Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   my th logs		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: my th logs  (Read 450 times)
Thomas
Full Member
***






   


Gender: male
 Posts: 233
my th logs
« on: Mar 26th, 2010, 12:45am »		 Quote Quote  Modify Modify
TrojanHunter Scan Report - Saved 2010-03-26 01:43
 
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission
Warning: The key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page has a data value of unknown type!
Warning: The key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastT heme\Wallpaper has a data value of unknown type!
Warning: The key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastT heme\Wallpaper has a data value of unknown type!
Warning: The key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastT heme\Wallpaper has a data value of unknown type!
Warning: The key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\Ser viceDll has a data value of unknown type!
Removed registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\DefaultLaunchPermission
Unable to remove registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\DefaultLaunchPermission
Unable to remove registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\DefaultLaunchPermission
Unable to remove registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\DefaultLaunchPermission
Unable to remove registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\DefaultLaunchPermission
Unable to remove registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\DefaultLaunchPermission
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: my th logs
« Reply #1 on: Mar 26th, 2010, 12:45am »		 Quote Quote  Modify Modify
TrojanHunter Scan Report - Saved 2010-03-26 02:39
 
Warning: Unable to unpack UPX-packed file C:\Program Files\uTorrent\uTorrent.exe
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ERDNT\subs\ERDNT.EXE
Warning: Unable to unpack UPX-packed file H:\I386\SYSTEM32\drivers\USBUHCI.SYS
Warning: Unable to unpack UPX-packed file H:\MiniNT\system32\drivers\USBUHCI.SYS
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: my th logs
« Reply #2 on: Mar 26th, 2010, 12:46am »		 Quote Quote  Modify Modify
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:28 AM, on 3/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\TrojanHunter\THGuard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/ muweb_site.cab?1256497813171
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
 
--
End of file - 4241 bytes
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: my th logs
« Reply #3 on: Mar 26th, 2010, 12:47am »		 Quote Quote  Modify Modify
im not going do a combofix unless you tell me to
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: my th logs
« Reply #4 on: Mar 26th, 2010, 3:35am »		 Quote Quote  Modify Modify
First, your HJT log is showing no infections.  I do not feel the a combofix run is necessary.
 
Quote:
Warning: Unable to unpack UPX-packed file C:\Program Files\uTorrent\uTorrent.exe  
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE  
Warning: Unable to unpack UPX-packed file C:\WINDOWS\ERDNT\subs\ERDNT.EXE  
Warning: Unable to unpack UPX-packed file H:\I386\SYSTEM32\drivers\USBUHCI.SYS  
Warning: Unable to unpack UPX-packed file H:\MiniNT\system32\drivers\USBUHCI.SYS

 
The above unpack warnings are nothing to worry about.  It just means that TH cannot unpack these files to analyze them because TH does not have their specific unpacker code within the TH scanner program.  The files are known files on XP systems.
 
Quote:
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission  
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission  
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission  
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission  
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission  
Suspicious registry entry: HKLM\Software\Microsoft\Ole\DefaultLaunchPermission  
Warning: The key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page has a data value of unknown type!  
Warning: The key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastT  heme\Wallpaper has a data value of unknown type!  
Warning: The key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastT  heme\Wallpaper has a data value of unknown type!  
Warning: The key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastT  heme\Wallpaper has a data value of unknown type!  
Warning: The key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\Ser  viceDll has a data value of unknown type!

 
Hmmm...the above warnings are new ones on me.  I've never seen them before.  Do you have any special desktop theme software running on your system?  
 
I'm going to email Magnus asking him to take a look at these and provide guidance.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: my th logs
« Reply #5 on: Mar 26th, 2010, 4:01am »		 Quote Quote  Modify Modify
on Mar 26th, 2010, 3:35am, siliconman01 wrote:
First, your HJT log is showing no infections.  I do not feel the a combofix run is necessary.
 
 
The above unpack warnings are nothing to worry about.  It just means that TH cannot unpack these files to analyze them because TH does not have their specific unpacker code within the TH scanner program.  The files are known files on XP systems.
 
 
Hmmm...the above warnings are new ones on me.  I've never seen them before.  Do you have any special desktop theme software running on your system?  
 
I'm going to email Magnus asking him to take a look at these and provide guidance.

 
nope
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: my th logs
« Reply #6 on: Mar 27th, 2010, 1:23am »		 Quote Quote  Modify Modify
Hopefully Magnus will stop by over the weekend.  
 
Is your system acting up in any way?
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: my th logs
« Reply #7 on: Mar 27th, 2010, 6:52am »		 Quote Quote  Modify Modify
ComboFix 10-03-26.02 - Owner 03/27/2010   4:02.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.222.92 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\documents and settings\Owner\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Owner\Application Data\Microsoft\bass.dll
c:\documents and settings\Owner\Application Data\Microsoft\engine_vx.dll
c:\documents and settings\Owner\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Owner\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Owner\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Owner\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Owner\Application Data\Microsoft\rsaadjd.dll
c:\windows\system32\SCLabel.ocx
 
.
(((((((((((((((((((((((((   Files Created from 2010-02-27 to 2010-03-27  )))))))))))))))))))))))))))))))
.
 
2010-03-25 21:44 . 2010-03-25 21:54--------d-----w-c:\documents and settings\All Users\Application Data\TrojanHunter
2010-03-25 21:44 . 2010-03-26 05:47--------d-----w-c:\program files\TrojanHunter
2010-03-25 21:28 . 2010-03-25 21:28--------d-----w-c:\documents and settings\Owner\Application Data\Avira
2010-03-11 14:05 . 2010-03-11 14:05--------d-----w-c:\program files\VC Sync
2010-03-10 04:52 . 2009-10-23 15:283558912-c----w-c:\windows\system32\dllcache\moviemk.exe
2010-03-07 12:44 . 2010-03-07 12:44--------d-----w-c:\documents and settings\All Users\Application Data\Yahoo! Companion
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 06:35 . 2009-10-25 13:48--------d-----w-c:\documents and settings\Owner\Application Data\uTorrent
2010-03-10 20:22 . 2009-12-24 04:04--------d-----w-c:\program files\MpcStar
2010-03-07 12:56 . 2009-10-26 05:58--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP
2010-03-07 12:44 . 2009-12-04 15:30--------d-----w-c:\program files\Yahoo!
2010-03-07 12:44 . 2009-12-04 15:40--------d-----w-c:\documents and settings\Owner\Application Data\Yahoo!
2010-03-07 12:44 . 2009-10-25 19:45--------d-----w-c:\program files\CCleaner
2010-03-01 13:05 . 2009-12-04 00:49124784----a-w-c:\windows\system32\drivers\avipbb.sys
2010-02-17 07:06 . 2010-02-17 07:06--------d-----w-c:\program files\Digital Asphyxia
2010-02-17 07:06 . 2010-02-17 07:06--------d-----w-c:\documents and settings\All Users\Application Data\Tarma Installer
2010-02-17 07:05 . 2010-02-17 07:0682432--s---r-c:\documents and settings\All Users\Application Data\Tarma Installer\{D6B25B8D-0566-42B1-A23D-7576138435D6}\Setup.exe
2010-02-16 21:46 . 2010-02-17 07:0657344--s-a-r-c:\documents and settings\All Users\Application Data\Tarma Installer\{D6B25B8D-0566-42B1-A23D-7576138435D6}\_Setup.dll
2010-02-16 17:24 . 2009-12-04 00:4960936----a-w-c:\windows\system32\drivers\avgntflt.sys
2010-02-16 09:03 . 2010-02-16 09:03--------d-----w-c:\program files\YTK Enhanced
2010-01-27 03:57 . 2010-01-27 03:57--------d-----w-c:\program files\Common Files\Java
2010-01-27 03:56 . 2010-01-27 03:56348160----a-w-c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2175c4b3-n\msvcr71. dll
2010-01-27 03:56 . 2010-01-27 03:5661440----a-w-c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-29e128b5-n\decora-s se.dll
2010-01-27 03:56 . 2010-01-27 03:56503808----a-w-c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2175c4b3-n\msvcp71. dll
2010-01-27 03:56 . 2010-01-27 03:56499712----a-w-c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2175c4b3-n\jmc.dll
2010-01-27 03:56 . 2010-01-27 03:5612800----a-w-c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-29e128b5-n\decora-d 3d.dll
2010-01-27 03:54 . 2009-10-25 14:39--------d-----w-c:\program files\Java
2010-01-25 15:47 . 2004-08-04 12:001392671----a-w-c:\windows\system32\msvbvm60.dll
2009-12-31 16:50 . 2004-08-04 12:00353792----a-w-c:\windows\system32\drivers\srv.sys
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"THGuard"="c:\program files\TrojanHunter\THGuard.exe" [2010-03-20 1070240]
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Digital Asphyxia\\Y!TunnelPro 2.5\\YTPro.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
 
R3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\drivers\ubVeo532.sys [7/1/2002 6:30 PM 95232]
.
Contents of the 'Scheduled Tasks' folder
 
2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
 
2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{01FFB2EB-1A72-4C64-A0B9-F310 B10D5701}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
 
************************************************************************ **
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 04:11
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...  
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
************************************************************************ **
.
--------------------- LOCKED REGISTRY KEYS ---------------------
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-27  04:17:44
ComboFix-quarantined-files.txt  2010-03-27 08:17
 
Pre-Run: 60,652,154,880 bytes free
Post-Run: 61,191,413,760 bytes free
 
- - End Of File - - F6123AA51E23E0E7C479BEBBB0E2CAAA
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: my th logs
« Reply #8 on: Mar 27th, 2010, 12:41pm »		 Quote Quote  Modify Modify
I do not believe that the files below that were quarantined by Combofix are actually malicious files.  I recommend that you restore them from quarantine and then run each one through VirusTotal to see what the 42 scanners declared on them.
 
Quote:
c:\documents and settings\Owner\Application Data\Microsoft\1eaadjc.dll  
c:\documents and settings\Owner\Application Data\Microsoft\bass.dll  
c:\documents and settings\Owner\Application Data\Microsoft\engine_vx.dll  
c:\documents and settings\Owner\Application Data\Microsoft\kfgresk.dll  
c:\documents and settings\Owner\Application Data\Microsoft\mjcriu.dll  
c:\documents and settings\Owner\Application Data\Microsoft\peaadje.dll  
c:\documents and settings\Owner\Application Data\Microsoft\qwadjb.dll  
c:\documents and settings\Owner\Application Data\Microsoft\rsaadjd.dll  
c:\windows\system32\SCLabel.ocx

 
http://www.virustotal.com/
 
Or you can zip the Qoobox folder and submit it to Gavin for analysis.
« Last Edit: Mar 27th, 2010, 12:54pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »