Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Trogan Horse!

Register iSpy Downloads New Posts Donate Unanswered Posts Member List Search

Computer Juice raffle - Win PC hardware of your choice worth £500 / €680 / $1000 - Enter HERE!


Computer Juice - Forums - Trogan Horse!

Reply
1 2 >
 
Thread Tools
  #1  
Old 12-04-2008, 04:43 AM
No Avatar
CJ Member
 
ct122592 is offline
 
Join Date: Dec 2007
Last Online: Yesterday 02:35 AM
Posts: 59
iTrader: (0)
ct122592 is on a distinguished road
Default

Trogan Horse!

Okayy so my computer's auto protect results from symantec keeps poping up and saying i have trojan horse. It says it quarantined, but it keeps poping backk up saying theres moree.

Can some1 pls guide me through to permanentlyy delete the trojan horse, so i wont get the prompt from my auto protect? Thanks!


Heres my hiJack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:45 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <Link hidden. Register for free to see this link!>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <Link hidden. Register for free to see this link!>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <Link hidden. Register for free to see this link!>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - <Link hidden. Register for free to see this link!>
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - <Link hidden. Register for free to see this link!>
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - <Link hidden. Register for free to see this link!>
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - <Link hidden. Register for free to see this link!>
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - <Link hidden. Register for free to see this link!>
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - <Link hidden. Register for free to see this link!>
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/HP_Owner/Local%20Settings/Application%20Data/Microsoft/Wallpaper1.bmp

--
End of file - 9221 bytes
Last edited by ct122592 : 12-04-2008 at 04:52 AM.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #2  
Old 12-04-2008, 04:09 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 10:28 PM
Posts: 4,351
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default

Trogan Horse!

Download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
If using Windows Vista, be sure to <Link hidden. Register for free to see this link!>
  • At the end, be sure a check mark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Click Finish
  • If an update is found, it will download and install the latest version.
If you encounter any problems while downloading the updates then manually download them from <Link hidden. Register for free to see this link!>
Double-click on mbam-rules.exe to install.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process or, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • Please copy and paste the log into your next reply
__________________
.

Never argue with an idiot. They'll bring you down to their level, then beat you with experience.
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #3  
Old 13-04-2008, 02:56 AM
No Avatar
CJ Member
 
ct122592 is offline
 
Join Date: Dec 2007
Last Online: Yesterday 02:35 AM
Posts: 59
iTrader: (0)
ct122592 is on a distinguished road
Default

Trogan Horse!

MBAM LOG:


Malwarebytes' Anti-Malware 1.11
Database version: 619

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 108546
Time elapsed: 36 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\Folders\C:\Program Files\AdwareAlert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Registry Backups (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Log\2007 Aug 21 - 01_47_51 AM_890.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Log\2007 Aug 21 - 01_47_58 AM_312.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Settings\CustomScan.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Settings\IgnoreList.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Settings\ScanInfo.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Settings\ScanResults.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Settings\SelectedFolders.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert\Settings\Settings.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #4  
Old 13-04-2008, 03:16 AM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 10:28 PM
Posts: 4,351
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default

Trogan Horse!

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click <Link hidden. Register for free to see this link!> to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.
    • Choose Yes to accept the Disclaimers.[
  • When finished, it will produce a log for you.
  • Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
  • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

----------

Please post the Combofix log and also let me know how is everything now.
__________________
.

Never argue with an idiot. They'll bring you down to their level, then beat you with experience.
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #5  
Old 13-04-2008, 04:57 AM
No Avatar
CJ Member
 
ct122592 is offline
 
Join Date: Dec 2007
Last Online: Yesterday 02:35 AM
Posts: 59
iTrader: (0)
ct122592 is on a distinguished road
Default

Trogan Horse!

btw do u knoww what had caused the computer to have trojan horsee? Plus it runs slower. Is theree a wayy to makee it run faster or likee originallyy?


