« previous next »
Pages: [1] 2 3   Go Down

Author Topic: I Have Tro Jans HELP  (Read 18461 times)

0 Members and 2 Guests are viewing this topic.

Tom2Die

  • Guest
I Have Tro Jans HELP
« on: June 23, 2007, 03:51:53 PM »
I know, its Trojans, but my stupid browser is infected where if it sees 'Trojan' in a search or on a page title it shuts off.  I have many problems, one of which is a Win32:Delf-Dom reiterating itself every time Avast! says it deletes it.  It is called d3acdb.dll.tmp most times.  I also have a suspicious process, 'xdknteve.exe' running that I'm curious about.  I would appreciate any and all help on the matter.

By the way, I apologize if this topic is in another thread, but anything with Trojan in it shuts down my browser, so...

[edit] i just realized that whatever has my browser infected will not let me download anything either, but i have Avast! and Spybot:  Search and Destroy, and Ad-Aware (free versions of each) if those will help me.  I'm a fairly saavy guy, but have as of yet come across no solution, HELP!!!
« Last Edit: June 23, 2007, 04:01:34 PM by Tom2Die »
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: I Have Tro Jans HELP
« Reply #1 on: June 23, 2007, 04:09:26 PM »
If a virus is replicant (coming and coming again), you should:

1) Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3).

2) Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4) It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5) If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6) After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

7) Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
Logged
The best things in life are free.

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #2 on: June 23, 2007, 10:07:50 PM »
Do you have access to another computer where you could download some tools, burn them to CD, and copy them to the infected computer.
Logged

Tom2Die

  • Guest
Re: I Have Tro Jans HELP
« Reply #3 on: June 24, 2007, 06:39:26 AM »
Yes, I actually do... What did you have in mind?
Here is a list of bugs I have, if anyone knows how to fix them  :(

Firefox can't download
Firefox exits at sight of 'trojan' and other buzzwords in title or search
d3acdb.dll.tmp keeps reappearing, even after I tell Avast! to delete it
Every time I access the internet, even now, Internet Explorer launches and navigates to ad websites
My system is running a LOT slower than usual... I've run the normal checks.
By the way, kudos to anyone who can tell me what xdknteve.exe is, I have no idea, but it's new-ish, so...
Logged

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #4 on: June 24, 2007, 06:56:59 AM »
Too soon to tell what xdknteve.exe is but we should be able to get things under control.

Download ComboFix from Here or Here to your Desktop.
 
Double click combofix.exe and follow the prompts.
 
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
 
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.


Next, Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
.

Now download OTMoveIt  by OldTimer.  Save it to your desktop but don't run it just yet.


Also download/install the free version of SuperAntiSpyware and AVG Antispyware

http://www.superantispyware.com

http://free.grisoft.com/doc/20/lng/us/tpl/v5

Update these after installing them, if you can.


When you post the ComboFix and HJT logs also let me know if you have a firewall.
« Last Edit: June 24, 2007, 07:01:01 AM by mauserme »
Logged

Tom2Die

  • Guest
Re: I Have Tro Jans HELP
« Reply #5 on: June 24, 2007, 08:23:22 AM »
I indeed do not have a firewall enabled, I would greatly appreciate if you could recommend one. Thx for your help, by the way, I can download things now after what ComboFix did.  I had a BHO hidden screwing up my browsers.

I'm attaching the logs as files because I exceeded the character limit
Logged

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #6 on: June 24, 2007, 08:50:08 AM »
ComboFix 07-06-18.2
"Slayer" - 2007-06-24  2:00:43 - Service Pack 1  NTFS 


((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\clbqbijj.dll
C:\WINDOWS\system32\cskhuoww.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\gpcthnuq.dll
C:\WINDOWS\system32\hetgysub.dll
C:\WINDOWS\system32\hnxxirje.dll
C:\WINDOWS\system32\mbrvonti.dll
C:\WINDOWS\system32\puruwyrt.dll
C:\WINDOWS\system32\ulhrysdx.dll
C:\WINDOWS\system32\vtppvcwq.dll
C:\WINDOWS\system32\xdcsgrqh.dll
C:\WINDOWS\system32\awtqnlj.dll
C:\WINDOWS\system32\tuvuuss.dll
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\jjibqblc.ini
C:\WINDOWS\system32\wwouhksc.ini
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\busygteh.ini
C:\WINDOWS\system32\ejrixxnh.ini
C:\WINDOWS\system32\xdsyrhlu.ini
C:\WINDOWS\system32\qwcvpptv.ini
C:\WINDOWS\system32\hqrgscdx.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\nnnnmnn.dll


