A.exe, B.exe, Trojan, Cryptor & Security tool?

View previous topic View next topic Go down

A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by g0dfather on Sun Oct 25, 2009 1:19 am

Good evening all.

First off, I don't really know where to begin.

Windows XP.

I had figured that since I only visit 6 websites in total that are safe, I had figured that I didn't need an anti-virus. Well, stupid me. The other night I had visited Google and caught this script called, Security Tool? From there that computer has gone completely down hill.

I can not run Hijackthis, Malwarebytes, Spybot doctor?, antivirus programs as they are all closed & locked up by this virus. I can not see what is on my desktop any more either as that has been locked up. If I try safe mode, it's the same thing. System restore doesn't work either as I get some funny message. I also had tried Sophos but during the middle of the scan it disappears / closes. I was successful with one scan in safe mode called Ionbit Security? Where I had to use ctrl+alt+del to open it. However even after removing the viruses that were on there, the computer is still in real bad shape.

Does anyone have any advice how I can repair this?

Thanks for your time.

g0dfather
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-10-25
OS : XP

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by Belahzur on Sun Oct 25, 2009 6:16 pm

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by g0dfather on Mon Oct 26, 2009 1:33 am

Not working, sorry.

It either tells me when I try to save that I can't copy exehelper or when it does finally save that access is denied.

g0dfather
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-10-25
OS : XP

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by g0dfather on Mon Oct 26, 2009 4:52 am

I know this isn't what you asked for but I was able to find a scan log on this IOBit scanner installed.

I hope this is able to help, somewhat.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Unknown - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [combofix] C:\Tre1697T\CF23758.exe /c C:\Tre1697T\Combobatch.bat
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\RunOnce\: [combofix] C:\Tre1697T\CF23758.exe /c C:\Tre1697TCombobatch.bat
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501}Checkers.CheckersLogic.1 - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}SoftwareDistribution.WebControl.1 - [You must be registered and logged in to see this link.]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_13 - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}MessengerStatsClient.MessengerStatsClientLogic.1 - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}Java Plug-in 1.4.1_02 - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Java Plug-in 1.6.0_13 - [You must be registered and logged in to see this link.]
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_13 - [You must be registered and logged in to see this link.]
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher (LVSrvLauncher) - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

g0dfather
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-10-25
OS : XP

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by Belahzur on Mon Oct 26, 2009 5:44 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by g0dfather on Mon Oct 26, 2009 6:28 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 10:56 on 26/10/2009 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [22:41 01/10/2009] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [07:56 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll --a--- 180224 bytes [07:56 04/08/2004] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [09:58 22/07/2007] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll --a--- 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [22:41 01/10/2009] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [07:56 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll --a--- 407040 bytes [07:56 04/08/2004] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [09:58 22/07/2007] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [22:42 01/10/2009] [07:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [07:56 04/08/2004] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll --a--- 55808 bytes [07:56 04/08/2004] [07:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [09:57 22/07/2007] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

g0dfather
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-10-25
OS : XP

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by Belahzur on Mon Oct 26, 2009 11:59 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by g0dfather on Tue Oct 27, 2009 1:21 am

DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 18:18:31.26 on Mon 10/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.69 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\New Folder\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [combofix] c:\tre1697t\cf23758.exe /c c:\tre1697t\Combobatch.bat
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
mRunOnce: [combofix] c:\tre1697t\cf23758.exe /c c:\Tre1697TCombobatch.bat
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\otsegsh9.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2009-10-9 18432]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-22 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-22 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-22 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-22 285392]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-24 309008]
S2 mrtRate;mrtRate; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-10-26 04:17:48 0 d-s---w- C:\Tre1697T
2009-10-26 04:06:27 98816 ----a-w- c:\windows\sed.exe
2009-10-26 04:06:27 77312 ----a-w- c:\windows\MBR.exe
2009-10-26 04:06:27 236544 ----a-w- c:\windows\PEV.exe
2009-10-26 04:06:27 161792 ----a-w- c:\windows\SWREG.exe
2009-10-26 04:06:07 0 d-s---w- C:\Tre31466T
2009-10-26 04:01:34 0 d-----w- C:\Tre
2009-10-26 01:47:57 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-25 07:18:25 0 d-----w- c:\program files\Unlocker
2009-10-24 18:44:10 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-10-24 18:44:05 0 d-----w- c:\program files\IObit
2009-10-24 07:11:52 0 d-----w- c:\program files\Sophos
2009-10-24 06:07:43 0 d-----w- c:\program files\Trend Micro
2009-10-23 23:52:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-23 20:49:25 0 d--h--w- c:\windows\PIF
2009-10-23 17:15:42 0 d-----w- c:\docume~1\owner\applic~1\AVG9
2009-10-23 03:50:21 0 d--h--w- C:\$AVG
2009-10-23 03:49:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-23 03:49:37 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-23 03:49:37 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-23 03:49:36 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-23 03:49:01 0 d-----w- c:\program files\AVG
2009-10-23 03:48:56 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-23 03:01:58 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
2009-10-22 08:34:38 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-10-22 08:33:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 07:42:09 37 ----a-w- c:\windows\cdplayer.ini
2009-10-09 22:19:23 18432 ----a-w- c:\windows\system32\drivers\Achernar.sys
2009-10-09 22:17:58 122880 ----a-w- c:\windows\system32\Nsvideo.dll
2009-10-09 22:17:58 0 d-----w- c:\program files\common files\NewSoft
2009-10-09 22:17:57 0 d-----w- c:\program files\NewSoft
2009-10-05 02:15:42 22799 ----a-w- c:\documents and settings\owner\.recently-used.xbel
2009-10-01 22:51:28 0 d-----w- c:\windows\system32\scripting
2009-10-01 22:51:26 0 d-----w- c:\windows\l2schemas
2009-10-01 22:51:25 0 d-----w- c:\windows\system32\en
2009-10-01 22:46:16 0 d-----w- c:\windows\network diagnostic

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2005-03-08 19:40:00 0 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 18:19:35.98 ===============

g0dfather
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-10-25
OS : XP

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by g0dfather on Tue Oct 27, 2009 1:21 am

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/27/2009 10:42:31 PM
System Uptime: 10/26/2009 6:14:09 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X-LA
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2079/166mhz