Combofix Log:

ComboFix 08-04-12.5 - HP_Owner 2008-04-12 21:39:23.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.177 [GMT -7:00]Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTMGR
-------\Service_ccEvtMgr
-------\Service_ccPwdSvc


((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-12 19:14 . 2008-04-12 19:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 19:14 . 2008-04-12 19:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-04-12 19:14 . 2008-04-12 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-29 00:39 . 2008-03-29 00:39 6,146 --a------ C:\Documents and Settings\HP_Owner\~.exe
2008-03-28 15:40 . 2008-03-28 15:40 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-13 04:43 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-12 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-08 02:51 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-29 07:39 6,146 ----a-w C:\Documents and Settings\HP_Owner\~.exe
2008-02-28 21:46 --------- d-----w C:\Program Files\AIM
2008-02-28 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-23 03:59 --------- d-----w C:\Program Files\Common Files\Adobe
2007-06-23 08:54 167 ----a-w C:\Documents and Settings\HP_Owner\2224.bat
2006-08-23 03:06 2,275 ----a-w C:\Program Files\EXTRACT.cab
2007-05-13 01:19 1,466,609 --sha-r C:\WINDOWS\system32\ddeeg.bak1
2007-06-28 01:12 1,855,856 --sh--r C:\WINDOWS\system32\hjkmp.bak2
2007-07-25 23:53 971,701 --sh--w C:\WINDOWS\system32\odmytoxk.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 03:46 196608]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-06 18:13 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 13:17 58488]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 05:00 455168]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-27 02:03 99984]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 14:03 180269]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"MP10_EnsureFileVer"="C:\WINDOWS\inf\unregmp2. exe" [2004-08-04 05:00 208896]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb10.exe" [2004-03-04 08:46 172032]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-26 19:13 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-06-29 11:24:19 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 17:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 16:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 08:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
C:\WINDOWS\system32\llprnxpj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2004-08-04 05:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 05:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-12-20 20:54 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
-ra------ 2002-10-16 16:57 81920 C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-24 16:16 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-07 14:03 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SavRoam"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"DomainService"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 05:00]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 03:58]
S0 pfnwpjwa;pfnwpjwa;C:\WINDOWS\system32\drivers\ilti ^hpo.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 00:16:23 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <Link hidden. Register for free to see this link!>
Rootkit scan 2008-04-12 21:45:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
.
************************************************** ************************
.
Completion time: 2008-04-12 21:54:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 04:53:43
Pre-Run: 168,582,647,808 bytes free
Post-Run: 168,558,972,928 bytes free
.
2008-04-13 00:00:59 --- E O F ---
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #6  
Old 13-04-2008, 05:13 AM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 10:28 PM
Posts: 4,351
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default

Trogan Horse!

I don't know exactly where it came from. Did you download AdwareAlert? We will do some cleaning and see if it helps.

Scan Suspicious File(s)

Please visit one of the following:
(Multiple sites are given in case one is not working)
(If more than one file needs scanned they must be done separately and logs posted for each one)Copy the file path in the code box below.

Code:
C:\Documents and Settings\HP_Owner\~.exe
  • At the upload site, click once inside the window next to Browse.
  • Press Ctrl+V on the keyboard (both at the same time) to paste the file path in the window.
  • Next click Send File/Submit/Upload (depending on the site)
    • Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  • This will perform a scan across multiple different virus scanning engines.
  • Please wait for all of the scanning engines to complete.
  • Copy and then Paste the results in the next reply.
----------

After you post the results from the file scan.

Download and install <Link hidden. Register for free to see this link!>

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
  • Click Options...
  • Move the arrow to Standard CleanUp!
  • Uncheck the following: (if checked)
    • Delete Newsgroup cache
    • Delete Newsgroup Subscriptions
  • Click OK
Click the CleanUp! button to start the program. Reboot/logoff when prompted.

Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!
If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

----------

Let me know if the Cleanup helps any.
__________________
.

Never argue with an idiot. They'll bring you down to their level, then beat you with experience.
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #7  
Old 13-04-2008, 08:07 AM
No Avatar
CJ Member
 
ct122592 is offline
 
Join Date: Dec 2007
Last Online: Yesterday 02:35 AM
Posts: 59
iTrader: (0)
ct122592 is on a distinguished road
Default

Trogan Horse!