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Slayer\MYDOCU~1.\ymante~1
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\WINDOWS\system32\bbetpekugqur.dll
C:\WINDOWS\system32\qkmrbyrvymno.dll
C:\WINDOWS\wr.txt


(((((((((((((((((((((((((   Files Created from 2007-05-24 to 2007-06-24  )))))))))))))))))))))))))))))))


((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\clbqbijj.dll
C:\WINDOWS\system32\cskhuoww.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\gpcthnuq.dll
C:\WINDOWS\system32\hetgysub.dll
C:\WINDOWS\system32\hnxxirje.dll
C:\WINDOWS\system32\mbrvonti.dll
C:\WINDOWS\system32\puruwyrt.dll
C:\WINDOWS\system32\ulhrysdx.dll
C:\WINDOWS\system32\vtppvcwq.dll
C:\WINDOWS\system32\xdcsgrqh.dll
C:\WINDOWS\system32\awtqnlj.dll
C:\WINDOWS\system32\tuvuuss.dll
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\jjibqblc.ini
C:\WINDOWS\system32\wwouhksc.ini
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\busygteh.ini
C:\WINDOWS\system32\ejrixxnh.ini
C:\WINDOWS\system32\xdsyrhlu.ini
C:\WINDOWS\system32\qwcvpptv.ini
C:\WINDOWS\system32\hqrgscdx.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\nnnnmnn.dll


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *




(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Slayer\MYDOCU~1.\ymante~1
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\WINDOWS\system32\bbetpekugqur.dll
C:\WINDOWS\system32\qkmrbyrvymno.dll
C:\WINDOWS\wr.txt
Logged

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #7 on: June 24, 2007, 08:51:42 AM »
(((((((((((((((((((((((((   Files Created from 2007-05-24 to 2007-06-24  )))))))))))))))))))))))))))))))


