Author Topic: virues infection win32 Trojan1165(trj)  (Read 118347 times)

0 Members and 2 Guests are viewing this topic.

honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #30 on: November 23, 2007, 09:57:43 AM »
----- C:\WINDOWS\system32\nuysvfhl.dll
2007-11-21 22:16:02     10816 --a------ C:\WINDOWS\system32\__c00886CF.dat
2007-11-21 22:16:01     10816 --a------ C:\WINDOWS\system32\tinyfajx.dll
2007-11-21 22:10:49     10816 --a------ C:\WINDOWS\system32\sfwxojas.dll
2007-11-21 19:41:59     80960 --a------ C:\WINDOWS\system32\ronblktv.dll
2007-11-21 19:32:55     10816 --a------ C:\WINDOWS\system32\__c002FA59.dat
2007-11-21 19:32:54     10816 --a------ C:\WINDOWS\system32\uhwinvyt.dll
2007-11-21 19:30:01     10816 --a------ C:\WINDOWS\system32\mbkputod.dll
2007-11-21 19:29:58     71232 --a------ C:\WINDOWS\system32\brvqbgcw.exe <Not Verified; ; DDC>
2007-11-21 19:28:17     10816 --a------ C:\WINDOWS\system32\ctpndxyj.dll
2007-11-21 19:22:38         0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 19:21:35         0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 19:21:35         0 d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2007-11-21 18:54:00     80960 --a------ C:\WINDOWS\system32\rgsmdqoo.dll
2007-11-21 18:52:26     71232 --a------ C:\WINDOWS\system32\tltskrdj.exe <Not Verified; ; DDC>
2007-11-21 18:52:13     10816 --a------ C:\WINDOWS\system32\vxycetyw.dll
2007-11-21 18:47:18     10816 --a------ C:\WINDOWS\system32\pnbimxxk.dll
2007-11-21 18:47:17     10816 --a------ C:\WINDOWS\system32\hcxnemgl.dll
2007-11-21 18:44:44     71232 --a------ C:\WINDOWS\system32\fcxwujne.exe <Not Verified; ; DDC>
2007-11-21 16:55:21     80960 --a------ C:\WINDOWS\system32\odphbvre.dll
2007-11-21 16:52:21     10816 --a------ C:\WINDOWS\system32\__c008BC8C.dat
2007-11-21 16:52:20     10816 --a------ C:\WINDOWS\system32\fmhvjddd.dll
2007-11-21 16:49:43     71232 --a------ C:\WINDOWS\system32\wawdfnck.exe <Not Verified; ; DDC>
2007-11-21 16:38:54     80960 --a------ C:\WINDOWS\system32\ivghudox.dll
2007-11-21 15:24:54     85056 --a------ C:\WINDOWS\system32\rxrulqfk.dll
2007-11-21 15:18:54     71232 --a------ C:\WINDOWS\system32\gjlekrka.exe <Not Verified; ; DDC>
2007-11-21 15:16:24     10816 --a------ C:\WINDOWS\system32\__c00B0AE2.dat
2007-11-21 15:16:23     10816 --a------ C:\WINDOWS\system32\dtncyxbq.dll
2007-11-21 14:16:51     84544 --a------ C:\WINDOWS\system32\qboghyll.dll
2007-11-21 14:10:52     85056 --a------ C:\WINDOWS\system32\qhakqcds.dll
2007-11-21 14:07:51     71232 --a------ C:\WINDOWS\system32\ybgpxwtw.exe <Not Verified; ; DDC>
2007-11-21 14:05:14     10816 --a------ C:\WINDOWS\system32\__c00FC1A5.dat
2007-11-21 14:05:13     10816 --a------ C:\WINDOWS\system32\ihxxxpmc.dll
2007-11-21 14:02:40     84544 --a------ C:\WINDOWS\system32\iyoxxren.dll
2007-11-21 14:00:48     85056 --a------ C:\WINDOWS\system32\vlmjcnmh.dll
2007-11-21 13:08:40     10816 --a------ C:\WINDOWS\system32\__c0064184.dat
2007-11-21 13:08:38     10816 --a------ C:\WINDOWS\system32\ceptjhtm.dll
2007-11-21 13:05:41     71232 --a------ C:\WINDOWS\system32\sfecsbqr.exe <Not Verified; ; DDC>
2007-11-21 13:03:44     10816 --a------ C:\WINDOWS\system32\ejqavcmp.dll
2007-11-21 11:24:40     84544 --a------ C:\WINDOWS\system32\hcoeacke.dll
2007-11-21 11:18:41     10816 --a------ C:\WINDOWS\system32\__c00E3354.dat
2007-11-21 11:18:40     10816 --a------ C:\WINDOWS\system32\issyqsrv.dll
2007-11-21 11:16:07     71232 --a------ C:\WINDOWS\system32\phntjgex.exe <Not Verified; ; DDC>
2007-11-21 11:15:08     84544 --a------ C:\WINDOWS\system32\xjgctvdy.dll
2007-11-21 11:15:02     10816 --a------ C:\WINDOWS\system32\__c0088AA.dat
2007-11-21 11:15:01     10816 --a------ C:\WINDOWS\system32\yxtaaisk.dll
2007-11-21 11:15:00     10816 --a------ C:\WINDOWS\system32\fknnfjma.dll
2007-11-21 11:13:59     71232 --a------ C:\WINDOWS\system32\jqlgewpc.exe <Not Verified; ; DDC>
2007-11-21 11:04:17     84544 --a------ C:\WINDOWS\system32\crebufre.dll
2007-11-21 10:57:46     10816 --a------ C:\WINDOWS\system32\__c00A7359.dat
2007-11-21 10:57:45     10816 --a------ C:\WINDOWS\system32\xhibwkym.dll
2007-11-21 10:57:32     71232 --a------ C:\WINDOWS\system32\wvoocxcs.exe <Not Verified; ; DDC>
2007-11-21 01:27:43     10816 --a------ C:\WINDOWS\system32\rkhfcdyo.dll
2007-11-21 01:25:05     71232 --a------ C:\WINDOWS\system32\cbvpilly.exe <Not Verified; ; DDC>
2007-11-21 01:14:29     84544 --a------ C:\WINDOWS\system32\rkqrtulp.dll
2007-11-21 01:11:28     85056 --a------ C:\WINDOWS\system32\uqqrgoyl.dll
2007-11-21 01:08:34     10816 --a------ C:\WINDOWS\system32\__c00C04AC.dat
2007-11-21 01:08:33     10816 --a------ C:\WINDOWS\system32\uqanrmpp.dll
2007-11-21 01:08:31     10816 --a------ C:\WINDOWS\system32\wlxulpwg.dll
2007-11-21 01:07:49     71232 --a------ C:\WINDOWS\system32\owlxhoui.exe <Not Verified; ; DDC>
2007-11-21 01:01:01     10816 --a------ C:\WINDOWS\system32\__c0074039.dat
2007-11-21 01:01:00     10816 --a------ C:\WINDOWS\system32\neggrjvr.dll
2007-11-21 01:00:59     10816 --a------ C:\WINDOWS\system32\iqeewekd.dll
2007-11-21 00:58:22     71232 --a------ C:\WINDOWS\system32\snyxkjaj.exe <Not Verified; ; DDC>
2007-11-21 00:55:10     84544 --a------ C:\WINDOWS\system32\xielkolq.dll
2007-11-21 00:49:08     10816 --a------ C:\WINDOWS\system32\__c00AC900.dat
2007-11-21 00:49:07     10816 --a------ C:\WINDOWS\system32\vpexwjrv.dll
2007-11-21 00:46:32     71232 --a------ C:\WINDOWS\system32\leewtbkv.exe <Not Verified; ; DDC>
2007-11-21 00:43:40     84544 --a------ C:\WINDOWS\system32\cejrtqas.dll
2007-11-21 00:43:32     85056 --a------ C:\WINDOWS\system32\sfmhmmjt.dll
2007-11-21 00:40:27     71232 --a------ C:\WINDOWS\system32\xwckccyg.exe <Not Verified; ; DDC>
2007-11-21 00:37:50     10816 --a------ C:\WINDOWS\system32\__c001F66C.dat

honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #31 on: November 23, 2007, 10:00:11 AM »
2007-11-20 20:29:48     10816 --a------ C:\WINDOWS\system32\gcxjvkdb.dll
2007-11-20 20:29:47     10816 --a------ C:\WINDOWS\system32\pnqagldo.dll
2007-11-20 20:27:06     71232 --a------ C:\WINDOWS\system32\xdpakdkn.exe <Not Verified; ; DDC>
2007-11-20 20:24:25     10816 --a------ C:\WINDOWS\system32\__c0071610.dat
2007-11-20 20:24:24     10816 --a------ C:\WINDOWS\system32\ekvgbjkl.dll
2007-11-20 20:21:35     84544 --a------ C:\WINDOWS\system32\qthrflfp.dll
2007-11-20 20:15:47     85056 --a------ C:\WINDOWS\system32\cjtdsvtf.dll
2007-11-20 20:15:43     71232 --a------ C:\WINDOWS\system32\uhsynyge.exe <Not Verified; ; DDC>
2007-11-20 20:12:55     10816 --a------ C:\WINDOWS\system32\__c00C94F9.dat
2007-11-20 20:12:54     10816 --a------ C:\WINDOWS\system32\iurikdui.dll
2007-11-20 20:11:42     10816 --a------ C:\WINDOWS\system32\rsatnjwh.dll
2007-11-20 20:09:02     71232 --a------ C:\WINDOWS\system32\njalsdms.exe <Not Verified; ; DDC>
2007-11-20 20:08:27     10816 --a------ C:\WINDOWS\system32\__c0062168.dat
2007-11-20 20:08:26     10816 --a------ C:\WINDOWS\system32\jmicxjqk.dll
2007-11-20 20:00:24     71232 --a------ C:\WINDOWS\system32\vwpemrag.exe <Not Verified; ; DDC>
2007-11-20 19:57:11     10816 --a------ C:\WINDOWS\system32\__c008C3C1.dat
2007-11-20 19:56:48     10816 --a------ C:\WINDOWS\system32\__c00D4C1A.dat
2007-11-20 19:56:46     10816 --a------ C:\WINDOWS\system32\__c005A28.dat
2007-11-20 19:55:56     10816 --a------ C:\WINDOWS\system32\__c00E9531.dat
2007-11-20 19:55:46     71232 --a------ C:\WINDOWS\system32\fhspjcoo.exe <Not Verified; ; DDC>
2007-11-20 19:53:11     10816 --a------ C:\WINDOWS\system32\qamudofx.dll
2007-11-20 17:43:42     84544 --a------ C:\WINDOWS\system32\tfmasjfr.dll
2007-11-20 17:40:43     85056 --a------ C:\WINDOWS\system32\qiutfrdi.dll
2007-11-20 17:34:42     10816 --a------ C:\WINDOWS\system32\__c002BC9C.dat
2007-11-20 17:34:41     10816 --a------ C:\WINDOWS\system32\kyrinjdr.dll
2007-11-20 17:29:06     10816 --a------ C:\WINDOWS\system32\arvgxvfc.dll
2007-11-20 15:47:11         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 14:41:43         0 d-------- C:\Documents and Settings\user\DoctorWeb
2007-11-20 14:34:44     10816 --a------ C:\WINDOWS\system32\vowqdeyy.dll
2007-11-20 14:32:28     83008 --a------ C:\WINDOWS\system32\rlggvthp.dll
2007-11-20 14:26:25     10816 --a------ C:\WINDOWS\system32\__c00F5844.dat
2007-11-20 14:26:23     10816 --a------ C:\WINDOWS\system32\clfblsor.dll
2007-11-20 14:23:46     10816 --a------ C:\WINDOWS\system32\iwiytoxv.dll
2007-11-20 14:12:56     24185 --a------ C:\WINDOWS\system32\tpxhbumy.dll
2007-11-20 14:12:49     10816 --a------ C:\WINDOWS\system32\kgveoavl.dll
2007-11-20 14:11:54     10816 --a------ C:\WINDOWS\system32\iwaeucwh.dll
2007-11-20 14:08:12     10816 --a------ C:\WINDOWS\system32\bcrsrxql.dll
2007-11-20 14:03:42     10816 --a------ C:\WINDOWS\system32\onsmfwhx.dll
2007-11-20 13:57:09     85056 --a------ C:\WINDOWS\system32\crqfvuna.dll
2007-11-20 13:48:05     10816 --a------ C:\WINDOWS\system32\__c00E6936.dat
2007-11-20 13:48:04     10816 --a------ C:\WINDOWS\system32\dkcaxvco.dll
2007-11-20 13:43:46     10816 --a------ C:\WINDOWS\system32\__c004CB45.dat
2007-11-20 13:43:45     10816 --a------ C:\WINDOWS\system32\dnrbqeql.dll
2007-11-20 13:41:18     10816 --a------ C:\WINDOWS\system32\uqmfyiwd.dll
2007-11-20 13:32:18     83008 --a------ C:\WINDOWS\system32\ymxwkojb.dll
2007-11-20 13:29:12     85056 --a------ C:\WINDOWS\system32\hhgficqu.dll
2007-11-20 13:23:36     10816 --a------ C:\WINDOWS\system32\__c0095C3A.dat
2007-11-20 13:23:35     10816 --a------ C:\WINDOWS\system32\cdcruvoj.dll
2007-11-20 13:20:52     83008 --a------ C:\WINDOWS\system32\yhncrikt.dll
2007-11-20 13:14:53     10816 --a------ C:\WINDOWS\system32\__c00F4F1E.dat
2007-11-20 13:14:52     10816 --a------ C:\WINDOWS\system32\dnedkajb.dll
2007-11-20 13:04:33     83008 --a------ C:\WINDOWS\system32\uhmegyqc.dll
2007-11-20 12:55:52     10816 --a------ C:\WINDOWS\system32\__c00B5900.dat
2007-11-20 12:55:51     10816 --a------ C:\WINDOWS\system32\eyiailei.dll
2007-11-20 12:40:35     10816 --a------ C:\WINDOWS\system32\__c0040ED9.dat
2007-11-20 12:40:34     10816 --a------ C:\WINDOWS\system32\purjaagy.dll
2007-11-20 12:37:58     10816 --a------ C:\WINDOWS\system32\vtdlwgnl.dll
2007-11-20 12:19:02     85056 --a------ C:\WINDOWS\system32\srtumlyh.dll
2007-11-20 12:13:07     10816 --a------ C:\WINDOWS\system32\__c006F444.dat
2007-11-20 12:13:06     10816 --a------ C:\WINDOWS\system32\yguopmco.dll
2007-11-20 12:07:07     10816 --a------ C:\WINDOWS\system32\kuirmmff.dll
2007-11-20 12:04:32     10816 --a------ C:\WINDOWS\system32\gvogdufb.dll
2007-11-20 11:43:18     85056 --a------ C:\WINDOWS\system32\ssbmbdvq.dll
2007-11-20 11:40:18     83008 --a------ C:\WINDOWS\system32\eywnrdbx.dll
2007-11-20 11:28:37     10816 --a------ C:\WINDOWS\system32\__c0036621.dat
2007-11-20 11:28:36     10816 --a------ C:\WINDOWS\system32\cooaltgt.dll
2007-11-20 11:24:52     10816 --a------ C:\WINDOWS\system32\__c007812B.dat
2007-11-20 11:24:51     10816 --a------ C:\WINDOWS\system32\exqmifsi.dll
2007-11-20 11:19:16     10816 --a------ C:\WINDOWS\system32\kaffrcgo.dll
2007-11-20 11:18:37     10816 --a------ C:\WINDOWS\system32\__c00D0C91.dat
2007-11-20 11:18:35     10816 --a------ C:\WINDOWS\system32\kiynkjjm.dll
2007-11-19 21:49:35     10816 --a------ C:\WINDOWS\system32\inxfmctc.dll
2007-11-19 21:42:10     85056 --a------ C:\WINDOWS\system32\uygbiaus.dll
2007-11-19 21:41:52     10816 --a------ C:\WINDOWS\system32\__c009AC5D.dat
2007-11-19 21:41:51     10816 --a------ C:\WINDOWS\system32\wimevxbk.dll
2007-11-19 21:39:11     10816 --a------ C:\WINDOWS\system32\sfukkakn.dll
2007-11-19 21:37:34     10816 --a------ C:\WINDOWS\system32\ktlfisly.dll
2007-11-19 21:29:41     10816 --a------ C:\WINDOWS\system32\ycegvqhn.dll
2007-11-19 20:40:50     83008 --a------ C:\WINDOWS\system32\jcpnmiay.dll
2007-11-19 20:35:11     85056 --a------ C:\WINDOWS\system32\iegvvjdq.dll
2007-11-19 20:08:11     83008 --a------ C:\WINDOWS\system32\uwuvrien.dll
2007-11-19 20:05:36         0 d-------- C:\Documents and Settings\user\Application Data\Grisoft
2007-11-19 20:05:01         0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft



honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #32 on: November 23, 2007, 10:02:57 AM »
007-11-19 20:05:01         0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 18:35:51     85056 --a------ C:\WINDOWS\system32\ctfukatm.dll
2007-11-19 18:35:44     83008 --a------ C:\WINDOWS\system32\klxofkwk.dll
2007-11-19 18:10:16     83008 --a------ C:\WINDOWS\system32\puoswkhb.dll
2007-11-19 18:07:22     85056 --a------ C:\WINDOWS\system32\qropuskt.dll
2007-11-19 14:40:32     85056 --a------ C:\WINDOWS\system32\tdbdettu.dll
2007-11-19 13:01:00     79424 --a------ C:\WINDOWS\system32\fulsirun.dll
2007-11-19 12:43:22     79424 --a------ C:\WINDOWS\system32\hjwfdgws.dll
2007-11-19 12:33:42     79424 --a------ C:\WINDOWS\system32\unmypext.dll
2007-11-17 20:53:52     85056 --a------ C:\WINDOWS\system32\tnscmqqj.dll
2007-11-16 21:11:50     85056 --a------ C:\WINDOWS\system32\ceiyjynq.dll
2007-11-16 10:37:04         0 d-------- C:\Program Files\Registry Defender
2007-11-14 21:14:29     85056 --a------ C:\WINDOWS\system32\hdfghwuf.dll
2007-11-14 21:10:34         0 d------c- C:\Do=?
2007-11-14 21:07:00         0 d------c- C:\aadc3612925cefdb590bf5
2007-11-13 20:30:02     88128 --a------ C:\WINDOWS\system32\sapsvldq.dll
2007-11-13 19:08:10     88128 --a------ C:\WINDOWS\system32\gemayaxi.dll
2007-11-13 16:24:30     88128 --a------ C:\WINDOWS\system32\ranqnqwv.dll
2007-11-12 15:09:26     88128 --a------ C:\WINDOWS\system32\ddqpvwcb.dll
2007-11-12 14:01:59     88128 --a------ C:\WINDOWS\system32\ntmhirqr.dll
2007-11-11 19:42:38         0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-11 19:41:35         0 d-------- C:\Program Files\Yahoo!
2007-11-11 15:43:59     88128 --a------ C:\WINDOWS\system32\vcnamhyy.dll
2007-11-11 13:07:26     85056 --a------ C:\WINDOWS\system32\jdoemquo.dll
2007-11-10 17:18:05     85056 --a------ C:\WINDOWS\system32\oupubfbq.dll
2007-11-09 22:26:21         0 d-------- C:\Program Files\BingoCafe
2007-11-09 20:46:20     88128 --a------ C:\WINDOWS\system32\odujphcr.dll
2007-11-09 20:07:34     88128 --a------ C:\WINDOWS\system32\ijwujfjg.dll
2007-11-09 18:29:44         0 d-------- C:\Program Files\Alwil Software
2007-11-09 18:10:11     88128 --a------ C:\WINDOWS\system32\gghckaaf.dll
2007-11-09 06:44:27         0 d-------- C:\Program Files\Grey Cdrom Boob
2007-11-08 22:23:37         0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-08 22:15:35         0 d-------- C:\Program Files\Common Files\PCSuite
2007-11-08 22:15:35         0 d-------- C:\Program Files\Common Files\Nokia
2007-11-08 22:14:35         0 d-------- C:\Program Files\PC Connectivity Solution
2007-11-08 22:14:10         0 d-------- C:\Program Files\Nokia
2007-11-08 11:02:57     86080 --a------ C:\WINDOWS\system32\iottqcpy.dll
2007-11-07 12:23:22     87104 --a------ C:\WINDOWS\system32\wckkkbuk.dll
2007-11-06 22:04:20     87104 --a------ C:\WINDOWS\system32\ivjkndfn.dll
2007-11-06 21:48:59     87104 --a------ C:\WINDOWS\system32\pybwlcxh.dll
2007-11-06 21:01:59     87104 --a------ C:\WINDOWS\system32\ofdvvbig.dll
2007-11-06 17:30:09         0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2007-11-06 15:32:57     85568 --a------ C:\WINDOWS\system32\shkpvamo.dll
2007-11-05 23:36:57     85568 --a------ C:\WINDOWS\system32\pkrfhkyl.dll
2007-11-05 19:46:44     85568 --a------ C:\WINDOWS\system32\jweswqhl.dll
2007-11-05 18:29:14         0 d-------- C:\WINDOWS\system32\FxsTmp
2007-11-05 18:13:19     85568 --a------ C:\WINDOWS\system32\liqlsrcm.dll
2007-11-05 15:02:42     86080 -----n--- C:\WINDOWS\system32\tqhqrppf.dll
2007-11-05 14:59:01     86080 --a------ C:\WINDOWS\system32\gfhvafif.dll
2007-11-04 13:26:04     85568 --a------ C:\WINDOWS\system32\rmoqtems.dll
2007-11-04 12:39:22     87616 --a------ C:\WINDOWS\system32\nkwtdprp.dll
2007-11-03 15:56:45     87616 --a------ C:\WINDOWS\system32\twjlqwty.dll
2007-11-02 10:26:10     85056 --a------ C:\WINDOWS\system32\hhyxqaag.dll
2007-11-01 09:44:39    335785 ---hs---- C:\WINDOWS\system32\edeeg.ini2
2007-10-31 16:01:03         0 d---s---- C:\WINDOWS\Cookies
2007-10-31 16:01:00         0 d------c- C:\DoF
2007-10-31 16:00:59         0 d------c- C:\DoF
2007-10-31 03:13:43         0 d------c- C:\31.2.5253
2007-10-27 17:07:09         0 d-------- C:\Documents and Settings\user\Application Data\eMusic
2007-10-27 15:57:32         0 d-------- C:\Program Files\eMusic Remote
2007-10-27 02:55:11         0 --a------ C:\Documents and Settings\user\core
2007-10-26 21:30:32         0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2007-10-26 15:30:18     83008 --a------ C:\WINDOWS\system32\hbwmuwkr.dll
2007-10-24 14:59:10         0 d-------- C:\WINDOWS\pss
2007-10-24 14:52:14         0 d-------- C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog


-- Find3M Report ---------------------------------------------------------------

2007-11-22 11:20:04    344697 ---hs---- C:\WINDOWS\system32\edeeg.bak2
2007-11-22 11:13:59         0 d-------- C:\Documents and Settings\user\Application Data\OpenOffice.org2
2007-11-22 10:45:07       657 --a------ C:\Documents and Settings\user\Application Data\.googlewebacchosts
2007-11-20 15:47:11         0 d-------- C:\Program Files\Common Files
2007-11-11 14:03:43         0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-09 22:41:42         0 d-------- C:\Program Files\QuickTime
2007-11-09 18:34:32         0 d-------- C:\Documents and Settings\user\Application Data\Grey Cdrom Boob
2007-11-09 10:53:30         0 d-------- C:\Documents and Settings\user\Application Data\Nokia
2007-11-08 22:23:59         0 d-------- C:\Documents and Settings\user\Application Data\PC Suite
2007-11-08 22:15:13         0 d-------- C:\Program Files\DIFX
2007-10-31 19:37:54         0 d-------- C:\Program Files\Join ME
2007-10-27 04:00:28         0 d-------- C:\Documents and Settings\user\Application Data\Vso
2007-10-24 14:52:13         0 d-------- C:\Documents and Settings\user\Application Data\StumbleUpon
2007-10-24 14:52:09         0 d-------- C:\Program Files\Common Files\Scanner
2007-10-24 14:52:04         0 d--hs---- C:\Program Files\outlook
2007-10-24 14:52:04         0 d-------- C:\Program Files\Network Monitor
2007-10-24 14:52:00         0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-24 14:51:22         0 d-------- C:\Program Files\RegistrySmart
2007-10-24 01:19:04         0 d-------- C:\Documents and Settings\user\Application Data\LimeWire

honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #33 on: November 23, 2007, 10:04:42 AM »
2007-10-19 06:27:25      1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-17 13:03:56      6474 ---hs---- C:\WINDOWS\system32\edeeg.bak1
2007-10-17 13:03:32    311904 --a------ C:\WINDOWS\system32\geede.dll
2007-10-15 14:23:37         0 d-------- C:\Program Files\Windows NT
2007-10-15 13:34:03         0 d-------- C:\Program Files\CA
2007-10-15 11:58:35         0 d-------- C:\Documents and Settings\user\Application Data\RegistrySmart
2007-10-14 18:04:13        64 --a------ C:\WINDOWS\system32\extdfxjd.dll
2007-10-14 17:59:53    472817 --ahs---- C:\WINDOWS\system32\nqtwa.bak2
2007-10-12 13:22:56         0 d-------- C:\Program Files\Google
2007-10-12 13:18:47         0 d-------- C:\Documents and Settings\user\Application Data\MSNInstaller
2007-10-11 17:46:18        18 --a------ C:\WINDOWS\system32\CC.dll
2007-10-11 17:45:10     60928 --a------ C:\WINDOWS\system32\zip32.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-10-11 10:42:30      6465 --ahs---- C:\WINDOWS\system32\nqtwa.bak1
2007-10-11 10:38:10       249 --a------ C:\WINDOWS\system32\5329.bat
2007-10-11 10:38:06        86 --a------ C:\WINDOWS\system32\n.bat
2007-10-11 10:37:32      2411 --a------ C:\WINDOWS\system32\x.dat
2007-10-11 10:37:17     52687 --a------ C:\WINDOWS\system32\z.dat
2007-10-11 10:36:30     36352 --a------ C:\WINDOWS\system32\jkkklkj.dll
2007-10-11 10:36:28     58880 --a------ C:\WINDOWS\system32\app.exe
2007-10-11 10:36:22     32768 --a------ C:\WINDOWS\system32\winlogo.exe <Not Verified; w00t; fhjdh456746dhfjdfjfdjfkk>
2007-10-11 10:35:36    147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-09-29 16:43:33         0 d-------- C:\Documents and Settings\user\Application Data\Identities
2007-09-29 13:35:48         0 d-------- C:\Program Files\Symantec
2007-09-29 09:55:27         0 d-------- C:\Program Files\The Weather Channel FW
2007-09-29 09:51:28         0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-29 09:34:04         0 d-------- C:\Program Files\Binary Boy
2007-09-29 09:27:39         0 d-------- C:\Program Files\ezr
2007-09-29 09:18:33         0 d-------- C:\Program Files\ezt
2007-09-29 07:08:00         0 d-------- C:\Program Files\eBay
2007-09-28 11:09:04         0 d-------- C:\Documents and Settings\user\Application Data\WholeSecurity
2007-09-27 16:12:55         0 d-------- C:\Program Files\Microsoft ActiveSync
2007-09-27 16:10:39         0 d-------- C:\Program Files\Microsoft.NET
2007-09-26 19:49:10         0 d-------- C:\Program Files\Real
2007-09-26 19:49:08         0 d-------- C:\Program Files\Common Files\Real
2007-09-23 01:49:22         0 d-------- C:\Documents and Settings\user\Application Data\DataLayer
2007-09-19 15:53:05      9728 --a------ C:\WINDOWS\system32\UnInstall The Hoggs  Harley Davidson.exe
2007-09-19 15:53:05   5530273 --a------ C:\WINDOWS\system32\The Hoggs  Harley Davidson.scr
2007-09-17 17:54:39      1744 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74605DD9-2871-480C-8B4B-0302A966CB92}]
         C:\WINDOWS\SYSTEM32\AWTQN.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99DE9A8F-2E4E-4781-86C6-F2A2B25C24B6}]
         C:\WINDOWS\system32\qdfsssjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99E41A24-6F7C-4531-A4B5-EAD6F371473B}]
         C:\Program Files\MSN Gaming Zone\holemunyz4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC0692C3-733F-48AB-8E03-D3C5A32B1716}]
17/10/2007 01:03 PM   311904   --a------   C:\WINDOWS\system32\geede.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD726424-B9CD-4C34-9DC9-152C67761FDE}]
         C:\Program Files\MSN Gaming Zone\holemunyz83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA959CC3-D52A-4388-3B87-985A96131158}]
         C:\Program Files\Windows NT\lawug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [03/08/2006 07:42 AM C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/10/2004 05:50 PM]
"nwiz"="nwiz.exe" [29/10/2004 05:50 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [29/10/2004 05:50 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [23/11/2006 04:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [05/12/2006 11:55 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [19/02/2006 03:41 AM]
"NGServer"="C:\Program Files\Symantec\Ghost\ngserver.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 05:00 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 04:40 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 04:06 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [21/09/2007 10:29 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [15/10/2007 03:13 PM]
"@"="" []
"CaPPcl"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe" [15/10/2007 03:13 PM]
"eTrustPPAP"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 03:10 PM]
"Anti Dog Beep Grid"="C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 07:36 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/11/2007 10:41 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 07:55 PM]
"88441475"="C:\WINDOWS\system32\wbuwaswt.dll" [22/11/2007 05:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 02:54 AM]
"SpyClean"="C:\Program Files\Netcom3 Cleaner\SpyClean.exe" []
"Play Tool"="C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\user\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [25/01/2006 8:42:22 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 5:21:22 AM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [9/07/2007 11:24:38 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [26/03/2006 11:44:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [13/03/2006 02:11 PM 233472]
"{4E78714D-2D26-4965-AECE-501024825423}"= C:\WINDOWS\SYSTEM32\JKKKLKJ.DLL [11/10/2007 10:36 AM 36352]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklkj]
jkkklkj.dll 11/10/2007 10:36 AM 36352 C:\WINDOWS\system32\jkkklkj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\geede.dll


honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #34 on: November 23, 2007, 10:14:16 AM »
If you still can't get the DSS logs posted, we can perk your computer up a bit more. I was going to get you to download and run this program anyway. I just didn't want ot throw too much at you at once. You seem to be about caught, we might as well go forward.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and the DSS log along with a new HJT
     log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall


This scan is fairly quick, just let it finish. Don't panic or rush yourself.


edit to add:

What issues are you having with notepad?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:19 PM, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #35 on: November 23, 2007, 10:15:42 AM »
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: {88af22c3-cf06-1df9-c8f4-4c7c1c9a9484} - {4849a9c1-c7c4-4f8c-9fd1-60fc3c22fa88} - C:\WINDOWS\system32\ymmterde.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {74605DD9-2871-480C-8B4B-0302A966CB92} - C:\WINDOWS\SYSTEM32\AWTQN.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {99DE9A8F-2E4E-4781-86C6-F2A2B25C24B6} - C:\WINDOWS\system32\qdfsssjj.dll (file missing)
O2 - BHO: (no name) - {99E41A24-6F7C-4531-A4B5-EAD6F371473B} - C:\Program Files\MSN Gaming Zone\holemunyz4444.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: (no name) - {CD726424-B9CD-4C34-9DC9-152C67761FDE} - C:\Program Files\MSN Gaming Zone\holemunyz83122.dll (file missing)
O2 - BHO: (no name) - {EA959CC3-D52A-4388-3B87-985A96131158} - C:\Program Files\Windows NT\lawug.dll (file missing)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [

honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #36 on: November 23, 2007, 10:16:09 AM »
PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [88441475] rundll32.exe "C:\WINDOWS\system32\ushfylcr.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU\..\Run: [Play Tool] C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm103YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?75916c03fbbc4eeb82ca20dbc53ebe48
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?75916c03fbbc4eeb82ca20dbc53ebe48
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkklkj - C:\WINDOWS\SYSTEM32\jkkklkj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - (no file)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12175 bytes

honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #37 on: November 23, 2007, 10:19:20 AM »
Sorry, Oldman it was the only way I could get it to post. I don't know what I'm doing wrong with my attachments not posting. Anyhow, I need to log off. That was a draining lot of logs and posts etc. I hope you can make something of it. By the was my PC is running pretty good!!!!!! THanks again Honeyk :-* :-* :-*

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: virues infection win32 Trojon1165(trj)
« Reply #38 on: November 23, 2007, 03:13:30 PM »
Good.  :D  Now to try to hold on to the progress you have made.

Turn on windows firewall

Click start, control panel, open the security center, click on the firewall and change the setting to on.

We're going to do a little registry repair and get you fitted with a decent firewall. Tonight we'll get rid of the rest of the critters.



Download ERUNT from

http://www.larshederer.homepage.t-online.de/erunt/

and backup your registry


Now for the fix

REGISTRY FIX
Quote
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file.  Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
Make sure that in the top box Save in is set to desktop
This will create a fix.reg file on your desktop

To use this file you will need to right click the icon and select merge, accept the warning if it appears and the reg fix is done.

Clean out some old restore points.

Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point

Remove old restore points

Disk Cleanup
- Go to Start - All Programs - Accessories, Launch the Disk Cleanup tool let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

Get a firewall

A discussion on free firewalls can be found here.

http://forum.avast.com/index.php?topic=30808.0

They'll all do the job, but zone alarm free is limited in user configuarability, so I'd pass one that one. Comodo is being used by many forum users with xp. It's easy to set up and has a good help file.

It can be downloaded from

http://filehippo.com/download_comodo/

and a setup video tutorial here

http://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/noob_install_video_guide-t4766.0.html

Check out the link to the discussion and please install one, it will help keep the bad guys out while we finish this.(I only mention the two firewalls above because it is the only 2 that I have any experience with.)

Regardless of which one you go with, the following avast components need internet access.

avast.setup
ashwebsrv.exe
ashmaisrv.exe

Please try to limit your internet activity to a bare minimum, you a still very vulnerable.

Please post a new DSS log in your next reply. There will only be a main text this time.

We'll see you tonight.  8)

Again any problems or questions, post back. Copy and paste is fine, we'll work on attaching after.




honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #39 on: November 24, 2007, 04:10:20 AM »
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:47 PM, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Windows Desktop Search\wds_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: {88af22c3-cf06-1df9-c8f4-4c7c1c9a9484} - {4849a9c1-c7c4-4f8c-9fd1-60fc3c22fa88} - C:\WINDOWS\system32\ymmterde.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {74605DD9-2871-480C-8B4B-0302A966CB92} - C:\WINDOWS\SYSTEM32\AWTQN.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {99DE9A8F-2E4E-4781-86C6-F2A2B25C24B6} - C:\WINDOWS\system32\qdfsssjj.dll (file missing)
O2 - BHO: (no name) - {99E41A24-6F7C-4531-A4B5-EAD6F371473B} - C:\Program Files\MSN Gaming Zone\holemunyz4444.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: (no name) - {CD726424-B9CD-4C34-9DC9-152C67761FDE} - C:\Program Files\MSN Gaming Zone\holemunyz83122.dll (file missing)
O2 - BHO: (no name) - {EA959CC3-D52A-4388-3B87-985A96131158} - C:\Program Files\Windows NT\lawug.dll (file missing)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users\Application Data\Open Ante Anti Dog\online each.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [88441475] rundll32.exe "C:\WINDOWS\system32\ushfylcr.dll",b
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU\..\Run: [Play Tool] C:\DOCUME~1\user\APPLIC~1\GREYCD~1\Atom Tray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\C

honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #40 on: November 24, 2007, 04:12:46 AM »
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm103YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?75916c03fbbc4eeb82ca20dbc53ebe48
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?75916c03fbbc4eeb82ca20dbc53ebe48
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkklkj - C:\WINDOWS\SYSTEM32\jkkklkj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - (no file)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12561 bytes
Hi Oldman, Thanks again with your easy to follow instructions. My PC is running like a treat!!! Waiting for you when you get time. Honeyk :-*

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: virues infection win32 Trojon1165(trj)
« Reply #41 on: November 24, 2007, 04:26:38 AM »
Hi, you ready to go?

Did you get everything done from my last post?

I need a fresh DSS log and we're ready to squish bugs.

To attach a file

on the reply page, click addional options by the lower left corner of the reply box, scroll down a bit. You should see a box for attachments. Use the browse button to browse to the file you want to attach. A window will open, when you find the file, click open. The file name should appear in the box.
« Last Edit: November 24, 2007, 04:49:00 AM by oldman »

honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #42 on: November 24, 2007, 05:39:24 AM »
Honeyk :-*

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: virues infection win32 Trojon1165(trj)
« Reply #43 on: November 24, 2007, 06:03:56 AM »
Hi

I need a DSS log. Please rerun Deckard System Scan. There will only be a main log this time.

As soon as you post this we can continue.  ;D

Oh and there seems to be a bit of the combofix log missing also. so you might as well rerun it as well and pos that log also.

now that you know how to attach files.  ;)


Thanks
« Last Edit: November 24, 2007, 07:54:23 AM by oldman »

honeyk

  • Guest
Re: virues infection win32 Trojon1165(trj)
« Reply #44 on: November 24, 2007, 08:40:17 AM »
I hope this is right Honeyk :-*