trojan warning

View previous topic View next topic Go down

trojan warning

Post by BigAmzz on 1st March 2010, 6:33 pm

i clicked on a website (i had never used before) and my anti virus programme (avira personal) gave me a warning that a trojan had been detected but before i got a chance the click delete the window disappeared and my firewall turned off, my laptop does seem slightly slower, im running an anti virus scan right now and it has so far found 17 warning but no actual virus's. could you please check my hijack this log and check for anything that shouldn't be there..........

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:16 PM, on 3/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Documents and Settings\nadia murphy\My Documents\Downloads\winlogon.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\NADIAM~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FC31620-E05B-46AE-BE4B-22018A943DD2}: NameServer = 82.132.136.102 82.132.136.103
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7113 bytes

BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan warning

Post by BigAmzz on 1st March 2010, 6:57 pm

anti virus just finished didnt find anything here is the report.........

Avira AntiVir Personal
Report file date: Monday, March 01, 2010 18:23

Scanning for 1798043 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME-769C700AC0

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 11:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 10:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 11:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 10:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 07:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:18:36
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:20:24
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 18:26:16
VBASE004.VDF : 7.10.3.76 2048 Bytes 1/26/2010 18:26:16
VBASE005.VDF : 7.10.3.77 2048 Bytes 1/26/2010 18:26:17
VBASE006.VDF : 7.10.3.78 2048 Bytes 1/26/2010 18:26:17
VBASE007.VDF : 7.10.3.79 2048 Bytes 1/26/2010 18:26:18
VBASE008.VDF : 7.10.3.80 2048 Bytes 1/26/2010 18:39:30
VBASE009.VDF : 7.10.3.81 2048 Bytes 1/26/2010 18:39:30
VBASE010.VDF : 7.10.3.82 2048 Bytes 1/26/2010 18:39:31
VBASE011.VDF : 7.10.3.83 2048 Bytes 1/26/2010 18:39:31
VBASE012.VDF : 7.10.3.84 2048 Bytes 1/26/2010 18:39:33
VBASE013.VDF : 7.10.3.85 2048 Bytes 1/26/2010 18:39:38
VBASE014.VDF : 7.10.3.122 172544 Bytes 1/29/2010 18:23:07
VBASE015.VDF : 7.10.3.149 79872 Bytes 2/1/2010 19:43:47
VBASE016.VDF : 7.10.3.174 68608 Bytes 2/3/2010 20:02:32
VBASE017.VDF : 7.10.3.199 76800 Bytes 2/4/2010 20:06:54
VBASE018.VDF : 7.10.3.222 64512 Bytes 2/5/2010 20:07:09
VBASE019.VDF : 7.10.3.243 75776 Bytes 2/8/2010 20:07:14
VBASE020.VDF : 7.10.4.6 81920 Bytes 2/9/2010 20:07:14
VBASE021.VDF : 7.10.4.30 78848 Bytes 2/11/2010 20:07:20
VBASE022.VDF : 7.10.4.50 107520 Bytes 2/15/2010 15:14:41
VBASE023.VDF : 7.10.4.62 105472 Bytes 2/15/2010 15:16:22
VBASE024.VDF : 7.10.4.85 111616 Bytes 2/17/2010 18:55:48
VBASE025.VDF : 7.10.4.109 122368 Bytes 2/21/2010 15:51:21
VBASE026.VDF : 7.10.4.128 109056 Bytes 2/23/2010 15:51:25
VBASE027.VDF : 7.10.4.151 111104 Bytes 2/26/2010 19:14:41
VBASE028.VDF : 7.10.4.152 2048 Bytes 2/26/2010 19:14:42
VBASE029.VDF : 7.10.4.153 2048 Bytes 2/26/2010 19:14:43
VBASE030.VDF : 7.10.4.154 2048 Bytes 2/26/2010 19:14:43
VBASE031.VDF : 7.10.4.159 83968 Bytes 2/28/2010 19:40:04
Engineversion : 8.2.1.176
AEVDF.DLL : 8.1.1.3 106868 Bytes 1/24/2010 00:22:53
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 2/25/2010 19:16:31
AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 19:15:45
AESBX.DLL : 8.1.2.0 254323 Bytes 2/25/2010 19:16:34
AERDL.DLL : 8.1.4.2 479602 Bytes 2/14/2010 11:32:39
AEPACK.DLL : 8.2.0.8 426357 Bytes 2/14/2010 11:32:35
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 2/24/2010 15:51:56
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 2/24/2010 15:51:55
AEHELP.DLL : 8.1.10.1 237942 Bytes 2/25/2010 19:15:42
AEGEN.DLL : 8.1.2.0 373107 Bytes 2/25/2010 19:15:32
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 07:38:26
AECORE.DLL : 8.1.12.1 188790 Bytes 2/25/2010 19:15:25
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 07:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 15:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 2/18/2010 18:55:52
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 10:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 15:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 10:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 08:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 10:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 15:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 12:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+SPR,

