Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Aug 8th, 2008, 2:20pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   trojan issues		 « Previous topic | Next topic »
Pages: 1 2 3  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: trojan issues  (Read 1785 times)
inkedeagle
Newbie
*





   


Posts: 21
trojan issues
« on: Dec 29th, 2007, 12:52am »		 Quote Quote  Modify Modify
i ran TH and got a PWSteal.sinowal but cant find anything on it.  My explorer is running turtle speed. i did get rid of the winlogon with HJT. not sure if i am missing something spy sweeper is just reading adware cookies not sure what i should no next.
 
Logfile of HijackThis v1.99.1
Scan saved at 9:55:58 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt .exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\vso\mcvsshld .exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\mcafee.com\agent\mcagent .exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\mcafee.com\vso\mcmnhdlr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey .exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Toshiba\Tvs\TvsTray .exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView .exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\toshiba\ivp\ism\pinger .exe
C:\WINDOWS\system32\dla\DLACTRLW .exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc .exe
C:\Program Files\QuickTime\qttask    .exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\ltmoh\Ltmoh .exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray .exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask     .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr .exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MySpace\IM\MySpaceIM .exe
C:\Program Files\MySpace\IM\MySpaceIM .exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\analyse.exe\analyse.exe.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f612.mail.yahoo.com/ym/login?.rand=3qq9im3hod4d9
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) -  - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddcyw.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {04650CAB-7671-41A5-BB4B-FBCA6DB45FBE} - C:\WINDOWS\system32\ddcyw.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsr1AF.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: DeskalertsBHO - {B3DD4EA8-C896-4b95-818F-4E1D04869D99} - C:\WINDOWS\system32\Deskbar\deskbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~2.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MS18BE~2.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask     .exe" -atboottime
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" -RunOnce
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger     .exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [two junk] C:\DOCUME~1\INKEDE~1\APPLIC~1\THATCL~1\Mode Size 64.exe
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - Startup: IMVU.lnk = C:\Documents and Settings\inkedeagle\My Documents\IMVU\gui1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJzed007LDU S_ZZzer000YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\inkedeagle\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitial Setup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader4.cab
O16 - DPF: {B7D3E479-CC68-42B5-A338-938ECE35F419} - http://laughnetwork.com/installer/update/new_videos.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5143/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
 
 
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5576
Re: trojan issues
« Reply #1 on: Dec 29th, 2007, 1:14am »		 Quote Quote  Modify Modify
Welcome to the forum inkedeagle  Cheesy
 
Sorry, but you still have infections on your system.  Please do the following for starters.
 
1.  Make all your files and folders visible per the procedure described in the link below.
 
http://www.misec.net/forum/board/FAQ/1139610900
 
2.  Please submit the following files to Mischel Internet Security for analysis.  
 
ddcyw.dll
nsr1AF.dll
deskbar.dll
SysSFGE.exe

 
The link below describes how to submit files to Mischel Internet Security
 
http://www.misec.net/forum/board/FAQ/1139308293
 
3.  Then download ComboFix.exe and save it to your desktop.
 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
4.  Deactivate all your security programs except your software firewall.  
 
5.  Close all open windows including your browser.
 
6.  Double click combofix.exe & follow the prompts.  
When finished, it will produce a log for you.  
 
Note:  
Do not mouseclick combofix's window while it is running. That may cause it to stall.
 
7.  Post back here the Combofix.exe log and a new Hijackthis scan log.
 
 
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
inkedeagle
Newbie
*





   


Posts: 21
Re: trojan issues
« Reply #2 on: Dec 29th, 2007, 4:10am »		 Quote Quote  Modify Modify
i sent in the files in although SysSFGE.exe wasnt able to be added in the email said file not found or no read rights
 
heres HJT scan
Logfile of HijackThis v1.99.1
Scan saved at 2:03:37 AM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt .exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\vso\mcvsshld .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcmnhdlr .exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcagent .exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey .exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray .exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView .exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\toshiba\ivp\ism\pinger .exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dla\DLACTRLW .exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray .exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\ltmoh\Ltmoh .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr .exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
C:\Program Files\TrojanHunter 5.0\THGuard .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrojanHunter 5.0\THGuard  .exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\analyse.exe\analyse.exe.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f612.mail.yahoo.com/ym/login?.rand=3qq9im3hod4d9
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) -  - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddcyw.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: DeskalertsBHO - {B3DD4EA8-C896-4b95-818F-4E1D04869D99} - C:\WINDOWS\system32\Deskbar\deskbar.dll
O2 - BHO: (no name) - {C0573F85-8B0C-4B55-999A-97823E496A00} - C:\WINDOWS\system32\ddcyw.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MS18BE~4.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask  .exe" -atboottime
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" -RunOnce
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard  .exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [two junk] C:\DOCUME~1\INKEDE~1\APPLIC~1\THATCL~1\Mode Size 64.exe
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - Startup: IMVU.lnk = C:\Documents and Settings\inkedeagle\My Documents\IMVU\gui1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJzed007LDU S_ZZzer000YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\inkedeagle\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitial Setup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader4.cab
O16 - DPF: {B7D3E479-CC68-42B5-A338-938ECE35F419} - http://laughnetwork.com/installer/update/new_videos.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5143/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
IP Logged
inkedeagle
Newbie
*





   


Posts: 21
Re: trojan issues
« Reply #3 on: Dec 29th, 2007, 4:13am »		 Quote Quote  Modify Modify
ComboFix 07-12-21.4 - inkedeagle 2007-12-29  1:47:36.1 - NTFSx86
Running from: C:\Documents and Settings\inkedeagle\Desktop\ComboFix.exe
 * Created a new restore point
.
ADS - svchost.exe: deleted 51200 bytes in 1 streams.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Documents and Settings\inkedeagle\Application Data\FunWebProducts
C:\Documents and Settings\inkedeagle\Application Data\FunWebProducts\Data\inkedeagle\avatar.dat
C:\Documents and Settings\inkedeagle\Application Data\inst.exe
C:\Documents and Settings\inkedeagle\Application Data\install.dat
C:\Documents and Settings\inkedeagle\Application Data\macromedia\Flash Player\#SharedObjects\ACUXNSYC\www.broadcaster.com
C:\Documents and Settings\inkedeagle\Application Data\macromedia\Flash Player\#SharedObjects\ACUXNSYC\www.broadcaster.com\played_list.sol
C:\Documents and Settings\inkedeagle\Application Data\macromedia\Flash Player\#SharedObjects\ACUXNSYC\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\inkedeagle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com
C:\Documents and Settings\inkedeagle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com\setti ngs.sol
C:\Documents and Settings\inkedeagle\err.log
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\nsr1AF.dll
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini2
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\voipwet.dll
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
 
.
-------\LEGACY_FCI
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\FCI
-------\xpdx
 
 
(((((((((((((((((((((((((   Files Created from 2007-11-28 to 2007-12-29  )))))))))))))))))))))))))))))))
.
 
2007-12-29 01:55 . 2007-12-29 01:55344,576---------C:\WINDOWS\system32\ddcyw.dll
2007-12-29 01:29 . 2007-12-29 01:29<DIR>d--h-----C:\WINDOWS\PIF
2007-12-29 01:29 . 2007-12-29 01:292,855--a------C:\WINDOWS\system32\SysSFGE.PIF
2007-12-29 01:26 . 2007-12-29 01:2622--a------C:\WINDOWS\system32\SysSFGE.zip
2007-12-29 01:21 . 2007-12-29 01:40921,646--a------C:\WINDOWS\system32\ddcyw.zip
2007-12-28 22:51 . 2007-12-28 22:51<DIR>d--------C:\Documents and Settings\inkedeagle\Application Data\TrojanHunter
2007-12-28 22:20 . 2007-12-29 01:58<DIR>d--------C:\Program Files\TrojanHunter 5.0
2007-12-28 20:37 . 2007-12-28 22:16<DIR>d--------C:\Program Files\analyse.exe
2007-12-28 18:22 . 2007-12-29 01:58155,648--a------C:\WINDOWS\system32\NeroCheck .exe
2007-12-28 18:21 . 2007-12-29 01:0415,360--a------C:\WINDOWS\system32\ctfmon .exe
2007-12-28 18:14 . 2007-12-29 01:57118,784--a------C:\WINDOWS\system32\igfxpers .exe
2007-12-28 18:14 . 2007-12-29 01:5698,304--a------C:\WINDOWS\system32\igfxtray .exe
2007-12-28 18:14 . 2007-12-29 01:5677,824--a------C:\WINDOWS\system32\hkcmd .exe
2007-12-28 18:08 . 2007-12-28 18:08<DIR>d--------C:\Program Files\Zuma Deluxe
2007-12-28 18:08 . 2007-12-28 18:39<DIR>d--------C:\Program Files\DivX
2007-12-28 18:08 . 2007-12-28 18:08<DIR>d--------C:\Program Files\Bejeweled 2 Deluxe
2007-12-28 15:45 . 2007-12-28 15:45348,160--a------C:\WINDOWS\system32\RCX158.tmp
2007-12-28 12:06 . 2007-12-28 12:06<DIR>d--------C:\Documents and Settings\inkedeagle\Application Data\Dealio
2007-12-28 12:05 . 2007-12-28 18:08<DIR>d--------C:\Program Files\Snap Visual Search
2007-12-27 19:55 . 2007-12-28 18:09<DIR>d--------C:\I Know Who Killed Me
2007-12-27 17:59 . 2007-12-28 18:09<DIR>d--------C:\the hart break kid
2007-12-26 18:38 . 2007-12-28 21:53143--a------C:\WINDOWS\system32\mcrh.tmp
2007-12-26 17:57 . 2007-12-26 17:5880,097--a------C:\WINDOWS\system32\dcads-remove.exe
2007-12-26 17:44 . 2007-12-29 01:57348,160--a------C:\WINDOWS\system32\ddcyw.exe
2007-12-26 17:33 . 2007-12-29 01:57397,824--a------C:\WINDOWS\system32\SysSFGE.exe
2007-12-26 17:27 . 2007-12-26 17:2781,656--a------C:\gsyhv.exe
2007-12-26 17:27 . 2007-12-26 17:2758,368--a------C:\fjls.exe
2007-12-26 17:27 . 2007-12-26 17:2751,200--a------C:\skaglnck.exe
2007-12-26 17:27 . 2007-12-26 17:277,168--a------C:\uxml.exe
2007-12-24 18:11 . 2007-12-24 18:11<DIR>d--------C:\home of the brave
2007-12-24 17:37 . 2007-12-24 17:37<DIR>d--------C:\eastern promises
2007-12-20 19:19 . 2007-12-20 19:19<DIR>d--------C:\Program Files\Video Piggy
2007-12-20 19:19 . 2007-12-20 19:19<DIR>d--------C:\Program Files\AviSynth 2.5
2007-12-17 14:42 . 2007-12-17 14:42<DIR>d--------C:\Documents and Settings\inkedeagle\Application Data\Skype
2007-12-04 21:32 . 2007-12-04 21:32<DIR>d--------C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-04 21:32 . 2007-10-01 16:24163,640--a------C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-04 21:32 . 2007-10-01 16:2423,864--a------C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-04 21:32 . 2007-10-01 16:2421,816--a------C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-04 21:32 . 2007-10-01 16:2420,280--a------C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-04 21:31 . 2007-12-04 21:31<DIR>d--------C:\Program Files\Webroot
2007-12-04 21:31 . 2007-12-04 21:31<DIR>d--------C:\Documents and Settings\inkedeagle\Application Data\Webroot
2007-12-04 21:31 . 2007-12-04 21:31<DIR>d--------C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-04 21:31 . 2007-10-01 16:401,526,072--a------C:\WINDOWS\WRSetup.dll
2007-12-04 20:33 . 2007-12-04 20:33219,136--a------C:\WINDOWS\system32\sysvideo32.dll
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 09:58---------d-----wC:\Program Files\QuickTime
2007-12-29 09:57---------d-----wC:\Program Files\Windows Defender
2007-12-29 09:57---------d-----wC:\Program Files\ltmoh
2007-12-29 09:57---------d-----wC:\Program Files\Lexmark X1100 Series
2007-12-29 09:56467,968----a-wC:\WINDOWS\system32\igfxpers.exe
2007-12-29 09:56447,488----a-wC:\WINDOWS\system32\igfxtray.exe
2007-12-29 09:56427,008----a-wC:\WINDOWS\system32\hkcmd.exe
2007-12-29 09:48504,832----a-wC:\WINDOWS\system32\NeroCheck.exe
2007-12-29 02:48---------d-----wC:\Program Files\Google
2007-12-28 01:55---------d-----wC:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-27 01:2714,336----a-wC:\WINDOWS\system32\svchost.exe
2007-12-27 01:2714,336----a-wC:\WINDOWS\system32\svchost(2).exe
2007-12-22 00:18---------d-----wC:\Program Files\MySpace
2007-12-11 09:45---------d-----wC:\Program Files\Player Tool
2007-12-05 04:56---------d-----wC:\Documents and Settings\inkedeagle\Application Data\McAfee.com Personal Firewall
2007-12-05 04:52---------d-----wC:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-11-18 03:13---------d--h--wC:\Program Files\InstallShield Installation Information
2007-11-16 03:40---------d-----wC:\Program Files\AvailaSoft
2007-11-13 10:2520,480----a-wC:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:351,287,680----a-wC:\WINDOWS\system32\quartz.dll
2007-10-28 01:39228,864----a-wC:\WINDOWS\system32\wmasf.dll
2007-10-17 17:2310,752----a-wC:\WINDOWS\system32\WhoisCL.exe
2007-09-25 03:4356,533----a-wC:\WINDOWS\Fonts\vehicle_decals_flames_art.zip
2007-09-07 21:30122,962----a-wC:\WINDOWS\Fonts\the_king_queen_font.zip
2007-08-25 04:4747,360----a-wC:\Documents and Settings\inkedeagle\Application Data\pcouffin.sys
2007-06-03 04:13774,144----a-wC:\Program Files\RngInterstitial.dll
2006-11-06 17:230----a-wC:\Program Files\Common Files\err.log
2003-08-05 19:4153,248----a-wC:\WINDOWS\inf\ap561.exe
2002-11-27 00:2432,768----a-wC:\WINDOWS\inf\Remove561.exe
2002-11-22 23:56118,784----a-wC:\WINDOWS\inf\ShowBmp.exe
2002-10-30 02:0736,864----a-wC:\WINDOWS\inf\Setup8a.exe
2002-10-01 22:43119,798----a-wC:\WINDOWS\inf\spca561.sys
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3DD4EA8-C896-4b95-818F-4E1D04869D99}]
2007-01-24 14:39475136--a------C:\WINDOWS\system32\Deskbar\deskbar.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0573F85-8B0C-4B55-999A-97823E496A00}]
2007-12-29 01:55344576---------C:\WINDOWS\system32\ddcyw.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-29 01:55]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2007-12-29 01:55]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2007-12-29 01:55]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2007-12-29 01:55]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe" [2007-12-29 01:59]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-12-29 01:57]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"two junk"="C:\DOCUME~1\INKEDE~1\APPLIC~1\THATCL~1\Mode Size 64.exe" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-29 01:56]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-03-11 15:03 C:\WINDOWS\system32\TDispVol.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-29 01:56]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [2007-12-29 01:56]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2007-12-29 01:02]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MS18BE~4.EXE" [2007-12-29 01:56]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-29 01:56]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-29 01:56]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-29 01:56]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2007-12-29 01:56]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-29 01:56]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 06:29 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2007-12-29 01:56]
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" []
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-12-29 01:56]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2007-12-29 01:56]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-12-29 01:56]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2007-12-29 01:48]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2007-12-28 18:14]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2007-12-29 01:56]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-12-29 01:56]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-12-29 01:56]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2007-12-28 18:14]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2007-12-29 01:56]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-12-29 01:57]
"CFSServ.exe"="CFSServ.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask  .exe" [2007-12-29 01:58]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" [2007-12-29 01:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-29 01:57]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2007-12-29 01:57]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-12-29 01:57]
"nvchost"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-29 01:57]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-29 01:57]
"SysSFGE.exe"="C:\WINDOWS\system32\SysSFGE.exe" [2007-12-29 01:57]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard  .exe" [2007-12-29 01:58]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-12-29 01:57]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-29 01:56]
 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-09 23:37:47]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-15 08:31:42]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
 
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ddcyw.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication PackagesREG_MULTI_SZ   msv1_0 nwprovau C:\WINDOWS\system32\ddcyw
 
R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 00:05]
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS [2007-10-01 16:24]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys [2002-07-01 17:30]
S3 SVRPEDRV;SVRPEDRV;C:\SYSPREP\PEDrv.sys []
S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-11-25 02:38]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]
 
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 10:00:02 C:\WINDOWS\Tasks\A986B46093B927B0.job"
- c:\docume~1\inkede~1\applic~1\thatcl~1\Third Up Heart.exe
"2007-12-29 09:57:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-27 02:15:18 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
************************************************************************ **
 
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 01:57:11
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...
 
scanning hidden files ...  
 
C:\WINDOWS\system32\SysSFGE .exe 49664 bytes executable
C:\WINDOWS\system32\wycdd.ini 6516 bytes
C:\WINDOWS\system32\wycdd.ini2 6516 bytes
 
scan completed successfully  
hidden files: 3  
 
************************************************************************ **
.
--------------------- DLLs Loaded Under Running Processes ---------------------  
 
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ddcyw.dll
-> C:\WINDOWS\system32\TDispVol.dll
.
Completion time: 2007-12-29  2:02:26 - machine was rebooted
.
2007-12-21 01:43:16--- E O F ---  
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5576
Re: trojan issues
« Reply #4 on: Dec 29th, 2007, 4:42am »		 Quote Quote  Modify Modify
Okay, now please do this:
 
1.  Run another Hijackthis scan.
 
2.  When the scan is completed, place a checkmark next to each of the items below.  BE SURE that these are the only items check.
 

 
R3 - URLSearchHook: (no name) - - (no file)
 
O2 - BHO: DeskalertsBHO - {B3DD4EA8-C896-4b95-818F-4E1D04869D99} - C:\WINDOWS\system32\Deskbar\deskbar.dll
 
O2 - BHO: (no name) - {C0573F85-8B0C-4B55-999A-97823E496A00} - C:\WINDOWS\system32\ddcyw.dll
 
O4 - HKLM\..\Run: [SysSFGE.exe] C:\WINDOWS\system32\SysSFGE.exe
 
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJzed007LDU S_ZZzer000YYUS
 
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\inkedeagle\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
 
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitial Setup1.0.0.15.cab
 
 
3.  Then close your Browser window.
 
4.  Click on Fix Checked on the lower left of the HiJackthis window.  Confirm that you want HJT to fix these items and let HJT fix them.
 
5.  Close the HJT window and reboot the computer.
 
6.  Go to the link below and download VundoFix.exe to your desktop on follow the instructions provided on the link to run Vundofix.
 
http://www.majorgeeks.com/download4954.html
 
7.  Then deactivate all your security programs except your hardware firewall.
 
8.  Now run a remote scan with Bit Defender.  You need to access this website with Internet Explorer.  Bit Defender will need to download/install an ActiveX control.  Let it do so in order for it to scan.  The link below is to the remote scanner.
 
http://www.bitdefender.com/scan8/ie.html
 
9.  Once the scan is completed, reboot your computer.
 
10.  Post back here the results of the Bit Defender scan, the Vundofix log, and a new Hijackthis scan log.  
 
NOTE:  I am very concerned at the moment that you may have a rootkit on your system because of the combofix findings below.  Let's see what Bit Defender finds.
 
Quote:
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net  
Rootkit scan 2007-12-29 01:57:11  
Windows 5.1.2600 Service Pack 2 NTFS  
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...  
 
scanning hidden files ...  
 
