26/2008
Company:  Microsoft Corporation
----------
 
************************************************************
3:06:33 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
 
************************************************************
3:06:34 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
 
************************************************************
3:06:34 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created:  8/25/2006
Modified: 8/25/2006
Company:  [no info]
----------
Key:  {8b15971b-5355-4c82-8c07-7e181ea07608}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
C:\WINDOWS\INF\fxsocm.inf
50680 bytes
Created:  8/4/2004
Modified: 8/4/2004
Company:  [no info]
----------
 
************************************************************
3:06:35 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key:  BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created:  8/4/2004
Modified: 4/13/2008
Company:  Microsoft Corporation
--------------------
 
************************************************************
3:06:37 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key:  Apple Mobile Device
ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
132424 bytes
Created:  11/7/2008
Modified: 11/7/2008
Company:  Apple Inc.
----------
Key:  bb-run
ImagePath: system32\DRIVERS\bb-run.sys
C:\WINDOWS\system32\DRIVERS\bb-run.sys
17408 bytes
Created:  11/5/2003
Modified: 11/5/2003
Company:  Promise Technology, Inc.
----------
Key:  Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created:  8/29/2008
Modified: 8/29/2008
Company:  Apple Inc.
----------
Key:  catchme
ImagePath: \??\C:\ComboFix\catchme.sys - this file is globally excluded
----------
Key:  DCamUSBVeo532
ImagePath: System32\Drivers\ubVeo532.sys
C:\WINDOWS\System32\Drivers\ubVeo532.sys
95232 bytes
Created:  7/1/2002
Modified: 7/1/2002
Company:  IC Media Corporation
----------
Key:  ftsata2
ImagePath: system32\DRIVERS\ftsata2.sys
C:\WINDOWS\system32\DRIVERS\ftsata2.sys
175616 bytes
Created:  4/14/2005
Modified: 4/14/2005
Company:  Promise Technology, Inc.
----------
Key:  iaStor
ImagePath: system32\DRIVERS\iaStor.sys
C:\WINDOWS\system32\DRIVERS\iaStor.sys
870912 bytes
Created:  3/9/2005
Modified: 3/9/2005
Company:  Intel Corporation
----------
Key:  IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created:  10/22/2004
Modified: 10/22/2004
Company:  Macrovision Corporation
----------
Key:  ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created:  8/4/2004
Modified: 4/13/2008
Company:  Microsoft Corporation
----------
Key:  JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created:  1/13/2009
Modified: 1/13/2009
Company:  Sun Microsystems, Inc.
----------
Key:  MBAMProtector
ImagePath: \??\C:\WINDOWS\system32\drivers\mbam.sys
C:\WINDOWS\system32\drivers\mbam.sys
15504 bytes
Created:  1/13/2009
Modified: 1/14/2009
Company:  Malwarebytes Corporation
----------
Key:  MBAMService
ImagePath: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
170640 bytes
Created:  1/13/2009
Modified: 1/14/2009
Company:  Malwarebytes Corporation
----------
Key:  RTL8023xp
ImagePath: system32\DRIVERS\Rtnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
118656 bytes
Created:  12/2/2008
Modified: 12/2/2008
Company:  Realtek Semiconductor Corporation        
----------
Key:  SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created:  12/22/2008
Modified: 12/22/2008
Company:  SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key:  SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created:  12/22/2008
Modified: 12/22/2008
Company:   SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key:  SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created:  12/22/2008
Modified: 12/22/2008
Company:  SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key:  SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{DA028EC7-06F8-4F5A-8104-F408879C40B1}
C:\WINDOWS\system32\dllhost.exe  
5120 bytes
Created:  8/4/2004
Modified: 4/13/2008
Company:  Microsoft Corporation
----------
Key:  usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created:  1/19/2007
Modified: 1/19/2007
Company:  Microsoft Corporation
----------
 
************************************************************
3:06:44 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7356 bytes
Created:  1/17/2009
Modified: 6/2/1998
Company:  [no info]
VxD Key = JAVASUP
----------
----------
 
************************************************************
3:06:45 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key    : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
356352 bytes
Created:  12/22/2008
Modified: 12/22/2008
Company:  SUPERAntiSpyware.com
----------
 
************************************************************
3:06:45 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   7-Zip
CLSID: {23170F69-40C1-278A-1000-000100020000}
Path:  C:\Program Files\7-Zip\7-zip.dll
C:\Program Files\7-Zip\7-zip.dll
70144 bytes
Created:  1/2/2009
Modified: 1/2/2009
Company:  Igor Pavlov
----------
Key:   ShellExtension
CLSID: [empty]
----------
Key:   TrojanHunter
CLSID: {EBDF1F20-C829-11D1-8233-FF20AF3E97A9}
Path:  C:\PROGRA~1\TROJAN~1.0\contmenu.dll
C:\PROGRA~1\TROJAN~1.0\contmenu.dll
408064 bytes
Created:  1/13/2009
Modified: 3/25/2008
Company:  [no info]
----------
Key:   {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path:  C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created:  2/27/2007
Modified: 2/27/2007
Company:  SUPERAntiSpyware.com
----------
 
************************************************************
3:06:46 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
 
************************************************************
3:06:46 PM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #2 on: Jan 17th, 2009, 2:15pm »		 Quote Quote  Modify Modify
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63136 bytes
Created:  12/14/2004
Modified: 12/14/2004
Company:  Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created:  1/13/2009
Modified: 1/13/2009
Company:  Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
392240 bytes
Created:  12/14/2007
Modified: 12/14/2007
Company:  Microsoft Corporation
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created:  1/13/2009
Modified: 1/13/2009
Company:  Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created:  1/13/2009
Modified: 1/13/2009
Company:  Sun Microsystems, Inc.
----------
 
************************************************************
3:06:46 PM: Scanning ----- SHELLSERVICEOBJECTS -----
Key:   SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path:  %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
121856 bytes
Created:  8/4/2004
Modified: 4/13/2008
Company:  Microsoft Corporation
----------
 
************************************************************
3:06:47 PM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
 
************************************************************
3:06:47 PM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
 
************************************************************
3:06:47 PM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
 
************************************************************
3:06:48 PM: Scanning ----- SECURITY PROVIDER DLLS -----
 
************************************************************
3:06:48 PM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created:  6/25/2005
Modified: 6/25/2005
Company:  [no info]
--------------------
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
123904 bytes
Created:  5/26/2008
Modified: 5/26/2008
Company:  Microsoft Corporation
Windows Search.lnk - links to C:\Program Files\Windows Desktop Search\WindowsSearch.exe
--------------------
 
************************************************************
3:06:48 PM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Compaq_Owner
[C:\Documents and Settings\Compaq_Owner\START MENU\PROGRAMS\STARTUP]
The Startup Group for Compaq_Owner attempts to load the following file(s):
C:\Documents and Settings\Compaq_Owner\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created:  1/13/2009
Modified: 6/25/2005
Company:  [no info]
----------
--------------------
Checking Startup Group for: Default User
[C:\Documents and Settings\Default User\START MENU\PROGRAMS\STARTUP]
The Startup Group for Default User attempts to load the following file(s):
C:\Documents and Settings\Default User\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created:  6/25/2005
Modified: 6/25/2005
Company:  [no info]
----------
 
************************************************************
3:06:48 PM: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File:     C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created:  7/30/2008
Modified: 7/30/2008
Company:  Apple Inc.
Parameters:    -task
Next Run Time: 1/21/2009 7:26:00 PM
Status:   The task is ready to run at its next scheduled time
Creator:  SYSTEM
Comments: [blank]
----------
 
************************************************************
3:06:49 PM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
 
************************************************************
3:06:49 PM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created:  1/13/2009
Modified: 1/13/2009
Company:  [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created:  1/13/2009
Modified: 1/13/2009
Company:  [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed
 
************************************************************
3:06:50 PM: Scanning ----- RUNNING PROCESSES -----
 
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - file already scanned
--------------------
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
--------------------
C:\WINDOWS\system32\SearchIndexer.exe
--------------------
C:\WINDOWS\system32\dllhost.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\msdtc.exe
--------------------
C:\Program Files\TrojanHunter 5.0\THGuard.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - file already scanned
--------------------
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe - file already scanned
--------------------
C:\Program Files\Registry Mechanic\RegMech.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Yahoo!\Messenger\yahoomessenger.exe
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Documents and Settings\Compaq_Owner\Application Data\Simply Super Software\Trojan Remover\prn31.exe
FileSize:     2921336
[This is a Trojan Remover component]
--------------------
 
************************************************************
3:06:54 PM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
 
************************************************************
3:06:54 PM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
 
************************************************************
3:06:54 PM: Checking HOSTS file
No malicious entries were found in the HOSTS file
 
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
 
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 3:06:54 PM 17 Jan 2009
Total Scan time: 00:00:25
************************************************************
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #3 on: Jan 17th, 2009, 2:17pm »		 Quote Quote  Modify Modify
ComboFix 09-01-16.01 - Compaq_Owner 2009-01-16 15:57:40.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.222.58 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
 * Created a new restore point
.
 
(((((((((((((((((((((((((   Files Created from 2008-12-16 to 2009-01-16  )))))))))))))))))))))))))))))))
.
 
2009-01-15 20:04 . 2009-01-15 20:04<DIR>d--------c:\windows\system32\scripting
2009-01-15 20:04 . 2009-01-15 20:04<DIR>d--------c:\windows\system32\en
2009-01-15 20:04 . 2009-01-15 20:04<DIR>d--------c:\windows\system32\bits
2009-01-15 20:04 . 2009-01-15 20:04<DIR>d--------c:\windows\l2schemas
2009-01-15 20:01 . 2009-01-15 20:05<DIR>d--------c:\windows\ServicePackFiles
2009-01-15 19:50 . 2009-01-15 19:50<DIR>d--------c:\windows\EHome
2009-01-15 19:41 . 2008-04-13 19:124,274,816---------c:\windows\system32\nv4_disp.dll
2009-01-15 19:40 . 2008-04-13 19:11870,784---------c:\windows\system32\ati3d1ag.dll
2009-01-15 02:49 . 2008-09-21 19:441,697,449--a------c:\windows\system32\vba6.dll
2009-01-14 13:24 . 2009-01-14 13:24<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\DivX
2009-01-14 12:25 . 2006-01-20 14:19389,120--a------c:\windows\system32\actskn43.ocx
2009-01-14 01:03 . 2008-12-11 05:57333,952---------c:\windows\system32\dllcache\srv.sys
2009-01-13 21:49 . 2008-10-16 14:06268,648--a------c:\windows\system32\mucltui.dll
2009-01-13 21:49 . 2008-10-16 14:0627,496--a------c:\windows\system32\mucltui.dll.mui
2009-01-13 09:41 . 2009-01-13 09:41209,608--a------c:\windows\system32\tabctl32.ocx
2009-01-13 09:38 . 2004-12-25 08:2790,112--a------c:\windows\system32\YMSG12Crypt.dll
2009-01-13 09:38 . 2007-06-30 14:5949,152--a------c:\windows\system32\Wavefx32.dll
2009-01-13 09:24 . 2005-03-24 14:4398,304--a------c:\windows\system32\KewlButtonz.ocx
2009-01-13 08:42 . 2009-01-13 08:42<DIR>d--------c:\program files\Yahoo!
2009-01-13 08:42 . 2009-01-13 08:44<DIR>d--------c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-13 08:27 . 2004-03-08 19:00212,240---------c:\windows\system32\Richtx32.ocx
2009-01-13 08:27 . 2004-07-01 02:5690,112--a------c:\windows\system32\YMSG12ENCRYPT.dll
2009-01-13 08:21 . 2009-01-15 02:53115,920--a------c:\windows\system32\msinet.ocx
2009-01-13 08:19 . 2009-01-13 08:19152,848--a------c:\windows\system32\comdlg32.ocx
2009-01-13 08:18 . 2008-10-31 06:46124,688--a------c:\windows\system32\MSWinSck.ocx
2009-01-13 07:24 . 2009-01-13 07:24<DIR>d--------c:\program files\Microsoft Silverlight
2009-01-13 07:24 . 2009-01-13 07:24<DIR>d--------c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-13 06:59 . 2009-01-13 06:59<DIR>d--------c:\program files\MSXML 6.0
2009-01-13 06:47 . 2009-01-13 06:47<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Windows Search
2009-01-13 06:29 . 2009-01-13 06:29<DIR>d--------c:\program files\MSBuild
2009-01-13 06:25 . 2009-01-13 07:01<DIR>d--------c:\windows\system32\XPSViewer
2009-01-13 06:24 . 2009-01-13 06:24<DIR>d--------c:\program files\Reference Assemblies
2009-01-13 06:22 . 2006-06-29 13:0714,048---------c:\windows\system32\spmsg2.dll
2009-01-13 06:21 . 2009-01-13 06:22<DIR>d--------C:\b4bc081899d727a63443850c12
2009-01-13 06:20 . 2009-01-13 06:20<DIR>d--------c:\windows\system32\GroupPolicy
2009-01-13 06:20 . 2009-01-13 06:20<DIR>d--------c:\program files\Windows Desktop Search
2009-01-13 06:20 . 2009-01-13 06:20<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Windows Desktop Search
2009-01-13 06:17 . 2009-01-13 06:17<DIR>d--------c:\program files\Windows Media Connect 2
2009-01-13 06:15 . 2009-01-13 08:02<DIR>d--------c:\windows\system32\LogFiles
2009-01-13 06:15 . 2009-01-13 06:16<DIR>d--------c:\windows\system32\drivers\UMDF
2009-01-13 06:01 . 2008-04-13 19:12290,304---------c:\windows\system32\rhttpaa.dll
2009-01-13 06:01 . 2008-04-13 19:11136,192---------c:\windows\system32\aaclient.dll
2009-01-13 06:01 . 2008-04-13 19:1253,248---------c:\windows\system32\tsgqec.dll
2009-01-13 05:33 . 2008-10-16 15:386,066,176---------c:\windows\system32\dllcache\ieframe.dll
2009-01-13 05:33 . 2007-04-17 04:322,455,488---------c:\windows\system32\dllcache\ieapfltr.dat
2009-01-13 05:33 . 2007-03-08 00:10991,232---------c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-13 05:33 . 2008-10-16 15:38459,264---------c:\windows\system32\dllcache\msfeeds.dll
2009-01-13 05:33 . 2008-10-16 15:38383,488---------c:\windows\system32\dllcache\ieapfltr.dll
2009-01-13 05:33 . 2008-10-16 15:38267,776---------c:\windows\system32\dllcache\iertutil.dll
2009-01-13 05:33 . 2008-10-16 15:3863,488---------c:\windows\system32\dllcache\icardie.dll
2009-01-13 05:33 . 2008-10-16 15:3852,224---------c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-13 05:33 . 2008-10-16 08:1113,824---------c:\windows\system32\dllcache\ieudinit.exe
2009-01-13 04:57 . 2008-09-15 07:121,846,400---------c:\windows\system32\dllcache\win32k.sys
2009-01-13 04:56 . 2008-08-14 05:112,189,184---------c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-13 04:56 . 2008-08-14 05:092,145,280---------c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-13 04:56 . 2008-08-14 04:332,066,048---------c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-13 04:56 . 2008-08-14 04:332,023,936---------c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-13 04:56 . 2008-04-11 14:04691,712---------c:\windows\system32\dllcache\inetcomm.dll
2009-01-13 04:56 . 2008-05-08 09:02203,136---------c:\windows\system32\dllcache\rmcast.sys
2009-01-13 04:55 . 2008-10-24 06:21455,296---------c:\windows\system32\dllcache\mrxsmb.sys
2009-01-13 04:55 . 2008-06-13 06:05272,128---------c:\windows\system32\drivers\bthport.sys
2009-01-13 04:55 . 2008-06-13 06:05272,128---------c:\windows\system32\dllcache\bthport.sys
2009-01-13 04:52 . 2008-10-15 11:34337,408---------c:\windows\system32\dllcache\netapi32.dll
2009-01-13 03:58 . 2009-01-13 04:44246--a------c:\windows\system\hpsysdrv.dat
2009-01-13 03:55 . 2009-01-13 02:08<DIR>d--------c:\windows\I386
2009-01-13 03:21 . 2009-01-13 03:21<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\MySpace
2009-01-13 03:20 . 2009-01-13 03:20<DIR>d--------c:\program files\MySpace
2009-01-13 03:15 . 2009-01-13 08:14<DIR>d--------c:\documents and settings\Compaq_Owner\Contacts
2009-01-13 03:13 . 2009-01-16 06:58<DIR>d--------c:\program files\MSN Messenger
2009-01-13 02:41 . 2009-01-13 02:41<DIR>d--------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-13 02:40 . 2009-01-16 15:39<DIR>d--------c:\program files\SUPERAntiSpyware
2009-01-13 02:40 . 2009-01-13 02:40<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2009-01-13 02:39 . 2009-01-13 02:39<DIR>d--------c:\program files\Common Files\Wise Installation Wizard
2009-01-13 02:37 . 2009-01-13 02:38<DIR>d--------c:\program files\CCleaner
2009-01-13 02:34 . 2009-01-16 15:55<DIR>d-a------c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 02:04 . 2009-01-13 02:04410,984--a------c:\windows\system32\deploytk.dll
2009-01-13 02:04 . 2009-01-13 02:0473,728--a------c:\windows\system32\javacpl.cpl
2009-01-13 01:33 . 2009-01-13 01:34<DIR>d--------c:\program files\iTunes
2009-01-13 01:33 . 2009-01-13 01:33<DIR>d--------c:\program files\iPod
2009-01-13 01:33 . 2009-01-13 01:34<DIR>d--------c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-13 01:32 . 2009-01-13 01:32<DIR>d--------c:\program files\Bonjour
2009-01-13 01:31 . 2009-01-13 01:32<DIR>d--------c:\program files\QuickTime
2009-01-13 01:30 . 2009-01-13 03:13<DIR>d----c---c:\windows\system32\DRVSTORE
2009-01-13 01:30 . 2009-01-13 01:33<DIR>d--------c:\program files\Common Files\Apple
2009-01-13 01:30 . 2009-01-13 01:30<DIR>d--------c:\program files\Apple Software Update
2009-01-13 01:30 . 2009-01-13 01:30<DIR>d--------c:\documents and settings\All Users\Application Data\Apple
2009-01-13 01:28 . 2009-01-13 01:28<DIR>d--------c:\program files\DivX
2009-01-13 01:27 . 2009-01-13 01:27<DIR>d--------c:\program files\AC3Filter
2009-01-13 01:27 . 2008-07-09 03:05421,888--a------c:\windows\system32\ac3filter.acm
2009-01-13 01:22 . 2008-04-13 13:395,504--a------c:\windows\system32\drivers\mstee.sys
2009-01-13 01:21 . 2008-04-13 13:4685,248--a------c:\windows\system32\drivers\nabtsfec.sys
2009-01-13 01:21 . 2008-04-13 13:4619,200--a------c:\windows\system32\drivers\wstcodec.sys
2009-01-13 01:21 . 2008-04-13 13:4617,024--a------c:\windows\system32\drivers\ccdecode.sys
2009-01-13 01:21 . 2008-04-13 19:1216,384--a------c:\windows\system32\ipsink.ax
2009-01-13 01:21 . 2008-04-13 13:4615,232--a------c:\windows\system32\drivers\streamip.sys
2009-01-13 01:21 . 2008-04-13 13:4611,136--a------c:\windows\system32\drivers\slip.sys
2009-01-13 01:21 . 2008-04-13 13:4610,880--a------c:\windows\system32\drivers\ndisip.sys
2009-01-13 01:20 . 2008-04-13 19:1291,136--a------c:\windows\system32\kswdmcap.ax
2009-01-13 01:20 . 2008-04-13 19:1261,952--a------c:\windows\system32\kstvtune.ax
2009-01-13 01:20 . 2008-04-13 19:1253,760--a------c:\windows\system32\vfwwdm32.dll
2009-01-13 01:20 . 2008-04-13 19:1243,008--a------c:\windows\system32\ksxbar.ax
2009-01-13 01:20 . 2008-04-13 19:1228,672--a------c:\windows\system32\vidcap.ax
2009-01-13 01:16 . 2009-01-13 01:16<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\TrojanHunter
2009-01-13 01:10 . 2009-01-13 01:16<DIR>d--------c:\program files\TrojanHunter 5.0
2009-01-13 00:53 . 2009-01-13 00:53<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Digital Asphyxia
2009-01-13 00:53 . 2009-01-13 00:53<DIR>d--------c:\documents and settings\All Users\Application Data\Digital Asphyxia
2009-01-13 00:52 . 2009-01-13 00:52<DIR>d--------c:\program files\Digital Asphyxia
2009-01-13 00:52 . 2009-01-13 00:52<DIR>d--------c:\documents and settings\All Users\Application Data\Tarma Installer
2009-01-13 00:48 . 2009-01-13 00:48<DIR>d--------c:\program files\Common Files\NSV
2009-01-13 00:45 . 2009-01-13 00:52<DIR>d--------c:\program files\Winamp
2009-01-13 00:45 . 2009-01-16 15:021,125--a------c:\windows\winamp.ini
2009-01-13 00:35 . 2009-01-13 00:35<DIR>d--------c:\program files\Trend Micro
2009-01-13 00:30 . 2009-01-13 00:30<DIR>d--------c:\program files\7-Zip
2009-01-13 00:28 . 2009-01-13 00:28<DIR>d--------c:\program files\uTorrent
2009-01-13 00:28 . 2009-01-16 15:41<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2009-01-13 00:22 . 2009-01-16 15:04<DIR>d--------c:\program files\Malwarebytes' Anti-Malware
2009-01-13 00:22 . 2009-01-13 00:22<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-01-13 00:22 . 2009-01-13 00:22<DIR>d--------c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-13 00:22 . 2009-01-14 16:1138,496--a------c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 00:22 . 2009-01-14 16:1115,504--a------c:\windows\system32\drivers\mbam.sys
2009-01-13 00:12 . 2004-08-04 07:00221,184--a------c:\windows\system32\wmpns.dll
2009-01-13 00:12 . 2009-01-13 00:121,857-rahs----c:\windows\system32\drivers\103C_HP_CPC_ED861AA-ABA SR1603WM NA540_YC_0Pres_QCNH542_E54NAheRED2_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.08_T050913_WXH2_L409_M223_J80_7AMD_8Sempron_91.79_#051225_ N10EC8139_Z14F12F20_G10025954.MRK
2009-01-13 00:10 . 2005-08-08 17:50<DIR>d--------c:\documents and settings\Compaq_Owner\WINDOWS
2009-01-13 00:10 . 2005-08-08 17:54<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\SampleView
2009-01-13 00:10 . 2005-08-08 17:49<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 07:03---------d-----wc:\program files\Java
2009-01-13 06:56---------d--h--wc:\program files\InstallShield Installation Information
2009-01-13 06:54---------d-----wc:\program files\Common Files\InstallShield
2009-01-13 06:31---------d-----wc:\documents and settings\All Users\Application Data\Apple Computer
2008-12-11 10:57333,952----a-wc:\windows\system32\drivers\srv.sys
2008-12-02 11:05118,656----a-wc:\windows\system32\drivers\Rtnicxp.sys
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Y!TunnelPro"="c:\program files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe" [2008-09-27 1412608]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-16 1830128]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-24 1056928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
 
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Digital Asphyxia\\Y!TunnelPro 2.5\\YTPro.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
 
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2002-07-01 95232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-13 15504]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-13 170640]
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
 
2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
 
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
 
 
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405 &bd=presario&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405 &bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.
 
************************************************************************ **
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 16:01:38
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...  
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
************************************************************************ **
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-16 16:05:17
ComboFix-quarantined-files.txt  2009-01-16 21:05:12
 
Pre-Run: 59,323,842,560 bytes free
Post-Run: 59,308,896,256 bytes free
 
226--- E O F ---2009-01-16 10:58:01
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6729
Re: hey tom
« Reply #4 on: Jan 17th, 2009, 4:31pm »		 Quote Quote  Modify Modify
Quote:
hey tom sorry bother you but i don't know how this got back in my pc  
 
TrojanHunter Scan Report - Saved 2009-01-16 18:36  
 
Found trojan file: C:\RECYCLER\S-1-5-21-303586593-3712854003-2074291724-1009\Dc1.exe/hidec.  exe (RiskTool.Hidec.100)  
Found trojan file: C:\RECYCLER\S-1-5-21-303586593-3712854003-2074291724-1009\Dc1.exe/Upx.hx  ggodch/hidec.exe (RiskTool.Hidec.100)  
Quarantined file C:\RECYCLER\S-1-5-21-303586593-3712854003-2074291724-1009\Dc1.exe  
Unable to quarantine file C:\RECYCLER\S-1-5-21-303586593-3712854003-2074291724-1009\Dc1.exe: Scheduling file to be quarantined when computer is restarted

 
I don't know how it got back on your machine either.  Did you reboot your computer so TH could finish the quarantine?
 
Combofix is showing nothing.  I don't know anything about program Trojan Remover...sorry.
IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V10; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2011 Beta. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.3, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #5 on: Jan 18th, 2009, 7:47am »		 Quote Quote  Modify Modify
i just email them and hopefully they can get this iusse fix
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #6 on: Jan 18th, 2009, 8:37am »		 Quote Quote  Modify Modify
Re: False Positiveþ
From:  Simply Super Software (Support) (support@simplysup1.com)  
Sent: Sun 1/18/09 9:13 AM  
To:  Thomas (forlife2564@hotmail.com)  
 
Can you please provide more specific information.Exactly which file(s) is Trojan Remover reporting as malware?Is it only reporting the file as malware heuristically, during an active scan (e.g. because the file has hidden/system attributes), or does it report the file as a specific malware?If a specific file is being falsely reported, can you please send us a copy of the file. If you are unsure of the answers to the above questions, the Trojan Remover logfile should contain the information we need. Trojan Remover's logfile is called TRLOG.TXT and is located in: For 2000/XP:"My Documents"\Simply Super Software\Trojan Remover Logfiles For Vista:"Documents"\Simply Super Software\Trojan Remover Logfiles Note: "My Documents" or "Documents" may be in a different language if you are not using an English version of Windows. Nigel ThomasSimply Super SoftwareSupport: www.simplysup.com/support/Frequently Asked Questions: www.simplysup.com/faq/Support email: support@simplysup1.comSales email: sales@simplysup1.com ----- Original Message ----- From: "Thomas" <forlife2564@hotmail.com>To: <support@simplysup1.com>Sent: Sunday, January 18, 2009 1:40 PMSubject: False Positive   Trojan Remover is flagging TrojanHunter as Malware and TrojanHunter is not Malware can you guys please fix this iusse
 
 
i sent them the download link the zip file whould not go it was to big
« Last Edit: Jan 18th, 2009, 8:37am by Thomas » IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6729
Re: hey tom
« Reply #7 on: Jan 18th, 2009, 11:07am »		 Quote Quote  Modify Modify
Where in the TR log is it saying that TrojanHunter is malware?  
 
Quote:
The following Anti-Malware program(s) are loaded:  
[AV Warnings are suppressed]  
Trojan Hunter

 
The above is not saying it is malware...it is recognizing that TH is an anti-malware program which is true.  
 
What am I not seeing in the TR log?  Huh
IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V10; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2011 Beta. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.3, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #8 on: Jan 18th, 2009, 2:02pm »		 Quote Quote  Modify Modify
on Jan 18th, 2009, 11:07am, siliconman01 wrote:
Where in the TR log is it saying that TrojanHunter is malware?  
 
 
The above is not saying it is malware...it is recognizing that TH is an anti-malware program which is true.  
 
What am I not seeing in the TR log?  Huh

 
maybe my eyes r playing tricks on me but on tr i hit scan and a pop up appear saying th is malware but maybe i did not read it right
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6729
Re: hey tom
« Reply #9 on: Jan 18th, 2009, 2:09pm »		 Quote Quote  Modify Modify
Please scan again with TR and see if it alerts again.  And copy down what the alert says.  Is TH in the Quarantine folder of TR?
IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V10; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2011 Beta. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.3, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #10 on: Jan 18th, 2009, 5:03pm »		 Quote Quote  Modify Modify
on Jan 18th, 2009, 2:09pm, siliconman01 wrote:
Please scan again with TR and see if it alerts again.  And copy down what the alert says.  Is TH in the Quarantine folder of TR?

 
i was right and i feel like a dumbass i read it wrong
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 6729
Re: hey tom
« Reply #11 on: Jan 18th, 2009, 10:22pm »		 Quote Quote  Modify Modify
No problemo  Wink
IP Logged
______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V10; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2011 Beta. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.3, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #12 on: Mar 18th, 2009, 10:14pm »		 Quote Quote  Modify Modify
Avira AntiVir Personal
Report file date: Wednesday, March 18, 2009  23:18
 
Scanning for 1306980 virus strains and unwanted programs.
 