Antivirus Version Last Update Result AhnLab-V32008.4.12.02008.04.11-AntiVir7.6.0.852008.04.11-Authentium4.93.82008.04.13-Avast4.8.1169.02008.04.13Win32:Peed-PAVG7.5.0.5162008.04.12-BitDefender7.22008.04.13Trojan.Peed.GenCAT-QuickHeal9.502008.04.12-ClamAV0.92.12008.04.13-DrWeb4.44.0.091702008.04.12-eSafe7.0.15.02008.04.09-eTrust-Vet31.3.56922008.04.11-Ewido4.02008.04.12-F-Prot4.4.2.542008.04.13-F-Secure6.70.13260.02008.04.13-FileAdvisor12008.04.13-Fortinet3.14.0.02008.04.13-IkarusT3.1.1.262008.04.13-Kaspersky7.0.0.1252008.04.13-McAfee52722008.04.11-Microsoft1.34082008.04.13-NOD32v230212008.04.12-Norman5.80.022008.04.12-Panda9.0.0.42008.04.12-Prevx1V22008.04.13-Rising20.39.52.002008.04.12-Sophos4.28.02008.04.13-Sunbelt3.0.1041.02008.04.12-Symantec102008.04.13-TheHacker6.2.92.2762008.04.12-VBA323.12.6.42008.04.13-VirusBuster4.3.26:92008.04.12-Webwasher-Gateway6.6.22008.04.11- Additional information File size: 6146 bytesMD5...: 456377d0effd4150d4f05c7fb9568e1cSHA1..: 4c97491d8d69fc054f02a798fa9ea0ed3064fae3SHA256: 814be24b79ca8b315a6c0d2a30898052af666fb88b01121ef7 066b1543a76940SHA512: 569ee64b480142120d5e0e1b5a9e395ad611212039b9ab7b99 d89ed3a0cd1110
9228184aa851b3dbae8c8682cead2dc31c0a305116760cbfe6 47ff4c81116fdcPEiD..: -PEInfo: -


Howw do i view my temp folder?? Cause i want to make sure there isn't any important files in there b4 deleting them.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #8  
Old 13-04-2008, 08:11 AM
No Avatar
CJ Member
 
ct122592 is offline
 
Join Date: Dec 2007
Last Online: Yesterday 02:35 AM
Posts: 59
iTrader: (0)
ct122592 is on a distinguished road
Default

Trogan Horse!

Scan taken on 13 Apr 2008 08:08:39 (GMT) A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Peed-P
AVG Antivirus Found nothing
BitDefender Found Trojan.Peed.Gen
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #9  
Old 13-04-2008, 02:04 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 10:28 PM
Posts: 4,351
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default

Trogan Horse!

Please run <Link hidden. Register for free to see this link!>
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan
    • Note: It may take a couple of minutes
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
  • Post the contents of the ActiveScan report in the next reply.
__________________
.

Never argue with an idiot. They'll bring you down to their level, then beat you with experience.
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #10  
Old 14-04-2008, 12:00 AM
No Avatar
CJ Member
 
ct122592 is offline
 
Join Date: Dec 2007
Last Online: Yesterday 02:35 AM
Posts: 59
iTrader: (0)
ct122592 is on a distinguished road
Default

Trogan Horse!

LOG:

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2008-04-13 16:58:46
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Symantec AntiVirus Corporate Edition 10.0.2.2000 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atdmt[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@tribalfusion[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.apmebf.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zh8bn7fr.default\coo kies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@questionmarket[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[2].txt
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0023629.EXE
02563309 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Documents and Settings\HP_Owner\DoctorWeb\Quarantine\A0017015.dl l
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0023624.sys
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #11  
Old 14-04-2008, 06:50 PM
evilfantasy's Avatar
CJ Moderator
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: Jul 2007
Last Online: Today 10:28 PM
Posts: 4,351
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default

Trogan Horse!

Looks OK, how is the PC running?
__________________
.

Never argue with an idiot. They'll bring you down to their level, then beat you with experience.
.
.
Digg this postDel.icio.us this postTechnorati this postNetscape this postStumble this post
Reply With Quote
  #12  
Old 15-04-2008, 12:55 AM
No Avatar
CJ Member
 
ct122592 is offline
 
Join Date: Dec 2007
Last Online: Yesterday 02:35 AM
Posts: 59
iTrader: (