C:\WINDOWS\system32\SysSFGE .exe 49664 bytes executable  
C:\WINDOWS\system32\wycdd.ini 6516 bytes  
C:\WINDOWS\system32\wycdd.ini2 6516 bytes  
 
scan completed successfully  
hidden files: 3
« Last Edit: Dec 29th, 2007, 4:49am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5576
Re: trojan issues
« Reply #5 on: Dec 29th, 2007, 4:53am »		 Quote Quote  Modify Modify
Please NOTE:
 
I modified the above cleaning procedure after my initial post.  Please be sure to run VundoFix as shown in new step 6.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
inkedeagle
Newbie
*





   


Posts: 21
Re: trojan issues
« Reply #6 on: Dec 29th, 2007, 3:38pm »		 Quote Quote  Modify Modify
ok vundofix came up with 0 files  
Logfile of HijackThis v1.99.1
Scan saved at 1:36:43 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt .exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\vso\mcvsshld .exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey .exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Toshiba\Tvs\TvsTray .exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView .exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\dla\DLACTRLW .exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\toshiba\ivp\ism\pinger .exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc .exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\qttask    .exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray .exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\ltmoh\Ltmoh .exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask     .exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr .exe
C:\Program Files\TrojanHunter 5.0\THGuard    .exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\TrojanHunter 5.0\THGuard     .exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd .exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\analyse.exe\analyse.exe.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f612.mail.yahoo.com/ym/login?.rand=3qq9im3hod4d9
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddcyw.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {5BC2D2DC-1110-43CA-80B6-AF7D3C4C3DFA} - C:\WINDOWS\system32\ddcyw.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\MSKAGE~2.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask     .exe" -atboottime
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.5\masqform.exe" -RunOnce
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard     .exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger     .exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [two junk] C:\DOCUME~1\INKEDE~1\APPLIC~1\THATCL~1\Mode Size 64.exe
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - Startup: IMVU.lnk = C:\Documents and Settings\inkedeagle\My Documents\IMVU\gui1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fubar.com/imgs/ImageUploader4.cab
O16 - DPF: {B7D3E479-CC68-42B5-A338-938ECE35F419} - http://laughnetwork.com/installer/update/new_videos.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5143/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
IP Logged
inkedeagle
Newbie
*





   


Posts: 21
Re: trojan issues
« Reply #7 on: Dec 29th, 2007, 3:46pm »		 Quote Quote  Modify Modify
C:\!KillBox\winrxa32.dll
 Infected with: MemScan:Trojan.Mezzia.XC
 
C:\!KillBox\winrxa32.dll
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-2afc8601-402 f6060.zip=>vmain.class
 Infected with: Exploit.Java.Gimsh.B
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-2afc8601-402 f6060.zip=>vmain.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-2afc8601-402 f6060.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-5d8 f2695.zip=>vmain.class
 Infected with: Exploit.Java.Gimsh.B
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-5d8 f2695.zip=>vmain.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-5d8 f2695.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-284 c319a.zip=>vmain.class
 Infected with: Exploit.Java.Gimsh.B
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-284 c319a.zip=>vmain.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4941f397-284 c319a.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-5cf 9b93e.zip=>vmain.class
 Infected with: Exploit.Java.Gimsh.B
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-5cf 9b93e.zip=>vmain.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-5cf 9b93e.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>BaaaaBaa.class
 Infected with: Java.Trojan.Exploit.Bytverify
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>BaaaaBaa.class
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>BaaaaBaa.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>VaaaaaaaBaa.class
 Infected with: Trojan.Java.ClassLoader.D
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>VaaaaaaaBaa.class
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>VaaaaaaaBaa.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dvnny.class
 Infected with: Java.Trojan.Exploit.Bytverify
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dvnny.class
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dvnny.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Baaaaa.class
 Infected with: Java.Trojan.Exploit.Bytverify.I
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Baaaaa.class
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Baaaaa.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dex.class
 Infected with: Trojan.Classloader.G
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dex.class
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dex.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dix.class
 Infected with: Trojan.Java.ClassLoader.D
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dix.class
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dix.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dux.class
 Infected with: Trojan.Java.ClassLoader.D
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dux.class
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip=>Dux.class
 Deleted
 
C:\Documents and Settings\inkedeagle\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-7a57c9cb-5f b0931e.zip
 Updated
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX28.tmp
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX28.tmp
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX28.tmp
 Deleted
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX2E.tmp
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX2E.tmp
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX2E.tmp
 Deleted
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX34.tmp
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX34.tmp
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX34.tmp
 Deleted
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX4A.tmp
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX4A.tmp
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX4A.tmp
 Deleted
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX57.tmp
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX57.tmp
 Disinfection failed
 
C:\Documents and Settings\inkedeagle\Local Settings\Temp\RCX57.tmp
 Deleted
 
C:\fjls.exe
 Infected with: Trojan.Peed.Gen
 
C:\fjls.exe
 Disinfection failed
 
C:\fjls.exe
 Deleted
 
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
 Disinfection failed
 
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
 Deleted
 
C:\Program Files\analyse.exe\backups\backup-20071228-215150-911.dll
 Infected with: Trojan.Vundo.DUH
 
C:\Program Files\analyse.exe\backups\backup-20071228-215150-911.dll
 Disinfection failed
 
C:\Program Files\analyse.exe\backups\backup-20071228-215150-911.dll
 Deleted
 
C:\Program Files\analyse.exe\backups\backup-20071229-110811-720.dll
 Infected with: Trojan.Vundo.DUH
 
C:\Program Files\analyse.exe\backups\backup-20071229-110811-720.dll
 Disinfection failed
 
C:\Program Files\analyse.exe\backups\backup-20071229-110811-720.dll
 Deleted
 
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
 Disinfection failed
 
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
 Delete failed
 
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
 Disinfection failed
 
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
 Delete failed
 
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
 Disinfection failed
 
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
 Delete failed
 
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
 Disinfection failed
 
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
 Delete failed
 
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
 Disinfection failed
 
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
 Delete failed
 
C:\Program Files\ltmoh\Ltmoh.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\ltmoh\Ltmoh.exe
 Disinfection failed
 
C:\Program Files\ltmoh\Ltmoh.exe
 Delete failed
 
C:\Program Files\McAfee\SpamKiller\MS18BE~1 .EXE
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MS18BE~1 .EXE
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MS18BE~1 .EXE
 Deleted
 
C:\Program Files\McAfee\SpamKiller\MS18BE~2 .EXE
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MS18BE~2 .EXE
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MS18BE~2 .EXE
 Deleted
 
C:\Program Files\McAfee\SpamKiller\MS18BE~3 .EXE
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MS18BE~3 .EXE
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MS18BE~3 .EXE
 Deleted
 
C:\Program Files\McAfee\SpamKiller\MS18BE~4 .EXE
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MS18BE~4 .EXE
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MS18BE~4 .EXE
 Deleted
 
C:\Program Files\McAfee\SpamKiller\MskAgent.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MskAgent.exe
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MskAgent.exe
 Deleted
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE
 Deleted
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
 Deleted
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE
 Deleted
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~4 .EXE
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~4 .EXE
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MSKAGE~4 .EXE
 Deleted
 
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
 Disinfection failed
 
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
 Deleted
 
C:\Program Files\McAfee.com\Agent\mcagent.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee.com\Agent\mcagent.exe
 Disinfection failed
 
C:\Program Files\McAfee.com\Agent\mcagent.exe
 Delete failed
 
C:\Program Files\McAfee.com\Agent\mcupdate .exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee.com\Agent\mcupdate .exe
 Disinfection failed
 
C:\Program Files\McAfee.com\Agent\mcupdate .exe
 Deleted
 
C:\Program Files\McAfee.com\Agent\McUpdate.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee.com\Agent\McUpdate.exe
 Disinfection failed
 
C:\Program Files\McAfee.com\Agent\McUpdate.exe
 Deleted
 
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
 Disinfection failed
 
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
 Deleted
 
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
 Disinfection failed
 
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
 Delete failed
 
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
 Disinfection failed
 
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
 Delete failed
 
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
 Disinfection failed
 
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
 Delete failed
 
C:\Program Files\McAfee.com\VSO\oasclnt.exe
 Infected with: Trojan.Dropper.Vundo.D
 
C:\Program Files\McAfee.com\VSO\oasclnt.exe
 Disinfection failed
 
C:\Program Files\McAfee.com\VSO\oasclnt.exe
 Delete failed
 
C:\Program Files\Messenger\msmsgs.exe
 Infected w