Licensee   : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform   : Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode  : Normally booted
Username   : SYSTEM
Computer name   : TOM
 
Version information:
BUILD.DAT  : 9.0.0.386     17962 Bytes   3/11/2009 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes   2/24/2009 16:13:26
AVSCAN.DLL : 9.0.3.0  40705 Bytes   2/27/2009 14:58:24
LUKE.DLL   : 9.0.3.2 209665 Bytes   2/20/2009 15:35:49
LUKERES.DLL     : 9.0.2.0  12033 Bytes   2/27/2009 14:58:52
ANTIVIR0.VDF    : 7.1.0.0    15603712 Bytes  10/27/2008 16:30:36
ANTIVIR1.VDF    : 7.1.2.12    3336192 Bytes   2/11/2009 00:33:26
ANTIVIR2.VDF    : 7.1.2.152    749568 Bytes   3/11/2009 02:52:58
ANTIVIR3.VDF    : 7.1.2.188    216064 Bytes   3/18/2009 02:52:59
Engineversion   : 8.2.0.120
AEVDF.DLL  : 8.1.1.0 106868 Bytes   1/27/2009 21:36:42
AESCRIPT.DLL    : 8.1.1.67     364923 Bytes   3/19/2009 02:53:04
AESCN.DLL  : 8.1.1.8 127346 Bytes   3/19/2009 02:53:03
AERDL.DLL  : 8.1.1.3 438645 Bytes  10/29/2008 22:24:41
AEPACK.DLL : 8.1.3.10     397686 Bytes    3/4/2009 17:06:10
AEOFFICE.DLL    : 8.1.0.36     196987 Bytes   2/27/2009 00:01:56
AEHEUR.DLL : 8.1.0.107   1663352 Bytes   3/19/2009 02:53:02
AEHELP.DLL : 8.1.2.2 119158 Bytes   2/27/2009 00:01:56
AEGEN.DLL  : 8.1.1.30     336245 Bytes   3/19/2009 02:52:59
AEEMU.DLL  : 8.1.0.9 393588 Bytes   10/9/2008 18:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes   2/17/2009 18:22:44
AEBB.DLL   : 8.1.0.3  53618 Bytes   10/9/2008 18:32:40
AVWINLL.DLL     : 9.0.0.3  18177 Bytes  12/12/2008 12:47:59
AVPREF.DLL : 9.0.0.1  43777 Bytes   12/5/2008 14:32:15
AVREP.DLL  : 8.0.0.3 155905 Bytes   1/20/2009 18:34:28
AVREG.DLL  : 9.0.0.0  36609 Bytes   12/5/2008 14:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes    2/9/2009 11:52:24
AVEVTLOG.DLL    : 9.0.0.7 167169 Bytes   1/30/2009 14:37:08
SQLITE3.DLL     : 3.6.1.0 326401 Bytes   1/28/2009 19:03:49
SMTPLIB.DLL     : 9.2.0.25 28417 Bytes    2/2/2009 12:21:33
NETNT.DLL  : 9.0.0.0  11521 Bytes   12/5/2008 14:32:10
RCIMAGE.DLL     : 9.0.0.21    2438401 Bytes    2/9/2009 15:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes   3/11/2009 19:55:12
 
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,  
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
 
Start of the scan: Wednesday, March 18, 2009  23:18
 
Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)
 
Starting search for hidden objects.
'51490' objects were checked, '0' hidden objects were found.
 
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'YTPro.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RegMech.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'THGuard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'lockpc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
 
Starting master boot sector scan:
 
Start scanning boot sectors:
 
Starting to scan executable files (registry).
The registry was scanned ( '52' files ).
 
 
Starting the file scan:
 
Begin scan in 'C:\' <PRESARIO>
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
    [WARNING]   The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\0Q9LK98H\result[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\1ZNGE0MN\myport[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\1ZNGE0MN\ppc[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\5L3E0H8H\go[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\5L3E0H8H\p[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6AQ27429\result[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6AQ27429\result[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IOPBD7OK\promote[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IOPBD7OK\promote[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IOPBD7OK\promote[3].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IOPBD7OK\promote[4].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\LJRDAE8A\result[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\LJRDAE8A\result[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\LJRDAE8A\result[3].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\LJRDAE8A\smartsearch[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\RAB5CF0G\120600_dyn[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\RAB5CF0G\promote[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #13 on: Mar 18th, 2009, 10:15pm »		 Quote Quote  Modify Modify
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\X0R00H34\promote[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\XP5LSY0A\smartsearch[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\hp\bin\KillIt.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApp.A application
C:\hp\bin\KillWind.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP19\A0003080 .exe
    [DETECTION] Contains recognition pattern of the APPL/MyWay.A application
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP20\A0003855 .exe
    [DETECTION] Contains recognition pattern of the DIAL/90112 dialer
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP28\A0008951 .exe:ext.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0010989 .exe:ext.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0010993 .exe
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0010994 .exe
    [DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0011280 .exe
    [DETECTION] Is the TR/Patched.AA.546 Trojan
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0011284 .exe
    [DETECTION] Is the TR/Patched.AA.522 Trojan
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0011320 .EXE
    [DETECTION] Contains recognition pattern of the APPL/PsExec.E application
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0011421 .exe
  [0] Archive type: RAR SFX (self extracting)
    --> 32788R22FWJFW\psexec.cfexe
 [1] Archive type: RSRC
 --> Object
   [DETECTION] Contains recognition pattern of the APPL/PsExec.E application
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0014161 .exe
    [DETECTION] Contains code of the W32/Virut.Gen Windows virus
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0014221 .exe
    [DETECTION] Is the TR/Agent.332800.C Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4PUJ8XQR\inst[1].php
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
Begin scan in 'D:\' <PRESARIO_RP>
D:\I386\Apps\APP07397\src\HPSummer2005.exe
    [DETECTION] Contains recognition pattern of the APPL/MyWay.A application
 
Beginning disinfection:
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\0Q9LK98H\result[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4a34c500.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\1ZNGE0MN\myport[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4a31c514.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\1ZNGE0MN\ppc[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4a24c50b.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\5L3E0H8H\go[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4a1cc50a.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\5L3E0H8H\p[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '49f2c4f6.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6AQ27429\result[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4a34c501.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6AQ27429\result[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4cbb80e2.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IOPBD7OK\promote[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4a30c50e.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IOPBD7OK\promote[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4bb1364f.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IOPBD7OK\promote[3].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4bb23e07.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\IOPBD7OK\promote[4].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '496be9f7.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\LJRDAE8A\result[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4968f1c2.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\LJRDAE8A\result[2].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4969f98a.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\LJRDAE8A\result[3].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '496a8152.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\LJRDAE8A\smartsearch[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4a22c509.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\RAB5CF0G\120600_dyn[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '49f1c4ce.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\RAB5CF0G\promote[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '49519ea7.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\X0R00H34\promote[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4a30c50f.qua'!
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\XP5LSY0A\smartsearch[1].htm
    [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
    [NOTE] The file was moved to '4a22c50a.qua'!
C:\hp\bin\KillIt.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApp.A application
    [NOTE] The file was moved to '4a2dc506.qua'!
C:\hp\bin\KillWind.exe
    [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application
    [NOTE] The file was moved to '4b57018f.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP19\A0003080 .exe
    [DETECTION] Contains recognition pattern of the APPL/MyWay.A application
    [NOTE] The file was moved to '488d10d7.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP20\A0003855 .exe
    [DETECTION] Contains recognition pattern of the DIAL/90112 dialer
    [NOTE] The file was moved to '4a964e97.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP28\A0008951 .exe:ext.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4a9956ef.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0010989 .exe:ext.exe
    [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
    [NOTE] The file was moved to '4a95b7cf.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0010993 .exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '49f1c4cf.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP29\A0010994 .exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '4f7cf280.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0011280 .exe
    [DETECTION] Is the TR/Patched.AA.546 Trojan
    [NOTE] The file was moved to '4a985d38.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0011284 .exe
    [DETECTION] Is the TR/Patched.AA.522 Trojan
    [NOTE] The file was moved to '4a94be18.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0011320 .EXE
    [DETECTION] Contains recognition pattern of the APPL/PsExec.E application
    [NOTE] The file was moved to '4a9b6560.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP35\A0011421 .exe
    [NOTE] The file was moved to '4a9d7590.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0014161 .exe
    [DETECTION] Contains code of the W32/Virut.Gen Windows virus
    [NOTE] The file was moved to '4a9a6da8.qua'!
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP37\A0014221 .exe
    [DETECTION] Is the TR/Agent.332800.C Trojan
    [NOTE] The file was moved to '4a9f0400.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4PUJ8XQR\inst[1].php
    [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
    [NOTE] The file was moved to '4a34c50e.qua'!
D:\I386\Apps\APP07397\src\HPSummer2005.exe
    [DETECTION] Contains recognition pattern of the APPL/MyWay.A application
    [NOTE] The file was moved to '4a14c4f1.qua'!
 
 
End of the scan: Thursday, March 19, 2009  00:05
Used time: 46:53 Minute(s)
 
The scan has been done completely.
 
   5810 Scanned directories
 279989 Files were scanned
     35 Viruses and/or unwanted programs were found
 0 Files were classified as suspicious
 0 files were deleted
 0 Viruses and unwanted programs were repaired
     35 Files were moved to quarantine
 0 Files were renamed
 2 Files cannot be scanned
 279952 Files not concerned
  12742 Archives were scanned
 2 Warnings
     37 Notes
  51490 Objects were scanned with rootkit scan
 0 Hidden objects were found
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
Thomas
Full Member
***






   
Email

Gender: male
 Posts: 197
Re: hey tom
« Reply #14 on: Mar 18th, 2009, 10:16pm »		 Quote Quote  Modify Modify
im to lazy make a new thread right now lol
IP Logged
Windows XP Home Edition Service Pack 3
Y!TunnelPro Version 2.5 Build 618
VC Sync Community Edition
Yahoo! Messenger Version 10.0.0 Build 1258
YTK Enhanced Version 2.6 Build 96
Internet Explorer Version 8.0.6001.18702
Cable
Avira AntiVir Control Center
Windows Firewall
Netgear Router
TrojanHunter Version 5.3 Build 994
Netgear Router
Packed Driver Detector Version 1.0
HijackThis Version 2.0 Build 2
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register