2007-06-24 01:59   49,152   --a------   C:\WINDOWS\nircmd.exe
2007-06-24 01:59   49,152   --a------   C:\WINDOWS\nircmd.exe
2007-06-23 23:25   122,900   --a------   C:\WINDOWS\system32\jbscyogw.exe
2007-06-23 23:25   122,900   --a------   C:\WINDOWS\system32\jbscyogw.exe
2007-06-23 23:11   83,456   --a------   C:\WINDOWS\system32\ggf.exe
2007-06-23 23:11   83,456   --a------   C:\WINDOWS\system32\ggf.exe
2007-06-23 09:44   335   --a------   C:\WINDOWS\mozregistry.dat
2007-06-23 09:44   335   --a------   C:\WINDOWS\mozregistry.dat
2007-06-22 23:26   122,900   --a------   C:\WINDOWS\system32\gutfclrd.exe
2007-06-22 23:26   122,900   --a------   C:\WINDOWS\system32\gutfclrd.exe
2007-06-22 23:25   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2007-06-22 23:25   <DIR>   d--------   C:\WINDOWS\LastGood.Tmp
2007-06-22 21:42   55   --a------   C:\DOCUME~1\Slayer\xdkntevekill.bat
2007-06-22 20:26   4,628   --a------   C:\WINDOWS\system32\sxbwslgv.exe
2007-06-22 20:26   4,628   --a------   C:\WINDOWS\system32\sxbwslgv.exe
2007-06-21 21:08   <DIR>   d--------   C:\DOCUME~1\Slayer\APPLIC~1\OpenOffice.org2
2007-06-21 21:04   <DIR>   d--------   C:\Program Files\OpenOffice.org 2.2
2007-06-20 22:35   <DIR>   d--------   C:\Program Files\Lavasoft
2007-06-20 22:35   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-20 22:34   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-06-20 22:34   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-06-19 21:59   <DIR>   d--------   C:\Veoh
2007-06-19 21:59   <DIR>   d--------   C:\Veoh
2007-06-19 21:01   122,900   --a------   C:\WINDOWS\system32\xdknteve.exe
2007-06-19 21:01   122,900   --a------   C:\WINDOWS\system32\xdknteve.exe
2007-06-19 10:28   <DIR>   d--------   C:\Incomplete
2007-06-19 10:28   <DIR>   d--------   C:\Incomplete
2007-06-18 18:41   <DIR>   d--------   C:\Program Files\LimeWire
2007-06-18 18:41   <DIR>   d--------   C:\Music
2007-06-18 18:41   <DIR>   d--------   C:\Music
2007-06-18 18:41   <DIR>   d--------   C:\DOCUME~1\Slayer\Incomplete
2007-06-18 18:41   <DIR>   d--------   C:\DOCUME~1\Slayer\APPLIC~1\LimeWire
2007-06-17 20:11   3,192,825   --a------   C:\haloce.exe
2007-06-17 20:11   3,192,825   --a------   C:\haloce.exe
2007-06-17 19:39   <DIR>   d--------   C:\DOCUME~1\Slayer\APPLIC~1\WinRAR
2007-06-17 18:25   <DIR>   d--------   C:\WINDOWS\system32\rserver30
2007-06-17 18:25   <DIR>   d--------   C:\WINDOWS\system32\rserver30
2007-06-17 18:15   <DIR>   d--------   C:\DOCUME~1\Slayer\APPLIC~1\Radmin
2007-06-17 15:19   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-16 20:37   125,972   --a------   C:\WINDOWS\system32\cgdncaox.dll
2007-06-16 20:37   125,972   --a------   C:\WINDOWS\system32\cgdncaox.dll
2007-06-16 20:29   520,192   --a------   C:\WINDOWS\system32\ati2sgag.exe
2007-06-16 20:29   520,192   --a------   C:\WINDOWS\system32\ati2sgag.exe
2007-06-16 20:29   <DIR>   d--------   C:\Program Files\ATI Technologies
2007-06-16 20:27   <DIR>   d--------   C:\ATI
2007-06-16 20:27   <DIR>   d--------   C:\ATI
2007-06-16 20:20   50,510,847   --a------   C:\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185.exe
2007-06-16 20:20   50,510,847   --a------   C:\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185.exe
2007-06-16 20:14   921,475   --a------   C:\WINDOWS\system32\ati3d2ag.dll
2007-06-16 20:14   921,475   --a------   C:\WINDOWS\system32\ati3d2ag.dll
2007-06-16 20:14   844,675   --a------   C:\WINDOWS\system32\ati3d1ag.dll
2007-06-16 20:14   844,675   --a------   C:\WINDOWS\system32\ati3d1ag.dll
2007-06-12 19:04   <DIR>   d--------   C:\DOCUME~1\Slayer\runtime-EclipseApplication
2007-06-12 18:46   <DIR>   d--------   C:\DOCUME~1\Slayer\workspace
2007-06-12 10:11   <DIR>   d--------   C:\DOCUME~1\Slayer\APPLIC~1\MSN6
2007-06-12 10:11   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-06-09 19:20   <DIR>   d--------   C:\Hero Editor
2007-06-09 19:20   <DIR>   d--------   C:\Hero Editor
2007-06-09 19:19   73,216   --a------   C:\WINDOWS\ST6UNST.EXE
2007-06-09 19:19   73,216   --a------   C:\WINDOWS\ST6UNST.EXE
2007-06-09 19:19   249,856   ---------   C:\WINDOWS\Setup1.exe
2007-06-09 19:19   249,856   ---------   C:\WINDOWS\Setup1.exe
2007-06-09 14:16   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2007-06-09 14:16   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2007-06-08 16:14   499,712   -ra------   C:\WINDOWS\system32\msvcp71.dll
2007-06-08 16:14   499,712   -ra------   C:\WINDOWS\system32\msvcp71.dll
2007-06-08 16:14   1,060,864   -ra------   C:\WINDOWS\system32\MFC71.dll
2007-06-08 16:14   1,060,864   -ra------   C:\WINDOWS\system32\MFC71.dll
2007-06-06 20:30   55,316   --a------   C:\WINDOWS\system32\msgemkdu.dll
2007-06-06 20:30   55,316   --a------   C:\WINDOWS\system32\msgemkdu.dll
2007-06-06 20:17   208,896   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2007-06-06 20:17   208,896   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2007-06-06 20:16   <DIR>   d--------   C:\NVIDIA
2007-06-06 20:16   <DIR>   d--------   C:\NVIDIA
2007-06-06 12:52   36,864   --a------   C:\Diablo II.exe
2007-06-06 12:52   36,864   --a------   C:\Diablo II.exe
2007-06-06 10:53   <DIR>   d--h-----   C:\WINDOWS\PIF
2007-06-06 10:53   <DIR>   d--h-----   C:\WINDOWS\PIF
2007-06-05 18:57   248,320   --a------   C:\WINDOWS\system32\installer_s.exe
2007-06-05 18:57   248,320   --a------   C:\WINDOWS\system32\installer_s.exe
2007-06-04 15:36   94,208   --a------   C:\WINDOWS\DIIUnin.exe
2007-06-04 15:36   94,208   --a------   C:\WINDOWS\DIIUnin.exe
2007-06-04 15:36   26,330   --a------   C:\WINDOWS\DIIUnin.dat
2007-06-04 15:36   26,330   --a------   C:\WINDOWS\DIIUnin.dat
2007-06-04 15:36   2,829   --a------   C:\WINDOWS\DIIUnin.pif
2007-06-04 15:36   2,829   --a------   C:\WINDOWS\DIIUnin.pif
2007-06-04 15:18   9,344   --a------   C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:18   9,344   --a------   C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17   8,320   --a------   C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:17   8,320   --a------   C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14   6,272   --a------   C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 15:14   6,272   --a------   C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 14:56   <DIR>   d--------   C:\Starcraft
2007-06-03 14:56   <DIR>   d--------   C:\Starcraft
2007-06-03 13:59   967   --a------   C:\WINDOWS\ScUnin.pif
2007-06-03 13:59   967   --a------   C:\WINDOWS\ScUnin.pif
2007-06-03 13:59   70,656   --a------   C:\WINDOWS\ScUnin.exe
2007-06-03 13:59   70,656   --a------   C:\WINDOWS\ScUnin.exe
2007-06-03 13:59   34,615   --a------   C:\WINDOWS\scunin.dat
2007-06-03 13:59   34,615   --a------   C:\WINDOWS\scunin.dat


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 15:32:38   21,840   ----atw   C:\WINDOWS\system32\SIntfNT.dll
2007-06-21 15:32:37   17,212   ----atw   C:\WINDOWS\system32\SIntf32.dll
2007-06-21 15:32:37   12,067   ----atw   C:\WINDOWS\system32\SIntf16.dll
2007-06-20 03:01:20   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-06-18 01:10:45   --------   d-----w   C:\Program Files\Microsoft Games
2007-06-12 20:42:43   2,864   ----a-w   C:\WINDOWS\system32\winsock.dll
2007-06-12 15:11:09   --------   d-----w   C:\Program Files\Online Services
2007-06-06 16:17:54   --------   d-----w   C:\Program Files\Windows NT
2007-06-03 03:16:00   --------   d--h--w   C:\Program Files\WindowsUpdate
2007-06-02 11:58:55   --------   d-----w   C:\DOCUME~1\Slayer\APPLIC~1\U3
2007-06-01 02:59:15   --------   d-----w   C:\DOCUME~1\Slayer\APPLIC~1\Simple Sudoku
2007-06-01 02:26:39   11,376   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-24 08:24:49   --------   d-----w   C:\DOCUME~1\Slayer\APPLIC~1\ChessBase
2007-05-24 01:32:34   --------   d-----w   C:\Program Files\Common Files\ChessBase
2007-05-15 05:35:13   --------   d-----w   C:\Program Files\Blender
2007-04-28 23:31:32   --------   d-----w   C:\DOCUME~1\Slayer\APPLIC~1\Help
2007-04-28 23:27:17   178   ----a-w   C:\WINDOWS\PowerReg.dat
2007-04-18 13:51:20   2,113,536   ----a-w   C:\WINDOWS\system32\python25.dll
2007-04-17 03:45:54   1,710,936   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:28   92,504   ----a-w   C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20   53,080   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20   43,352   ----a-w   C:\WINDOWS\system32\wups2.dll
2007-04-13 20:19:52   7,680   ----a-w   C:\WINDOWS\system32\lsdelete.exe
2007-03-27 02:38:20   0   ----a-w   C:\WINDOWS\nsreg.dat
2007-03-27 02:38:12   2,301   ----a-w   C:\WINDOWS\mozver.dat
No new files created in this timespan
Logged

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #8 on: June 24, 2007, 08:52:20 AM »
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 15:32:38   21,840   ----atw   C:\WINDOWS\system32\SIntfNT.dll
2007-06-21 15:32:37   17,212   ----atw   C:\WINDOWS\system32\SIntf32.dll
2007-06-21 15:32:37   12,067   ----atw   C:\WINDOWS\system32\SIntf16.dll
2007-06-20 03:01:20   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-06-18 01:10:45   --------   d-----w   C:\Program Files\Microsoft Games
2007-06-12 20:42:43   2,864   ----a-w   C:\WINDOWS\system32\winsock.dll
2007-06-12 15:11:09   --------   d-----w   C:\Program Files\Online Services
2007-06-06 16:17:54   --------   d-----w   C:\Program Files\Windows NT
2007-06-03 03:16:00   --------   d--h--w   C:\Program Files\WindowsUpdate
2007-06-02 11:58:55   --------   d-----w   C:\DOCUME~1\Slayer\APPLIC~1\U3
2007-06-01 02:59:15   --------   d-----w   C:\DOCUME~1\Slayer\APPLIC~1\Simple Sudoku
2007-06-01 02:26:39   11,376   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-24 08:24:49   --------   d-----w   C:\DOCUME~1\Slayer\APPLIC~1\ChessBase
2007-05-24 01:32:34   --------   d-----w   C:\Program Files\Common Files\ChessBase
2007-05-15 05:35:13   --------   d-----w   C:\Program Files\Blender
2007-04-28 23:31:32   --------   d-----w   C:\DOCUME~1\Slayer\APPLIC~1\Help
2007-04-28 23:27:17   178   ----a-w   C:\WINDOWS\PowerReg.dat
2007-04-18 13:51:20   2,113,536   ----a-w   C:\WINDOWS\system32\python25.dll
2007-04-17 03:45:54   1,710,936   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:28   92,504   ----a-w   C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20   53,080   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20   43,352   ----a-w   C:\WINDOWS\system32\wups2.dll
2007-04-13 20:19:52   7,680   ----a-w   C:\WINDOWS\system32\lsdelete.exe
2007-03-27 02:38:20   0   ----a-w   C:\WINDOWS\nsreg.dat
2007-03-27 02:38:12   2,301   ----a-w   C:\WINDOWS\mozver.dat


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{18C7DC10-D544-4398-8B09-7477CAAA896b}=C:\WINDOWS\System32\cgdncaox.dll [2007-06-16 20:37]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42]

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{18C7DC10-D544-4398-8B09-7477CAAA896b}=C:\WINDOWS\System32\cgdncaox.dll [2007-06-16 20:37]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkcv32]
winkcv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkcv32]
winkcv32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slayer^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Slayer\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Slayer^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
path=C:\Documents and Settings\Slayer\Start Menu\Programs\Startup\SDK Tray Menu.lnk
backup=C:\WINDOWS\pss\SDK Tray Menu.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe "C:\WINDOWS\System32\pobohgdk.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\arwlapwl]
C:\WINDOWS\System32\arwlapwl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgjcpcji]
C:\WINDOWS\System32\bgjcpcji.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bmbqpkvy]
C:\WINDOWS\System32\bmbqpkvy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cbqzidut]
C:\WINDOWS\System32\cbqzidut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dkvwdapk]
C:\WINDOWS\System32\dkvwdapk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dkzelohy]
C:\WINDOWS\System32\dkzelohy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmjkdazs]
C:\WINDOWS\System32\dmjkdazs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmzqrely]
C:\WINDOWS\System32\dmzqrely.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dybenetq]
C:\WINDOWS\System32\dybenetq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ebezizsn]
C:\WINDOWS\System32\ebezizsn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epyngpar]
C:\WINDOWS\System32\epyngpar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eviholov]
C:\WINDOWS\System32\eviholov.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezodefqf]
C:\WINDOWS\System32\ezodefqf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fklcrqdm]
C:\WINDOWS\System32\fklcrqdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fonyrgtk]
C:\WINDOWS\System32\fonyrgtk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsjujszm]
C:\WINDOWS\System32\fsjujszm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fuxqpchc]
C:\WINDOWS\System32\fuxqpchc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\System32\ulhrysdx.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gpuzqrsn]
C:\WINDOWS\System32\gpuzqrsn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gtabetsp]
C:\WINDOWS\System32\gtabetsp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hmhuvwju]
C:\WINDOWS\System32\hmhuvwju.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hmrezmtw]
C:\WINDOWS\System32\hmrezmtw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hynupatw]
C:\WINDOWS\System32\hynupatw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inqrqnal]
C:\WINDOWS\System32\inqrqnal.exe
Logged

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #9 on: June 24, 2007, 08:53:19 AM »
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ivybmvmb]
C:\WINDOWS\System32\ivybmvmb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ixevgdoz]
C:\WINDOWS\System32\ixevgdoz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j3241731]
rundll32 C:\WINDOWS\System32\j3241731.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jgfunafq]
C:\WINDOWS\System32\jgfunafq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jizkjcnw]
C:\WINDOWS\System32\jizkjcnw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jqlwdojk]
C:\WINDOWS\System32\jqlwdojk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jqpwvgjs]
C:\WINDOWS\System32\jqpwvgjs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsnoxiza]
C:\WINDOWS\System32\jsnoxiza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jyhadqly]
C:\WINDOWS\System32\jyhadqly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbglanyj]
C:\WINDOWS\System32\kbglanyj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\khofengf]
C:\WINDOWS\System32\khofengf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\knwlalqt]
C:\WINDOWS\System32\knwlalqt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lcfidcns]
C:\WINDOWS\System32\lcfidcns.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lmjsjuni]
C:\WINDOWS\System32\lmjsjuni.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mbypqbej]
C:\WINDOWS\System32\mbypqbej.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfalmjaf]
C:\WINDOWS\System32\mfalmjaf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfizgtez]
C:\WINDOWS\System32\mfizgtez.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhijmvqd]
C:\WINDOWS\System32\mhijmvqd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhoxwdyv]
C:\WINDOWS\System32\mhoxwdyv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mlqvgzgb]
C:\WINDOWS\System32\mlqvgzgb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mzsxszwd]
C:\WINDOWS\System32\mzsxszwd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nebyzkdm.exe]
C:\Documents and Settings\All Users\Application Data\nebyzkdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nydqjapo]
C:\WINDOWS\System32\nydqjapo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\obspotal]
C:\WINDOWS\System32\obspotal.exe
Logged

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #10 on: June 24, 2007, 08:54:16 AM »
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ojmnctax]
C:\WINDOWS\System32\ojmnctax.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\olsfkdyz]
C:\WINDOWS\System32\olsfkdyz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\otwdmfin]
C:\WINDOWS\System32\otwdmfin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ovuvadgn]
C:\WINDOWS\System32\ovuvadgn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcxihedu]
C:\WINDOWS\System32\pcxihedu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pehcbcdy]
C:\WINDOWS\System32\pehcbcdy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pkbefaxc]
C:\WINDOWS\System32\pkbefaxc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqnqfavi]
C:\WINDOWS\System32\pqnqfavi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqxupqpu]
C:\WINDOWS\System32\pqxupqpu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qbclwdwp]
C:\WINDOWS\System32\qbclwdwp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qfsvajob]
C:\WINDOWS\System32\qfsvajob.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qjqnepgl]
C:\WINDOWS\System32\qjqnepgl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qjyjcdmn]
C:\WINDOWS\System32\qjyjcdmn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qtqzaxql]
C:\WINDOWS\System32\qtqzaxql.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qxajexcf]
C:\WINDOWS\System32\qxajexcf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rooh]
"C:\DOCUME~1\Slayer\MYDOCU~1\YMANTE~1\winlogon.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ropmzork]
C:\WINDOWS\System32\ropmzork.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rslkxgnm]
C:\WINDOWS\System32\rslkxgnm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ruvsfglg]
C:\WINDOWS\System32\ruvsfglg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sjwpufex]
C:\WINDOWS\System32\sjwpufex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spobozyf]
C:\WINDOWS\System32\spobozyf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srsxafsh]
C:\WINDOWS\System32\srsxafsh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcjspube]
C:\WINDOWS\System32\tcjspube.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tghoboji]
C:\WINDOWS\System32\tghoboji.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tqtghkbi]
C:\WINDOWS\System32\tqtghkbi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsbqnybm]
C:\WINDOWS\System32\tsbqnybm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tudglytw]
C:\WINDOWS\System32\tudglytw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\twpabuja]
C:\WINDOWS\System32\twpabuja.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tytunopk]
C:\WINDOWS\System32\tytunopk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tyvubivk]
C:\WINDOWS\System32\tyvubivk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\unadgpgr]
C:\WINDOWS\System32\unadgpgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uvixwxon]
C:\WINDOWS\System32\uvixwxon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uvkrujqn]
C:\WINDOWS\System32\uvkrujqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vabgbkxs]
C:\WINDOWS\System32\vabgbkxs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcdqnexq]
C:\WINDOWS\System32\vcdqnexq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcjurepe]
C:\WINDOWS\System32\vcjurepe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vofuxspa]
C:\WINDOWS\System32\vofuxspa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\volmlkjy]
C:\WINDOWS\System32\volmlkjy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wnkvazyp]
C:\WINDOWS\System32\wnkvazyp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvuxqbkl]
C:\WINDOWS\System32\wvuxqbkl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmjmjcri]
C:\WINDOWS\System32\xmjmjcri.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xspotslk]
C:\WINDOWS\System32\xspotslk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xulalydm]
C:\WINDOWS\System32\xulalydm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ylkryzqn]
C:\WINDOWS\System32\ylkryzqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ylqzmjaz]
C:\WINDOWS\System32\ylqzmjaz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ypelyvch]
C:\WINDOWS\System32\ypelyvch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yrqpulih]
C:\WINDOWS\System32\yrqpulih.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ytepqhcp]
C:\WINDOWS\System32\ytepqhcp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yzytwxqt]
C:\WINDOWS\System32\yzytwxqt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zgjivwtc]
C:\WINDOWS\System32\zgjivwtc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zozgzcnm]
C:\WINDOWS\System32\zozgzcnm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zsvuruly]
C:\WINDOWS\System32\zsvuruly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zwpiduzg]
C:\WINDOWS\System32\zwpiduzg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zybiloxk]
C:\WINDOWS\System32\zybiloxk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"AppServer9PE"=2 (0x2)


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 02:07:01
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppServer9PE]
"ImagePath"="C:\Sun\SDK 2\lib\appservService.exe \"\\"C:\Sun\SDK 2\bin\asadmin.bat\\" start-domain --user passpass  domain1\" \"\\"C:\Sun\SDK 2\bin\asadmin.bat\\" stop-domain domain1\\""

Completion time: 2007-06-24  2:09:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-24 02:08

   --- E O F ---
Logged

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #11 on: June 24, 2007, 08:54:49 AM »
Logfile of HijackThis v1.99.1
Scan saved at 2:17:37 AM, on 6/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\xdknteve.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O2 - BHO: (no name) - {18C7DC10-D544-4398-8B09-7477CAAA896b} - C:\WINDOWS\System32\cgdncaox.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O20 - Winlogon Notify: winkcv32 - winkcv32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService -   - C:\WINDOWS\System32\xdknteve.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Logged

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #12 on: June 24, 2007, 08:58:37 AM »
Wow - at least your HJT log is short.

Comodo Firewall has been working well for me.  PC Tools Firewall and Zone Alarm are also good, and all 3 are free.  Here's a link to a Comodo download

http://filehippo.com/download_comodo/

Get one of the firewalls installed, then run a thorough scan with either AVG AntiSpyware or SuperAntiSpyware and post that log.  I will review things in the morning.
Logged

mauserme

  • Guest
Re: I Have Tro Jans HELP
« Reply #13 on: June 24, 2007, 09:10:01 AM »
One more thing.  Upload these files to Virus Total for analysis and post the results

C:\WINDOWS\system32\cgdncaox.dll

C:\WINDOWS\System32\xdknteve.exe
« Last Edit: June 24, 2007, 09:12:38 AM by mauserme »
Logged

Tom2Die

  • Guest
Re: I Have Tro Jans HELP
« Reply #14 on: June 24, 2007, 09:14:44 AM »
I, too, must turn in, it is 3:13am here, but I will post the avg log asap.  thank you for all of your help.

alert users of this forum to never go to seriall.com to find serial codes to games. (i only misplaced mine)  i believe this website to be the root of my problems.
Logged
Pages: [1] 2 3   Go Up
« previous next »