==== Disk Partitions =========================

A: is Removable
C: is fȋxed (NTFS) - 106 GiB total, 87.885 GiB free.
D: is fȋxed (FAT32) - 5 GiB total, 0.961 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP62: 7/24/2009 1:36:35 PM - System Checkpoint
RP63: 7/26/2009 2:06:16 AM - System Checkpoint
RP64: 7/29/2009 12:56:16 AM - System Checkpoint
RP65: 7/29/2009 4:00:26 AM - Software Distribution Service 3.0
RP66: 8/1/2009 1:55:44 AM - System Checkpoint
RP67: 8/4/2009 12:48:50 AM - System Checkpoint
RP68: 8/5/2009 4:09:15 PM - System Checkpoint
RP69: 8/6/2009 11:23:54 PM - System Checkpoint
RP70: 8/9/2009 6:04:51 AM - System Checkpoint
RP71: 8/10/2009 6:31:55 AM - System Checkpoint
RP72: 8/11/2009 7:30:45 AM - System Checkpoint
RP73: 8/12/2009 7:37:16 AM - System Checkpoint
RP74: 8/13/2009 4:00:36 AM - Software Distribution Service 3.0
RP75: 8/13/2009 3:27:50 AM - System Checkpoint
RP76: 8/14/2009 4:27:48 AM - System Checkpoint
RP77: 8/15/2009 5:14:14 AM - System Checkpoint
RP78: 8/16/2009 5:28:44 AM - System Checkpoint
RP79: 8/17/2009 6:40:04 AM - System Checkpoint
RP80: 8/18/2009 7:24:38 AM - System Checkpoint
RP81: 8/19/2009 8:10:43 AM - System Checkpoint
RP82: 8/20/2009 8:20:13 AM - System Checkpoint
RP83: 8/20/2009 4:51:22 PM - Software Distribution Service 3.0
RP84: 8/22/2009 1:01:03 AM - System Checkpoint
RP85: 8/22/2009 4:00:22 AM - Software Distribution Service 3.0
RP86: 8/23/2009 4:14:19 AM - System Checkpoint
RP87: 8/23/2009 11:37:25 PM - Software Distribution Service 3.0
RP88: 8/24/2009 10:49:55 AM - Software Distribution Service 3.0
RP89: 8/25/2009 10:47:29 PM - System Checkpoint
RP90: 8/26/2009 4:00:27 AM - Software Distribution Service 3.0
RP91: 8/27/2009 3:48:36 PM - System Checkpoint
RP92: 8/28/2009 5:26:32 PM - Software Distribution Service 3.0
RP93: 8/29/2009 9:35:55 PM - System Checkpoint
RP94: 9/1/2009 10:28:13 PM - Software Distribution Service 3.0
RP95: 9/2/2009 11:42:36 PM - System Checkpoint
RP96: 9/4/2009 5:50:44 PM - System Checkpoint
RP97: 9/5/2009 6:33:20 PM - System Checkpoint
RP98: 9/7/2009 9:42:26 PM - System Checkpoint
RP99: 9/10/2009 12:21:04 AM - System Checkpoint
RP100: 9/10/2009 4:00:37 AM - Software Distribution Service 3.0
RP101: 9/11/2009 4:02:31 AM - System Checkpoint
RP102: 9/12/2009 4:52:37 AM - System Checkpoint
RP103: 9/14/2009 2:28:50 AM - System Checkpoint
RP104: 9/15/2009 3:24:11 AM - System Checkpoint
RP105: 9/16/2009 4:58:48 AM - System Checkpoint
RP106: 9/17/2009 5:54:03 AM - System Checkpoint
RP107: 9/18/2009 6:10:27 AM - System Checkpoint
RP108: 9/19/2009 7:08:26 AM - System Checkpoint
RP109: 9/20/2009 10:47:37 PM - System Checkpoint
RP110: 9/21/2009 4:45:35 PM - Removed Windows Live Sign-in Assistant
RP111: 9/22/2009 4:48:40 PM - System Checkpoint
RP112: 9/24/2009 1:23:16 AM - System Checkpoint
RP113: 9/25/2009 2:16:53 AM - System Checkpoint
RP114: 9/26/2009 3:02:17 AM - System Checkpoint
RP115: 9/26/2009 1:58:36 PM - Removed Windows Live Upload Tool
RP116: 9/28/2009 2:32:30 AM - System Checkpoint
RP117: 9/29/2009 2:57:10 AM - System Checkpoint
RP118: 9/30/2009 3:37:29 AM - System Checkpoint
RP119: 10/1/2009 4:35:26 AM - System Checkpoint
RP120: 10/1/2009 3:32:17 PM - Removed ESET NOD32 Antivirus
RP121: 10/1/2009 3:35:08 PM - Software Distribution Service 3.0
RP122: 10/1/2009 3:36:35 PM - October 1, 2009
RP123: 10/1/2009 3:44:57 PM - Installed Windows XP Service Pack 3.
RP124: 10/1/2009 3:58:14 PM - Installed Windows XP KB923561.
RP125: 10/1/2009 3:59:35 PM - Installed Windows XP KB938464-v2.
RP126: 10/1/2009 4:00:50 PM - Installed Windows XP KB946648.
RP127: 10/1/2009 4:02:06 PM - Installed Windows XP KB950762.
RP128: 10/1/2009 4:03:21 PM - Installed Windows XP KB950974.
RP129: 10/1/2009 4:04:35 PM - Installed Windows XP KB951066.
RP130: 10/1/2009 4:06:20 PM - Installed Windows XP KB951376-v2.
RP131: 10/1/2009 4:07:35 PM - Installed Windows XP KB951748.
RP132: 10/1/2009 4:08:52 PM - Installed Windows XP KB952004.
RP133: 10/1/2009 4:10:13 PM - Installed Windows XP KB952287.
RP134: 10/1/2009 4:11:27 PM - Installed Windows XP KB952954.
RP135: 10/1/2009 4:12:41 PM - Installed Windows XP KB954600.
RP136: 10/1/2009 4:13:59 PM - Installed Windows XP KB955069.
RP137: 10/1/2009 4:15:18 PM - Installed Windows XP KB956572.
RP138: 10/1/2009 4:16:57 PM - Installed Windows XP KB956802.
RP139: 10/1/2009 4:18:14 PM - Installed Windows XP KB956803.
RP140: 10/1/2009 4:19:28 PM - Installed Windows XP KB956844.
RP141: 10/1/2009 4:20:41 PM - Installed Windows XP KB957097.
RP142: 10/1/2009 4:21:56 PM - Installed Windows XP KB958644.
RP143: 10/1/2009 4:23:12 PM - Installed Windows XP KB958687.
RP144: 10/1/2009 4:24:26 PM - Installed Windows XP KB958690.
RP145: 10/1/2009 4:25:42 PM - Installed Windows XP KB959426.
RP146: 10/1/2009 4:27:05 PM - Installed Windows XP KB960225.
RP147: 10/1/2009 4:28:21 PM - Installed Windows XP KB960803.
RP148: 10/1/2009 4:29:38 PM - Installed Windows XP KB960859.
RP149: 10/1/2009 4:31:01 PM - Installed Windows XP KB961118.
RP150: 10/1/2009 4:32:35 PM - Installed Windows XP KB961371.
RP151: 10/1/2009 4:33:54 PM - Installed Windows XP KB961373.
RP152: 10/1/2009 4:35:11 PM - Installed Windows XP KB961501.
RP153: 10/1/2009 4:36:26 PM - Installed Windows XP KB961503.
RP154: 10/1/2009 4:37:48 PM - Installed Windows XP KB967715.
RP155: 10/1/2009 4:39:10 PM - Installed Windows XP KB968389.
RP156: 10/1/2009 4:40:28 PM - Installed Windows XP KB968537.
RP157: 10/1/2009 4:41:48 PM - Installed Windows XP KB970238.
RP158: 10/1/2009 4:43:06 PM - Installed Windows XP KB971557.
RP159: 10/1/2009 4:44:22 PM - Installed Windows XP KB971633.
RP160: 10/1/2009 4:45:34 PM - Installed Windows XP KB971657.
RP161: 10/1/2009 4:46:55 PM - Installed Windows XP KB973354.
RP162: 10/1/2009 4:48:11 PM - Installed Windows XP KB973507.
RP163: 10/1/2009 4:49:25 PM - Installed Windows XP KB973815.
RP164: 10/1/2009 4:50:40 PM - Installed Windows XP KB973869.
RP165: 10/2/2009 3:00:23 AM - Software Distribution Service 3.0
RP166: 10/3/2009 3:07:33 AM - System Checkpoint
RP167: 10/4/2009 7:46:29 AM - System Checkpoint
RP168: 10/5/2009 8:06:55 AM - System Checkpoint
RP169: 10/6/2009 1:34:10 PM - System Checkpoint
RP170: 10/8/2009 11:23:31 PM - System Checkpoint
RP171: 10/9/2009 3:17:53 PM - Installed Presto! VideoWorks 6
RP172: 10/9/2009 3:19:22 PM - Installed Service
RP173: 10/10/2009 4:04:46 PM - System Checkpoint
RP174: 10/11/2009 4:22:09 PM - System Checkpoint
RP175: 10/13/2009 2:04:58 AM - System Checkpoint
RP176: 10/15/2009 1:16:38 AM - System Checkpoint
RP177: 10/16/2009 3:00:37 AM - Software Distribution Service 3.0
RP178: 10/17/2009 3:08:53 AM - System Checkpoint
RP179: 10/18/2009 3:37:53 AM - System Checkpoint
RP180: 10/19/2009 10:16:10 PM - System Checkpoint
RP181: 10/20/2009 10:16:46 PM - System Checkpoint
RP182: 10/22/2009 3:05:55 AM - System Checkpoint
RP183: 10/22/2009 8:48:56 PM - Installed AVG Free 9.0
RP184: 10/23/2009 9:19:35 AM - Avg8 Update
RP185: 10/23/2009 9:22:56 AM - Avg8 Update
RP186: 10/23/2009 4:07:37 PM - Restore Operation
RP187: 10/25/2009 9:00:40 PM - Restore Operation
RP188: 10/25/2009 12:24:40 AM - Removed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

Acoustica Effects Pack
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Apple Software Update
ArcSoft ShowBiz 2
AVG Free 9.0
Choice Guard
CleanUp!
ConvertXtoDVD 3.5.2.137
Cool Edit Pro 2.1
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW(R) Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
FlashFXP v3
GIMP 2.6.6
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Instant Support
HPIZ Fix2
HpSdpAppCoreApp
ImagXpress
Intel(R) Extreme Graphics Driver
InterVideo WinDVD Player
Java 2 Runtime Environment, SE v1.4.1_02
Java DB 10.4.1.3
Java Web Start
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 13
JavaFX(TM) 1.1 SDK
KBD
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Mozilla Firefox (3.5.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Card Reader
neroxml
Notepad++
NVIDIA Ethernet Driver
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
Octoshape add-in for Adobe Flash Player
Presto! VideoWorks 6
PrintScreen
PS2
Quicken 2003 New User Edition
QuickTime
RealOne Player
RecordNow!
Registry Mechanic 8.0
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Sonic Update Manager
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
UMVPLStandalone
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

10/26/2009 10:55:54 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer YOUR-DE2BF72DFF that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B2A8AEF-2C6. The master browser is stopping or an election is being forced.
10/25/2009 9:28:16 PM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
10/25/2009 9:11:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/25/2009 9:11:08 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/25/2009 9:06:27 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.102. The machine with the IP address 192.168.1.108 did not allow the name to be claimed by this machine.
10/25/2009 9:00:22 PM, error: Service Control Manager [7034] - The Logitech Process Monitor service terminated unexpectedly. It has done this 1 time(s).
10/24/2009 12:21:04 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
10/24/2009 12:17:05 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/24/2009 12:17:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/24/2009 12:07:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/23/2009 8:22:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
10/23/2009 8:22:13 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/23/2009 8:18:37 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/23/2009 3:59:39 PM, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the Network Card with network address A2E27C635779 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/23/2009 3:57:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 AvgLdx86 AvgMfx86 Fips SASDIFSV SASKUTIL
10/23/2009 3:55:58 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0323456789AB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/23/2009 2:00:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/23/2009 11:57:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/23/2009 11:57:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
10/23/2009 11:57:23 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2009 11:57:23 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2009 11:57:23 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2009 11:57:23 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2009 11:52:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

==== End Of File ===========================

g0dfather
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-10-25
OS : XP

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by Belahzur on Tue Oct 27, 2009 7:51 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java 2 Runtime Environment, SE v1.4.1_02
    Java(TM) 6 Update 13
    Java(TM) SE Development Kit 6 Update 13

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by g0dfather on Tue Oct 27, 2009 8:17 pm

Sorry, still a blank screen and all of my stuff is still locked.

g0dfather
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-10-25
OS : XP

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by Belahzur on Wed Oct 28, 2009 1:12 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by g0dfather on Wed Oct 28, 2009 3:36 am

ComboFix 09-10-27.04 - Owner 10/27/2009 20:14.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.170 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\New Folder\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Owner\Application Data\Desktopicon
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\windows\run.log
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ps2.bat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-26 04:17 . 2009-10-26 04:30 -------- d-----w- C:\Tre1697T
2009-10-26 04:06 . 2009-10-26 04:14 -------- d-----w- C:\Tre31466T
2009-10-26 04:01 . 2009-10-26 04:01 -------- d-----w- C:\Tre
2009-10-26 01:47 . 2009-10-26 01:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-25 07:18 . 2009-10-25 07:18 -------- d-----w- c:\program files\Unlocker
2009-10-24 18:44 . 2009-10-24 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-10-24 18:44 . 2009-10-24 18:44 -------- d-----w- c:\program files\IObit
2009-10-24 07:11 . 2009-10-24 07:11 -------- d-----w- c:\program files\Sophos
2009-10-24 06:07 . 2009-10-24 06:07 -------- d-----w- c:\program files\Trend Micro
2009-10-23 23:52 . 2009-10-26 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-23 20:49 . 2009-10-23 20:59 -------- d--h--w- c:\windows\PIF
2009-10-23 17:15 . 2009-10-23 17:15 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG9
2009-10-23 16:30 . 2009-10-24 18:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-23 03:50 . 2009-10-23 03:57 -------- d-----w- C:\$AVG
2009-10-23 03:49 . 2009-10-23 03:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-23 03:49 . 2009-10-23 16:22 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-23 03:49 . 2009-10-23 03:49 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-23 03:49 . 2009-10-27 20:01 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-23 03:49 . 2009-10-23 03:49 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-23 03:49 . 2009-10-23 03:49 -------- d-----w- c:\program files\AVG
2009-10-23 03:48 . 2009-10-25 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-23 03:01 . 2009-10-23 03:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-10-22 08:34 . 2009-10-22 08:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-22 08:33 . 2009-10-22 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 08:29 . 2009-10-24 18:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-22 07:25 . 2009-10-24 18:13 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-16 22:14 . 2009-10-16 22:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-10-09 22:21 . 2009-10-09 22:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\NewSoft
2009-10-09 22:19 . 2007-02-05 18:15 18432 ----a-w- c:\windows\system32\drivers\Achernar.sys
2009-10-09 22:17 . 2009-10-09 22:21 -------- d-----w- c:\program files\Common Files\NewSoft
2009-10-09 22:17 . 2001-11-12 17:44 122880 ----a-w- c:\windows\system32\Nsvideo.dll
2009-10-09 22:17 . 2009-10-09 22:17 -------- d-----w- c:\program files\NewSoft
2009-10-09 03:07 . 2009-10-09 03:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-01 22:51 . 2009-10-01 22:51 -------- d-----w- c:\windows\system32\scripting
2009-10-01 22:51 . 2009-10-01 22:51 -------- d-----w- c:\windows\l2schemas
2009-10-01 22:51 . 2009-10-01 22:51 -------- d-----w- c:\windows\system32\en

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 20:12 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 07:25 . 2009-05-04 20:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-17 20:29 . 2009-05-08 05:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-10-16 22:12 . 2003-08-23 14:12 27248 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-05 02:15 . 2009-05-10 21:28 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2009-09-22 05:06 . 2009-06-06 19:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-15 21:02 . 2009-09-15 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-13 21:02 . 2009-09-13 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-11 14:18 . 2007-07-22 09:58 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2007-07-22 09:57 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-06-23 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2007-07-22 09:58 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 03:44 . 2007-07-22 09:58 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 08:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2005-03-08 19:40 . 2009-04-28 05:24 0 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 20:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-23 03:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^AutoTBar.exe]
backup=c:\windows\pss\AutoTBar.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^mod_sm.lnk]
backup=c:\windows\pss\mod_sm.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [10/9/2009 3:19 PM 18432]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/22/2009 8:49 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/22/2009 8:49 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 11:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 11:05 AM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/22/2009 8:49 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/22/2009 8:49 PM 285392]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [10/24/2009 11:44 AM 309008]
S2 mrtRate;mrtRate; [x]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 11:05 AM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\User_Feed_Synchronization-{2731EB10-F826-4EAD-BE01-31C1D8C07ABA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\otsegsh9.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - C:\HijackThis.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-27 20:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-10-28 20:33
ComboFix-quarantined-files.txt 2009-10-28 03:31

Pre-Run: 94,324,486,144 bytes free
Post-Run: 94,395,084,800 bytes free

- - End Of File - - CA93DB6BCD561299AA71E50E88EF4D54

g0dfather
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-10-25
OS : XP

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by Belahzur on Thu Oct 29, 2009 12:21 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: A.exe, B.exe, Trojan, Cryptor & Security tool?

Post by g0dfather on Thu Oct 29, 2009 3:09 am

Sorry, now it's just telling me that combofix was uninstalled after I typed that command. And still no menu bar with the start button, no icons on the desktop and many programs still locked up with the following line:

"windows cannot access the specified device path or file. you may not have appropriate permissions..."

g0dfather
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2009-10-25
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum