Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Trojans found on my brothers PC help required

Register Points Site Spy New Posts Donate Unanswered Posts Search Forum Rules


Reply
 
LinkBack Thread Tools
  #1  
Old 28th Dec 2007, 10:47 AM
HistoryGirl's Avatar
Donor Group
 
HistoryGirl is offline
 
Join Date: 3rd Sep 2007
Last Online: 15th Nov 2008 08:32 AM
Posts: 211
iTrader: (0)
HistoryGirl is on a distinguished road
Default Trojans found on my brothers PC help required
OK Help required please. AVG anti-virus was scanning and managhedto find 5 trojan horse on the PC. they were:
  • Trojan Horse BHO.CDT
  • Trojan Horse Startpage.BTF
  • Trojan horse Generic8.OEU
  • Trojan horse downloader.Small.60.L
  • Trojan horse downloader.Agent.VWQ
What are they and what do they do?

It says AVG has healed the files and they have been deleted.How do we stop this from happening again? The PC has been playing up for a while and I'm assuming they have been on the system a while.

EDIT: Forgot the spec it is Packard Bell Intel Pentium 4
Windows XP Home SP2
3GHz
1GB RAM

Also its registered on my sisters name because she was going to use when she went to uni, but didn't in the end, how do I change it back to my brothers name?

The software used is AVG anti-virus and anti-spyware, Spybot S&D, ZoneAlarm Firewall (which he didn't have until I installed it a couple of weeks ago) and AD-Aware, yet they are still on the system.

The blue screen of death has been coming up more frequently recently and the PC sometimes reboots itself when too many things happening. There is an almost constant quiet whirring noise which sounds like the PC is operating at full capacity.

It is about 3 years old the tower itself. We had a few problems with it before with the blue screen of death, but since my brother other tower broke and he has used this one, there has been problems. For the first month or so, it was fine but its just getting annoying now.

We're going to backup everything valuable to the external HDD and then reinstall XP. Any suggestions?

Sorry for the rather long post, but I figured if I put as much info as possible you guys may have more of an idea about what might be going on.

Thanks
__________________
Euro Championships tip = Spain & Torres<- Damn I should have placed a bet on them

Make Poverty History

Justice for the 96 <- Please take a look
__________________

My System: HistoryGirl

CPU(s):
Intel Core Duo T7300
Motherboard:
RAM:
2GB
Graphics Card(s):
nVida GeForce 8600M GS 256MB
Sound Card:
RealTek High Definition Audio
Hard Drive(s):
160GB SATA
Optical Drive(s):
HL-DT-ST DVDRAM GSA-T20 ATA
Case / PSU:
Cooling:
Network / Internet:
Intel (R) Wireless Wifi Link 4965AGN
Monitor(s):
15.4 WXGA Display
Operating System(s):
Windows Vista Ultimate

Want your system info in your signature?
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #2  
Old 28th Dec 2007, 11:12 AM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 09:01 PM
Posts: 5,340
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Trojans found on my brothers PC help required
Where there is one there are usually more hidden ones.

Download HijackThis (HJT)
  • Double-click on HJTInstall.
  • Click on the "Install" button to install.
  • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  • Upon install, HijackThis should open for you.
  • Next click on the "Do a system scan and save a log file" button
  • HijackThis will scan and then a log will open in notepad.
  • Copy and then paste the log in your post.
    • Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #3  
Old 28th Dec 2007, 11:16 AM
HistoryGirl's Avatar
Donor Group
 
HistoryGirl is offline
 
Join Date: 3rd Sep 2007
Last Online: 15th Nov 2008 08:32 AM
Posts: 211
iTrader: (0)
HistoryGirl is on a distinguished road
Default Trojans found on my brothers PC help required
I'm a dumbass lol forgot about hijackthis anyway heres the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:19, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\?dobe\?ttrib.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Tamsin\LOCALS~1\Temp\~e5.0001
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bi...e=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bi...hase=6&key=BM2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C3FCD340-37A9-6C2C-DE2D-3FE677F30FC6} - C:\WINDOWS\system32\xldsbj.dll (file missing)
O2 - BHO: (no name) - {DDCD2D23-D8F9-ED23-C318-C9A707C004A5} - C:\WINDOWS\system32\rje.dll (file missing)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Xvojcsci] "C:\Program Files\?dobe\?ttrib.exe"
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Tamsin\Application Data\Microsoft\Windows\fxxiinf.exe
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11552 bytes
__________________
Euro Championships tip = Spain & Torres<- Damn I should have placed a bet on them

Make Poverty History

Justice for the 96 <- Please take a look
__________________

My System: HistoryGirl

CPU(s):
Intel Core Duo T7300
Motherboard:
RAM:
2GB
Graphics Card(s):
nVida GeForce 8600M GS 256MB
Sound Card:
RealTek High Definition Audio
Hard Drive(s):
160GB SATA
Optical Drive(s):
HL-DT-ST DVDRAM GSA-T20 ATA
Case / PSU:
Cooling:
Network / Internet:
Intel (R) Wireless Wifi Link 4965AGN
Monitor(s):
15.4 WXGA Display
Operating System(s):
Windows Vista Ultimate

Want your system info in your signature?
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #4  
Old 28th Dec 2007, 11:36 AM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 09:01 PM
Posts: 5,340
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Trojans found on my brothers PC help required
You are far from a dumbass lol. You just don't visit us as much as you used to. Everything going OK with you?


There are some nasties left to take care of, but shouldn't be much problem.


Open HijackThis and select Do a system scan only then place a check mark next to:


R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: (no name) - {C3FCD340-37A9-6C2C-DE2D-3FE677F30FC6} - C:\WINDOWS\system32\xldsbj.dll (file missing)
O2 - BHO: (no name) - {DDCD2D23-D8F9-ED23-C318-C9A707C004A5} - C:\WINDOWS\system32\rje.dll (file missing)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)


Close all windows except for HijackThis and click Fix checked

----------

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
When finished, it will produce a log for you.
Attach that log in your next reply.

Do not mouseclick combofix's window while it's running. That may cause your computer to stall

----------

Next post please add
Combofix log
New HijackThis log
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #5  
Old 28th Dec 2007, 11:40 AM
HistoryGirl's Avatar
Donor Group
 
HistoryGirl is offline
 
Join Date: 3rd Sep 2007
Last Online: 15th Nov 2008 08:32 AM
Posts: 211
iTrader: (0)
HistoryGirl is on a distinguished road
Default Trojans found on my brothers PC help required
I'm fine just had a load of uni work to do and my internet at uni is down. Also my birthday monday then xmas then my brothers b'day yesterday, so just been very busy with stuff.
__________________
Euro Championships tip = Spain & Torres<- Damn I should have placed a bet on them

Make Poverty History

Justice for the 96 <- Please take a look
__________________

My System: HistoryGirl

CPU(s):
Intel Core Duo T7300
Motherboard:
RAM:
2GB
Graphics Card(s):
nVida GeForce 8600M GS 256MB
Sound Card:
RealTek High Definition Audio
Hard Drive(s):
160GB SATA
Optical Drive(s):
HL-DT-ST DVDRAM GSA-T20 ATA
Case / PSU:
Cooling:
Network / Internet:
Intel (R) Wireless Wifi Link 4965AGN
Monitor(s):
15.4 WXGA Display
Operating System(s):
Windows Vista Ultimate

Want your system info in your signature?
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #6  
Old 28th Dec 2007, 12:42 PM
HistoryGirl's Avatar
Donor Group
 
HistoryGirl is offline
 
Join Date: 3rd Sep 2007
Last Online: 15th Nov 2008 08:32 AM
Posts: 211
iTrader: (0)
HistoryGirl is on a distinguished road
Default Trojans found on my brothers PC help required
Right well we got there eventually:

Comboix log:

ComboFix 07-12-28.1 - Tamsin 2007-12-28 19:52:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.467 [GMT 0:00]
Running from: C:\Documents and Settings\Tamsin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tamsin\Application Data\inst.exe
C:\Documents and Settings\Tamsin\Application Data\WinTouch
C:\Documents and Settings\Tamsin\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Tamsin\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Tamsin\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Tamsin\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\dobe~1
C:\Program Files\dobe~1\?ttrib.exe
C:\Program Files\Insider
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\sks~1
C:\Program Files\sks~1\??sks\
C:\WINDOWS\b122.exe.bin
C:\WINDOWS\b143.exe.bin
C:\WINDOWS\system32\winnb58.dll
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 18:54 . 2007-12-28 18:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 22:13 . 2007-12-24 22:13 <DIR> d-------- C:\Documents and Settings\Tamsin\Application Data\Skype
2007-12-24 22:13 . 2007-12-24 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-23 19:06 . 2007-12-23 19:19 <DIR> d-------- C:\Program Files\Maxis
2007-12-22 17:34 . 2007-12-28 20:00 2,865,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-22 17:34 . 2007-12-28 19:58 34,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-22 17:23 . 2007-12-22 17:23 <DIR> d-------- C:\Program Files\CCleaner
2007-12-22 16:51 . 2007-12-22 16:53 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-22 16:43 . 2007-12-22 16:43 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-22 16:41 . 2007-12-22 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-22 16:40 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-12-22 16:40 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-12-22 16:40 . 2007-12-22 16:43 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-22 16:27 . 2007-12-22 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-18 00:16 . 2007-12-18 00:16 <DIR> d-------- C:\Program Files\Bonjour
2007-12-18 00:07 . 2007-12-18 00:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-17 22:14 . 2004-01-14 01:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-12-17 22:13 . 2007-12-17 22:13 0 --a------ C:\WINDOWS\OpPrintServer.INI
2007-12-17 22:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-17 22:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-17 22:09 . 2007-12-17 22:09 <DIR> d--h----- C:\BJPrinter
2007-12-17 22:09 . 2004-06-15 05:00 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2007-12-17 22:09 . 2004-06-04 15:34 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe
2007-12-17 22:09 . 2004-06-15 05:00 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2007-12-17 22:08 . 2007-12-17 22:08 <DIR> d-------- C:\WINDOWS\StartHtmico
2007-12-17 22:08 . 2007-12-17 22:08 <DIR> d-------- C:\WINDOWS\IP4000,3000
2007-12-17 22:04 . 2007-12-17 22:14 <DIR> d-------- C:\Program Files\Canon
2007-12-15 22:26 . 2007-12-15 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-15 17:47 . 2007-10-10 23:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-15 17:47 . 2007-07-01 03:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-15 17:47 . 2007-07-01 03:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-15 17:47 . 2007-10-10 23:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-15 17:47 . 2007-10-10 23:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-15 17:47 . 2007-10-10 23:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-15 17:47 . 2007-10-10 23:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-15 17:47 . 2007-10-10 23:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-15 17:47 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-15 17:47 . 2007-10-10 10:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-14 22:16 . 2007-12-14 22:21 2,360,044 --a------ C:\ApRec.wav
2007-12-14 21:50 . 2007-12-17 16:29 <DIR> d-------- C:\Documents and Settings\Tamsin\Application Data\COWON
2007-12-11 22:08 . 2007-12-11 22:08 <DIR> d-------- C:\Documents and Settings\Tamsin\Application Data\vlc
2007-12-11 22:07 . 2007-12-20 23:49 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-07 09:07 . 2007-12-07 09:07 <DIR> d-------- C:\Documents and Settings\Tamsin\Application Data\Yahoo!
2007-12-07 09:06 . 2007-12-24 22:15 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-04 10:20 . 2007-12-04 10:20 268 --ah----- C:\sqmdata08.sqm
2007-12-04 10:20 . 2007-12-04 10:20 244 --ah----- C:\sqmnoopt08.sqm
2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 . 2007-12-04 01:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 . 2007-12-04 01:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 . 2007-12-04 01:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-11-30 21:27 . 2007-11-30 21:27 <DIR> d-------- C:\WINDOWS\Sun
2007-11-29 22:30 . 2007-11-29 22:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:30 . 2007-11-29 22:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 . 2007-11-29 22:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 22:28 . 2007-11-29 22:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 22:28 . 2007-11-29 22:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 22:28 . 2007-11-29 22:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 21:55 . 2007-11-28 21:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 . 2007-11-28 21:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 . 2007-11-28 21:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 . 2007-11-28 21:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:53 . 2007-11-28 21:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 . 2007-11-28 21:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:52 . 2007-11-28 21:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-28 17:01 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-28 16:59 --------- d-----w C:\Documents and Settings\Tamsin\Application Data\uTorrent
2007-12-28 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-27 18:14 --------- d-----w C:\Documents and Settings\Tamsin\Application Data\AVG7
2007-12-23 19:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 16:55 --------- d-----w C:\Program Files\Windows Live
2007-12-22 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-18 00:15 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-15 17:44 --------- d-----w C:\Program Files\BearFlix
2007-12-07 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-07 09:06 --------- d-----w C:\Program Files\DivX
2007-12-02 17:35 --------- d-----w C:\Documents and Settings\Tamsin\Application Data\LimeWire
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-27 11:22 --------- d-----w C:\Program Files\LimeWire
2007-11-27 11:21 --------- d-----w C:\Program Files\Java
2007-11-23 22:17 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-22 20:20 --------- d-----w C:\Documents and Settings\Tamsin\Application Data\AdobeUM
2007-11-21 22:39 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 22:21 --------- d-----w C:\Program Files\Western Digital Technologies
2007-11-14 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 20:43 --------- d-----w C:\Program Files\MagicDVDRipper
2007-11-12 20:43 --------- d-----w C:\Program Files\Common Files\MagicDVDRipper
2007-11-11 16:10 --------- d-----w C:\Program Files\Magic DVD Creator
2007-11-11 14:00 --------- d-----w C:\Program Files\MagicDVDCopier
2007-11-11 14:00 --------- d-----w C:\Program Files\Common Files\MagicDVDCopier
2007-11-09 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2007-11-06 10:17 --------- d-----w C:\Program Files\iTunes
2007-11-06 10:17 --------- d-----w C:\Program Files\iPod
2007-11-06 10:16 --------- d-----w C:\Program Files\QuickTime
2007-11-04 19:44 --------- d-----w C:\Program Files\uTorrent
2007-11-03 16:34 --------- d-----w C:\Program Files\Rockstar Games
2007-11-03 16:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-03 16:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-02 23:15 18,816 ----a-w C:\WINDOWS\system32\drivers\dvd43llh.sys
2007-11-02 23:15 --------- d-----w C:\Program Files\dvd43
2007-10-31 05:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 14:27 10 ----a-w C:\Program Files\.autoreg
2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 21:05 47,360 ----a-w C:\Documents and Settings\Tamsin\Application Data\pcouffin.sys
2007-10-17 06:12 81,920 ----a-w C:\Documents and Settings\Tamsin\Application Data\ezpinst.exe
2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2003-06-20 02:05 49,776 ----a-w C:\WINDOWS\inf\usbhub20.sys
2003-06-20 02:05 24,752 ----a-w C:\WINDOWS\inf\hidclass.sys
2003-06-20 02:05 20,688 ----a-w C:\WINDOWS\inf\usbd.sys
2003-06-20 02:05 19,728 ----a-w C:\WINDOWS\inf\usbehci.sys
2003-06-20 02:05 138,288 ----a-w C:\WINDOWS\inf\usbport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-22 16:43 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-22 16:43 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"Xvojcsci"="C:\Program Files\?dobe\?ttrib.exe" []
"ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 13:00]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 20:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"PCMService"="c:\Apps\Powercinema\PCMService.e xe" [2005-01-28 10:10]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-17 02:14]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 13:47]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-24 19:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 17:14]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 13:26]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 01:10]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 19:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2005-07-02 02:43:53]

R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2004-10-15 09:41]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 17:24]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-11 09:49:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-05-18 08:58:46 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-05-25 10:20:01 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-05-18 08:58:47 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 20:01:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-28 20:03:04 - machine was rebooted
.
2007-12-16 14:54:13 --- E O F ---


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:46, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bi...hase=6&key=BM2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Xvojcsci] "C:\Program Files\?dobe\?ttrib.exe"
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10299 bytes
__________________
Euro Championships tip = Spain & Torres<- Damn I should have placed a bet on them

Make Poverty History

Justice for the 96 <- Please take a look
__________________

My System: HistoryGirl

CPU(s):
Intel Core Duo T7300
Motherboard:
RAM:
2GB
Graphics Card(s):
nVida GeForce 8600M GS 256MB
Sound Card:
RealTek High Definition Audio
Hard Drive(s):
160GB SATA
Optical Drive(s):
HL-DT-ST DVDRAM GSA-T20 ATA
Case / PSU:
Cooling:
Network / Internet:
Intel (R) Wireless Wifi Link 4965AGN
Monitor(s):
15.4 WXGA Display
Operating System(s):
Windows Vista Ultimate

Want your system info in your signature?
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #7  
Old 28th Dec 2007, 01:05 PM
evilfantasy's Avatar
Moderator Group
Intel ATi
evilfantasy is online now
Send a message via Yahoo to evilfantasy
 
Join Date: 15th Jul 2007
Last Online: Today 09:01 PM
Posts: 5,340
iTrader: (0)
evilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond reputeevilfantasy has a reputation beyond repute
Default Trojans found on my brothers PC help required
That helped with progress.


Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

First:
  • Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  • Choose Exit Spybot S&D Resident
Second:
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

----------

Enable Viewing Of Hidden System Files & Folders

1. Click Start.
2. Select Control Panel.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide extensions for known file types option.
7. Uncheck the Hide protected operating system files (recommended) option.
8. Click Apply.
9. Click OK.

----------

Open HijackThis and select Do a system scan only then place a check mark next to:


O4 - HKCU\..\Run: [Xvojcsci] "C:\Program Files\?dobe\?ttrib.exe"
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"


Close all windows except for HijackThis and click Fix checked

----------

Now go to the files/folders in bold and delete everything in them including the folders themselves.

C:\Program Files\?dobe\?ttrib.exe

C:\Program Files\ISM2\ISMPack7.exe

----------

Updating Java
  • Go to Start > Control Panel double-click on Add/Remove programs and uninstall all older versions of Java.
  • Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
    • The latest version is Java 6 Update 3. Uninstall all other versions.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each of the Java versions.
  • Reboot your computer once all Java components are removed.
  • Install the latest version of the Java Runtime Environment
  • Click the Free Java Download button.
  • Click the Download Now button.
  • When the Software Installation dialog box opens. Click on the Install Now button.
  • Follow the prompts to complete installation.
----------

 Download SUPERAntispyware Free Edition (SAS)
  • Double-click the icon on your desktop to run the installer.
  • When asked to Update the program definitions, click Yes
  • Next click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure only the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • Click the Close button to leave the control center screen.
  • On the main screen click Scan your computer
  • On the left check C:\Fixed Drive
  • On the right choose Perform Complete Scan
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK
  • Make sure everything in the white box has a check next to it, then click Next
  • It will quarantine what it found and if it asks if you want to reboot, click Yes
  • To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
  • Save the log somewhere you can easily find it. (normally the desktop)
  • Click close and close again to exit the program.
  • Please copy and then paste the log in your post along with a new HijackThis log.
----------

Next post
SUPERAntiSpyware log
New HijackThis log
__________________
.
.
Digg this postDel.icio.us this postReddit this post Stumble this postFacebook this post
Reply With Quote
  #8  
Old 28th Dec 2007, 04:56 PM
HistoryGirl's Avatar
Donor Group
 
HistoryGirl is offline
 
Join Date: 3rd Sep 2007
Last Online: 15th Nov 2008 08:32 AM
Posts: 211
iTrader: (0)
HistoryGirl is on a distinguished road
Default Trojans found on my brothers PC help required
Antispyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/29/2007 at 00:33 AM

Application Version : 3.9.1008

Core Rules Database Version : 3369
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 01:57:43

Memory items scanned : 453
Memory threats detected : 0
Registry items scanned : 5422
Registry threats detected : 12
File items scanned : 110222
File threats detected : 15

Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}#AppID
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32#ThreadingModel
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\ProgID
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\TypeLib
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE7.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP24\A0020246.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP24\A0020249.EXE

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\TAMSIN\MY DOCUMENTS\STUFF\JACKY STUFF\WIN-AVI\WINAVI.VIDEO.CONVERTER.V8.0.KEYMAKER\KEYGEN.NF O
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP19\A0009055.NFO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP24\A0021415.NFO

Adware.ClickSpring
C:\qoobox\Quarantine\C\Program Files\DOBE~1\TTRIBE~1.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP45\A0035339.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP45\A0035340.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP46\A0036262.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP75\A0061269.EXE

Adware.Mirar/NetNucleus
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINNB58.DL L.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP75\A0061277.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B1C538C0-CBA3-4434-A006-53A338B37653}\RP46\A0036261.EXE

Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1122OINUNINSTALLER.EXE-349B5FA4.PF


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:06, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Tec