Start of the scan: Monday, March 01, 2010 18:23

Starting search for hidden objects.
'33457' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'PCSuite.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'tscui.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'CFD.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'tlntsvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '60' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\nadia murphy\Local Settings\Temp\pft5.tmp\pftw1.pkg
[0] Archive type: CAB (Microsoft)
--> \APPS\ASF\DOCS\DEPLOY\caut2.gif
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\nadia murphy\My Documents\Downloads\sp33826.exe
[0] Archive type: CAB SFX (self extracting)
--> \SP33826.cva
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\nadia murphy\My Documents\Downloads\sp33826.exe.part
[0] Archive type: CAB SFX (self extracting)
--> \SP33826.cva
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\nadia murphy\My Documents\Downloads\sp37155.exe.part
[0] Archive type: CAB SFX (self extracting)
--> \CPApp.ico
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\nadia murphy\My Documents\Downloads\sp40555(2).exe
[0] Archive type: CAB SFX (self extracting)
--> \difxapi.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\nadia murphy\My Documents\Downloads\sp40555(2).exe.part
[0] Archive type: CAB SFX (self extracting)
--> \difxapi.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\nadia murphy\My Documents\Downloads\sp40555(3).exe
[0] Archive type: CAB SFX (self extracting)
--> \difxapi.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\nadia murphy\My Documents\Downloads\sp40555.exe.part
[0] Archive type: CAB SFX (self extracting)
--> \difxapi.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\system32\sdra64.exe
[WARNING] The file could not be opened!


End of the scan: Monday, March 01, 2010 18:55
Used time: 31:44 Minute(s)

The scan has been done completely.

3777 Scanned directories
199860 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
199858 Files not concerned
1806 Archives were scanned
18 Warnings
1 Notes
33457 Objects were scanned with rootkit scan
0 Hidden objects were found

BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan warning

Post by Belahzur on 1st March 2010, 8:47 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: trojan warning

Post by BigAmzz on 1st March 2010, 11:51 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

3/1/2010 11:42:45 PM
mbam-log-2010-03-01 (23-42-45).txt

Scan type: Quick Scan
Objects scanned: 108574
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\Documents and Settings\nadia murphy\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\nadia murphy\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan warning

Post by Belahzur on 2nd March 2010, 12:01 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: trojan warning

Post by BigAmzz on 2nd March 2010, 12:14 am

OTL logfile created on: 3/2/2010 12:03:54 AM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\nadia murphy\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 41.03 Gb Free Space | 73.41% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 31.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-769C700AC0
Current User Name: nadia murphy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/02 00:02:40 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nadia murphy\My Documents\Downloads\OTL.exe
PRC - [2010/02/04 14:00:00 | 000,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/01/16 03:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/05 15:20:10 | 002,973,696 | ---- | M] (O2) -- C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2005/05/20 08:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2010/03/02 00:02:40 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nadia murphy\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 12:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - [2010/01/28 18:40:30 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/21 14:16:49 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/27 10:46:34 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/03/27 10:39:54 | 000,033,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TsWlan.sys -- (TSWLAN)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/15 14:12:06 | 005,854,752 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/02/15 15:59:52 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/02/15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/15 15:54:46 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/02/15 15:54:10 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/15 15:51:22 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/01/31 10:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2005/06/07 13:53:46 | 000,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:08:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2003/09/09 01:30:31 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2003/03/06 14:48:08 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:20:16 | 000,297,728 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018) Service for AC'97 Sample Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/24 01:58:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/24 11:32:00 | 000,000,000 | ---D | M]

[2010/01/24 01:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Extensions
[2010/03/01 00:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Firefox\Profiles\fw1k3fff.default\extensions
[2010/01/30 19:42:30 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Firefox\Profiles\fw1k3fff.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/02/07 19:05:33 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Firefox\Profiles\fw1k3fff.default\searchplugins\bing.xml
[2010/01/20 12:14:16 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Firefox\Profiles\fw1k3fff.default\searchplugins\conduit.xml
[2010/01/24 01:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UIUCU] C:\Documents and Settings\nadia murphy\Local Settings\Temp\UIUCU.EXE (Conexant Systems, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\nadia murphy\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\nadia murphy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nadia murphy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/17 13:31:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/13 18:44:59 | 000,136,448 | R--- | M] (Sports Interactive) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/07/25 17:10:55 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/14 10:31:22 | 000,025,214 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/09/14 10:23:04 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{34d96127-0750-11df-a6ca-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{34d96127-0750-11df-a6ca-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34d96127-0750-11df-a6ca-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{34d96129-0750-11df-a6ca-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{34d96129-0750-11df-a6ca-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34d96129-0750-11df-a6ca-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{64f73f8c-079a-11df-a6d1-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{64f73f8c-079a-11df-a6d1-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64f73f8c-079a-11df-a6d1-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{64f73f8d-079a-11df-a6d1-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{64f73f8d-079a-11df-a6d1-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64f73f8d-079a-11df-a6d1-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{64f73f90-079a-11df-a6d1-001641b9448d}\Shell - "" = AutoRun
O33 - MountPoints2\{64f73f90-079a-11df-a6d1-001641b9448d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64f73f90-079a-11df-a6d1-001641b9448d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b3bf204-069d-11df-a6c4-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3bf204-069d-11df-a6c4-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b3bf204-069d-11df-a6c4-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b3bf206-069d-11df-a6c4-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3bf206-069d-11df-a6c4-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b3bf206-069d-11df-a6c4-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{84830a1d-075d-11df-a6cc-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{84830a1d-075d-11df-a6cc-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{84830a1d-075d-11df-a6cc-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ba5060d6-0b8b-11df-a6e5-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{ba5060d6-0b8b-11df-a6e5-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba5060d6-0b8b-11df-a6e5-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/01 23:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\Malwarebytes
[2010/03/01 23:32:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/01 23:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/01 23:32:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/01 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/28 20:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/28 20:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/02/28 20:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/02/28 20:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\Temp
[2010/02/28 20:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/28 20:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\Google
[2010/02/28 20:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/02/28 19:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\WinRAR
[2010/02/28 19:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/02/28 13:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\My Documents\Sports Interactive
[2010/02/28 13:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sports Interactive
[2010/02/28 13:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\Sports Interactive
[2010/02/28 12:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2010/02/27 15:37:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/25 00:05:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/02/25 00:04:35 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/25 00:04:35 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/25 00:04:33 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/25 00:04:33 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/02/25 00:04:32 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/02/25 00:04:30 | 006,067,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/25 00:04:26 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/02/25 00:04:26 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/02/25 00:04:25 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/02/25 00:03:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/02/25 00:03:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/02/25 00:01:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/02/25 00:01:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/02/25 00:00:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/02/24 23:57:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/02/14 12:29:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nadia murphy\My Documents\My Videos
[2010/02/14 12:28:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2010/02/14 12:28:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010/02/14 12:28:21 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010/02/14 12:08:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/02/14 12:08:27 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/02/14 12:08:25 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/02/14 12:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\Nokia
[2010/02/14 12:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\PC Suite
[2010/02/14 12:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/14 12:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/02/14 12:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/02/14 12:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/02/14 12:06:07 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/02/14 12:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/02/14 12:05:38 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/02/14 12:05:37 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/02/14 12:05:36 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/02/14 12:05:30 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2010/02/14 12:05:30 | 000,660,480 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/02/14 12:05:30 | 000,017,664 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/02/14 12:05:25 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/02/14 12:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/02/14 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/02/11 20:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/02/11 20:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Installer
[2010/02/08 13:57:44 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/08 13:57:44 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/07 14:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Tracing
[2010/02/07 14:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/02/07 14:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/02/07 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/02/07 14:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/02/07 13:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/01/31 15:01:17 | 000,049,152 | ---- | C] (None) -- C:\WINDOWS\System32\AIMDL.exe
[2010/01/31 15:01:16 | 001,057,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2010/01/31 15:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\XAimer
[2010/01/30 19:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2009/07/17 13:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/17 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/17 13:31:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/17 13:31:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan warning

Post by BigAmzz on 2nd March 2010, 12:15 am

========== Files - Modified Within 30 Days ==========

[2010/03/01 23:50:45 | 000,359,012 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/01 23:50:45 | 000,313,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/01 23:50:45 | 000,041,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/01 23:46:39 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/03/01 23:46:27 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 23:46:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 23:46:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 23:45:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\nadia murphy\ntuser.ini
[2010/03/01 23:45:12 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\nadia murphy\ntuser.dat
[2010/03/01 23:45:00 | 005,330,364 | -H-- | M] () -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\IconCache.db
[2010/03/01 23:32:30 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/01 23:13:05 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 20:06:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/02/28 20:04:35 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/02/28 20:04:35 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/02/28 13:02:34 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2009.lnk
[2010/02/25 00:06:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 13:13:06 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/14 12:28:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/02/14 12:28:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/02/14 12:06:41 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/02/12 10:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/11 03:16:10 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/02/07 19:04:07 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/07 14:11:31 | 000,014,248 | ---- | M] () -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/03 16:22:34 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/31 15:02:51 | 000,020,481 | ---- | M] () -- C:\WINDOWS\System32\SystemsHook.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 23:32:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 20:06:30 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/02/28 20:04:35 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/02/28 20:04:35 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/02/28 20:02:59 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 20:02:58 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/28 13:02:34 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2009.lnk
[2010/02/14 12:28:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/02/14 12:28:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/02/14 12:06:41 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/02/11 03:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/31 15:01:17 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2010/01/31 15:01:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2010/01/17 14:49:56 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/01/16 23:15:01 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/10/04 01:34:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 17:50:10 | 000,000,715 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2009/03/27 10:39:54 | 000,033,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\TsWlan.sys
[2006/02/15 16:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/07/12 13:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/08/04 12:00:00 | 000,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/03/23 15:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2002/05/15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >
DRV - [2010/01/28 18:40:30 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/21 14:16:49 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/27 10:46:34 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/03/27 10:39:54 | 000,033,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TsWlan.sys -- (TSWLAN)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/15 14:12:06 | 005,854,752 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/02/15 15:59:52 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/02/15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/15 15:54:46 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/02/15 15:54:10 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/15 15:51:22 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/01/31 10:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2005/06/07 13:53:46 | 000,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 23:08:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2003/09/09 01:30:31 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2003/03/06 14:48:08 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:20:16 | 000,297,728 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018) Service for AC'97 Sample Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/24 01:58:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/24 11:32:00 | 000,000,000 | ---D | M]

[2010/01/24 01:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Extensions
[2010/03/01 00:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Firefox\Profiles\fw1k3fff.default\extensions
[2010/01/30 19:42:30 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Firefox\Profiles\fw1k3fff.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/02/07 19:05:33 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Firefox\Profiles\fw1k3fff.default\searchplugins\bing.xml
[2010/01/20 12:14:16 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\nadia murphy\Application Data\Mozilla\Firefox\Profiles\fw1k3fff.default\searchplugins\conduit.xml
[2010/01/24 01:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UIUCU] C:\Documents and Settings\nadia murphy\Local Settings\Temp\UIUCU.EXE (Conexant Systems, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\nadia murphy\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\nadia murphy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\nadia murphy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/17 13:31:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/10/13 18:44:59 | 000,136,448 | R--- | M] (Sports Interactive) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/07/25 17:10:55 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/14 10:31:22 | 000,025,214 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/09/14 10:23:04 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{34d96127-0750-11df-a6ca-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{34d96127-0750-11df-a6ca-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34d96127-0750-11df-a6ca-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{34d96129-0750-11df-a6ca-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{34d96129-0750-11df-a6ca-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34d96129-0750-11df-a6ca-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{64f73f8c-079a-11df-a6d1-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{64f73f8c-079a-11df-a6d1-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64f73f8c-079a-11df-a6d1-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{64f73f8d-079a-11df-a6d1-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{64f73f8d-079a-11df-a6d1-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64f73f8d-079a-11df-a6d1-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{64f73f90-079a-11df-a6d1-001641b9448d}\Shell - "" = AutoRun
O33 - MountPoints2\{64f73f90-079a-11df-a6d1-001641b9448d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64f73f90-079a-11df-a6d1-001641b9448d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b3bf204-069d-11df-a6c4-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3bf204-069d-11df-a6c4-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b3bf204-069d-11df-a6c4-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b3bf206-069d-11df-a6c4-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b3bf206-069d-11df-a6c4-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b3bf206-069d-11df-a6c4-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{84830a1d-075d-11df-a6cc-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{84830a1d-075d-11df-a6cc-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{84830a1d-075d-11df-a6cc-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ba5060d6-0b8b-11df-a6e5-00170837838a}\Shell - "" = AutoRun
O33 - MountPoints2\{ba5060d6-0b8b-11df-a6e5-00170837838a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba5060d6-0b8b-11df-a6e5-00170837838a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/07 18:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/01 23:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\Malwarebytes
[2010/03/01 23:32:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/01 23:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/01 23:32:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/01 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/28 20:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/28 20:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/02/28 20:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/02/28 20:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\Temp
[2010/02/28 20:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/28 20:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\Google
[2010/02/28 20:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/02/28 19:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\WinRAR
[2010/02/28 19:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/02/28 13:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\My Documents\Sports Interactive
[2010/02/28 13:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sports Interactive
[2010/02/28 13:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\Sports Interactive
[2010/02/28 12:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2010/02/27 15:37:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/25 00:05:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/02/25 00:04:35 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/25 00:04:35 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/25 00:04:33 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/25 00:04:33 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/02/25 00:04:32 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/02/25 00:04:30 | 006,067,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/25 00:04:26 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/02/25 00:04:26 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/02/25 00:04:25 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/02/25 00:03:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/02/25 00:03:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/02/25 00:01:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/02/25 00:01:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/02/25 00:00:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/02/24 23:57:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/02/14 12:29:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\nadia murphy\My Documents\My Videos
[2010/02/14 12:28:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2010/02/14 12:28:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010/02/14 12:28:21 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010/02/14 12:08:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/02/14 12:08:27 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/02/14 12:08:25 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/02/14 12:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\Nokia
[2010/02/14 12:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Application Data\PC Suite
[2010/02/14 12:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/14 12:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/02/14 12:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/02/14 12:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/02/14 12:06:07 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/02/14 12:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/02/14 12:05:38 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/02/14 12:05:37 | 000,007,936 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/02/14 12:05:36 | 000,022,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/02/14 12:05:30 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2010/02/14 12:05:30 | 000,660,480 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/02/14 12:05:30 | 000,017,664 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/02/14 12:05:25 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/02/14 12:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/02/14 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/02/11 20:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/02/11 20:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Installer
[2010/02/08 13:57:44 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/08 13:57:44 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/07 14:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\nadia murphy\Tracing
[2010/02/07 14:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/02/07 14:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/02/07 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/02/07 14:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/02/07 13:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/01/31 15:01:17 | 000,049,152 | ---- | C] (None) -- C:\WINDOWS\System32\AIMDL.exe
[2010/01/31 15:01:16 | 001,057,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2010/01/31 15:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\XAimer
[2010/01/30 19:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2009/07/17 13:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/17 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/17 13:31:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/17 13:31:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/01 23:50:45 | 000,359,012 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/01 23:50:45 | 000,313,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/01 23:50:45 | 000,041,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/01 23:46:39 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/03/01 23:46:27 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 23:46:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 23:46:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 23:45:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\nadia murphy\ntuser.ini
[2010/03/01 23:45:12 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\nadia murphy\ntuser.dat
[2010/03/01 23:45:00 | 005,330,364 | -H-- | M] () -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\IconCache.db
[2010/03/01 23:32:30 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/01 23:13:05 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 20:06:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/02/28 20:04:35 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/02/28 20:04:35 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/02/28 13:02:34 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2009.lnk
[2010/02/25 00:06:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 13:13:06 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/14 12:28:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/02/14 12:28:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/02/14 12:06:41 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/02/12 10:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/11 03:16:10 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/02/07 19:04:07 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/07 14:11:31 | 000,014,248 | ---- | M] () -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/03 16:22:34 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/31 15:02:51 | 000,020,481 | ---- | M] () -- C:\WINDOWS\System32\SystemsHook.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 23:32:30 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 20:06:30 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/02/28 20:04:35 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/02/28 20:04:35 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/02/28 20:02:59 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/28 20:02:58 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/28 13:02:34 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2009.lnk
[2010/02/14 12:28:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010/02/14 12:28:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/02/14 12:06:41 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/02/11 03:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/31 15:01:17 | 000,020,481 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2010/01/31 15:01:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2010/01/17 14:49:56 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/01/16 23:15:01 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/10/04 01:34:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\nadia murphy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 17:50:10 | 000,000,715 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2009/03/27 10:39:54 | 000,033,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\TsWlan.sys
[2006/02/15 16:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/07/12 13:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/08/04 12:00:00 | 000,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/03/23 15:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2002/05/15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >

BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan warning

Post by BigAmzz on 2nd March 2010, 12:16 am

OTL Extras logfile created on: 3/2/2010 12:03:54 AM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\nadia murphy\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 41.03 Gb Free Space | 73.41% Space Free | Partition Type: NTFS
Drive D: | 2.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 31.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-769C700AC0
Current User Name: nadia murphy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009 -- (Sports Interactive)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA211BA-DB14-4895-AC77-EF4009144AFC}" = O2 Connection Manager
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"ABC Security Protector_is1" = ABC Security Protector
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIDA32_is1" = AIDA32 v3.75
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor 2.0" = Belarc Advisor 6.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BroadJump Client Foundation" = BroadJump Client Foundation
"D2 Simply Typing" = D2 Simply Typing
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Football Manager 2009" = Football Manager 2009
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Halo" = Microsoft Halo
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"ShowIP_is1" = ShowIP v1.5.6
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/28/2010 5:13:12 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

Error - 2/28/2010 6:13:15 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

Error - 2/28/2010 7:13:18 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

Error - 2/28/2010 8:13:18 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 1:13:25 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 2:13:15 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 3:13:21 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 4:13:17 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 5:13:12 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

Error - 3/1/2010 6:13:09 PM | Computer Name = HOME-769C700AC0 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 3/1/2010 7:46:51 PM | Computer Name = HOME-769C700AC0 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 3/1/2010 7:46:51 PM | Computer Name = HOME-769C700AC0 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 3/1/2010 7:58:02 PM | Computer Name = HOME-769C700AC0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/1/2010 7:58:03 PM | Computer Name = HOME-769C700AC0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/1/2010 7:58:03 PM | Computer Name = HOME-769C700AC0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/1/2010 7:58:03 PM | Computer Name = HOME-769C700AC0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/1/2010 8:06:52 PM | Computer Name = HOME-769C700AC0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/1/2010 8:06:54 PM | Computer Name = HOME-769C700AC0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/1/2010 8:08:58 PM | Computer Name = HOME-769C700AC0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 3/1/2010 8:09:00 PM | Computer Name = HOME-769C700AC0 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

BigAmzz
Intermediate
Intermediate

Posts Posts : 125
Joined Joined : 2009-01-13
OS OS : windowsxp
Points Points : 29908
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan warning

Post by Belahzur on 2nd March 2010, 1:40 pm

Hello.

Logs look good.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum