Trojan Horse sheur2 virous

View previous topic View next topic Go down

Trojan Horse sheur2 virous

Post by VICTORD on 21st April 2009, 9:58 pm

On reboot I get (Error Loading ...letuxami.dll file) Computer Very slow, usb port don't work anymore. I now use FireFox instead of Internet Explorer. This last one was very unstable. I did run last night, Malwarebytes' Anti-Malware, as seen on your site. Seem to zap a bunch of Virous and cookies. System working better. 10min in and no crash.

Any help will be great Thank Vic





Scan saved at 6:48:44 PM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
E:\VIRUSfighter\Npm\Bin\Zanda.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Fighters\configservice.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Fighters\licenseservice.exe
E:\Program Files\Fighters\updateservice.exe
E:\Program Files\Fighters\ScannerService.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\VIRUSfighter\Npm\bin\NJEEVES.EXE
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Ahead\InCD\InCD.exe
E:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
E:\VIRUSfighter\Npm\bin\ZLH.EXE
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe
e:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
E:\VIRUSfighter\Nse\bin\NSESVC.EXE
E:\VIRUSfighter\Nvc\BIN\NIP.EXE
E:\VIRUSfighter\Nvc\bin\nvcoas.exe
E:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
E:\VIRUSfighter\Nvc\bin\cclaw.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - E:\Program Files\alot\bin\alot.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: RHSI Toolbar - {4DF5B116-4FD9-4039-B377-1130953A980F} - E:\Program Files\Rogers Hi-Speed Internet\RHSI Toolbar\ToolBand.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - E:\Program Files\alot\bin\alot.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] E:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [spywarefighterguard] E:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [Norman ZANDA] "E:\VIRUSfighter\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers Hi-Speed Internet\RHSI SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = E:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PolderbitS Audio Driver Monitor.lnk = E:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - [You must be registered and logged in to see this link.]
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - E:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - E:\VIRUSfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - E:\VIRUSfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - E:\VIRUSfighter\Nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - E:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - E:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PTK License-FIGHTERS-272645987 - SPAMfighter - E:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-272645987 - SPAMfighter - E:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-272645987 - SPAMfighter - E:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-272645987 - SPAMfighter - E:\Program Files\Fighters\configservice.exe

--
End of file - 9831 bytes

VICTORD
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-04-21
Gender Gender : Male
OS OS : windows xp home edition
Points Points : 27906
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by Belahzur on 21st April 2009, 10:34 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
    O1 - Hosts: 82.98.231.89 best-click-scanner.info
    O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
    O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
    O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
    O1 - Hosts: 82.98.231.89 onlinenotifyq.net
    O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
    O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by VICTORD on 22nd April 2009, 12:36 am

these where the results. I will see how the system is runing now.

Thanks


Malwarebytes' Anti-Malware 1.36
Database version: 2016
Windows 5.1.2600 Service Pack 3

4/21/2009 9:33:04 PM
mbam-log-2009-04-21 (21-33-04).txt

Scan type: Quick Scan
Objects scanned: 112577
Time elapsed: 33 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

VICTORD
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-04-21
Gender Gender : Male
OS OS : windows xp home edition
Points Points : 27906
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by Belahzur on 22nd April 2009, 12:43 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • alot toolbar


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by VICTORD on 22nd April 2009, 10:18 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Victor at 19:10:23.46 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.351.93 [GMT -3:00]

AV: VIRUSfighter ver. 5.99 *On-access scanning enabled* (Updated)

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
E:\WINDOWS\system32\svchost -k rpcss
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
E:\VIRUSfighter\Npm\Bin\Zanda.exe
E:\WINDOWS\System32\svchost.exe -k NetworkService
E:\WINDOWS\System32\svchost.exe -k LocalService
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe -k LocalService
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Fighters\configservice.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\Program Files\Fighters\licenseservice.exe
E:\Program Files\Fighters\updateservice.exe
E:\Program Files\Fighters\ScannerService.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\VIRUSfighter\Npm\bin\NJEEVES.EXE
E:\WINDOWS\System32\alg.exe
E:\VIRUSfighter\Nse\bin\NSESVC.EXE
E:\VIRUSfighter\Nvc\bin\nvcoas.exe
E:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
E:\WINDOWS\Explorer.EXE
E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Ahead\InCD\InCD.exe
E:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
E:\VIRUSfighter\Npm\bin\ZLH.EXE
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe
E:\VIRUSfighter\Nvc\BIN\NIP.EXE
E:\VIRUSfighter\Nvc\bin\cclaw.exe
e:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
E:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
E:\WINDOWS\msagent\AgentSvr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Victor\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - e:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: RHSI Toolbar: {4df5b116-4fd9-4039-b377-1130953a980f} - e:\program files\rogers hi-speed internet\rhsi toolbar\ToolBand.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [RHSI SHS] "c:\program files\rogers hi-speed internet\rhsi selfhealing\SHS.exe" /background
uRun: [PhotoShow Deluxe Media Manager] e:\progra~1\ahead\ahead\data\xtras\mssysmgr.exe
uRun: [swg] e:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [REGSHAVE] e:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NeroFilterCheck] e:\windows\system32\NeroCheck.exe
mRun: [Ulead AutoDetector] e:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [InCD] e:\program files\ahead\incd\InCD.exe
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [spywarefighterguard] e:\program files\fighters\spywarefighter\SpywarefighterUser.exe
mRun: [Norman ZANDA] "e:\virusfighter\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - e:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office\OSA9.EXE
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\polder~1.lnk - e:\program files\polderbits\recorder\driver\PBDriverMonitor_uk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.windowsupdate
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - e:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - [You must be registered and logged in to see this link.]
LSA: Notification Packages = scecli e:\windows\system32\nakakoye.dll e:\windows\system32\gupezosi.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\victor\applic~1\mozilla\firefox\profiles\vbft347w.default\
FF - plugin: e:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npclntax_SeekmoSA.dll
FF - HiddenExtension: XUL Cache: {4477A6FC-B7CC-4967-B8FC-6260BBBC37D7} - e:\documents and settings\victor\local settings\application data\{4477A6FC-B7CC-4967-B8FC-6260BBBC37D7}

============= SERVICES / DRIVERS ===============

R1 NGS;Norman General Security Driver;e:\virusfighter\nvc\bin\ngs.sys [2009-4-10 22712]
R2 Ndiskio;Ndiskio;e:\virusfighter\nse\bin\Ndiskio.sys [2009-4-10 20448]
R2 Norman ZANDA;Norman ZANDA;e:\virusfighter\npm\bin\Zanda.exe [2009-4-10 408696]
R2 PTK License-FIGHTERS-272645987;PTK License-FIGHTERS-272645987;e:\program files\fighters\LicenseService.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-272645987;PTK Live Update-FIGHTERS-272645987;e:\program files\fighters\UpdateService.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-272645987;PTK Scanner-FIGHTERS-272645987;e:\program files\fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-272645987;PTK SharedAccess-FIGHTERS-272645987;e:\program files\fighters\ConfigService.exe [2008-11-18 139912]
R3 nsesvc;Norman Scanner Engine Service;e:\virusfighter\nse\bin\Nsesvc.exe [2009-4-10 183352]
R3 NvcMFlt;NvcMFlt;e:\windows\system32\drivers\nvcw32mf.sys [2009-4-10 19512]
R3 nvcoas;Norman Virus Control on-access component;e:\virusfighter\nvc\bin\Nvcoas.exe [2009-4-10 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;e:\virusfighter\nvc\bin\Nvcsched.exe [2009-4-10 146488]
R3 PbsAuDrv;PolderbitS Audio Driver;e:\windows\system32\drivers\pbsaudrv.sys [2008-10-22 103824]
R3 Vfscan;Vfscan;e:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]
S3 getPlus(R) Helper;getPlus(R) Helper;e:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-18 33176]
S3 NPF;Netgroup Packet Filter;e:\windows\system32\drivers\npf.sys [2008-6-25 30336]

=============== Created Last 30 ================

2009-04-22 19:09 --d-h--- e:\windows\PIF
2009-04-20 22:54 --d----- e:\docume~1\victor\applic~1\Malwarebytes
2009-04-20 22:54 15,504 a------- e:\windows\system32\drivers\mbam.sys
2009-04-20 22:54 38,496 a------- e:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 22:54 --d----- e:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-20 22:53 --d----- e:\program files\Malwarebytes' Anti-Malware
2009-04-20 22:25 --d----- e:\program files\Trend Micro
2009-04-20 21:33 --d----- e:\program files\JavaFX
2009-04-20 21:12 --d----- e:\program files\Sun
2009-04-20 21:11 410,984 a------- e:\windows\system32\deploytk.dll
2009-04-20 21:11 73,728 a------- e:\windows\system32\javacpl.cpl
2009-04-15 07:13 206 a------- e:\windows\system32\MRT.INI
2009-04-15 07:13 --d----- e:\windows\system32\MpEngineStore
2009-04-14 18:12 284,160 -c------ e:\windows\system32\dllcache\pdh.dll
2009-04-14 18:12 401,408 -c------ e:\windows\system32\dllcache\rpcss.dll
2009-04-14 18:12 110,592 -c------ e:\windows\system32\dllcache\services.exe
2009-04-14 18:12 473,600 -c------ e:\windows\system32\dllcache\fastprox.dll
2009-04-14 18:12 227,840 -c------ e:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 18:12 453,120 -c------ e:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 18:12 729,088 -c------ e:\windows\system32\dllcache\lsasrv.dll
2009-04-14 18:12 714,752 -c------ e:\windows\system32\dllcache\ntdll.dll
2009-04-14 18:12 617,472 -c------ e:\windows\system32\dllcache\advapi32.dll
2009-04-14 18:08 2,560 -------- e:\windows\system32\xpsp4res.dll
2009-04-14 18:08 1,203,922 -c------ e:\windows\system32\dllcache\sysmain.sdb
2009-04-14 18:08 215,552 -c------ e:\windows\system32\dllcache\wordpad.exe
2009-04-10 22:18 19,512 a------- e:\windows\system32\drivers\nvcw32mf.sys
2009-04-10 22:05 --d----- E:\VIRUSfighter
2009-04-08 20:36 --d----- e:\program files\Fighters
2009-04-08 20:36 --d----- e:\docume~1\alluse~1\applic~1\Fighters
2009-04-08 20:27 --d----- e:\docume~1\victor\applic~1\Logs
2009-04-08 15:58 0 a------- e:\windows\Nfabexopa.bin
2009-04-07 18:48 155 a------- e:\windows\system32\SelfDel.bat
2009-04-06 13:29 27,648 a------- e:\windows\system32\winsetupsm.exe
2009-04-06 13:14 27,648 a------- e:\windows\system32\winsetupsn.exe
2009-04-04 21:20 1,429,499 ---sh--- e:\windows\system32\uzafuyat.ini
2009-04-01 19:11 1,089,593 -c------ e:\windows\system32\dllcache\ntprint.cat
2009-03-31 18:14 --d----- e:\windows\system32\XPSViewer
2009-03-31 18:11 597,504 -c------ e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-31 18:11 575,488 -c------ e:\windows\system32\dllcache\xpsshhdr.dll
2009-03-31 18:11 89,088 -c------ e:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-31 18:11 575,488 -------- e:\windows\system32\xpsshhdr.dll
2009-03-31 18:11 117,760 -------- e:\windows\system32\prntvpt.dll
2009-03-31 18:11 1,676,288 -c------ e:\windows\system32\dllcache\xpssvcs.dll
2009-03-31 18:11 1,676,288 -------- e:\windows\system32\xpssvcs.dll
2009-03-31 18:11 --d----- E:\22ac219e7ba93b034486a0
2009-03-31 14:52 54,156 a---h--- e:\windows\QTFont.qfn
2009-03-31 14:52 1,409 a------- e:\windows\QTFont.for
2009-03-30 00:18 268 a---h--- E:\sqmdata18.sqm
2009-03-30 00:18 244 a---h--- E:\sqmnoopt18.sqm
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmpC11F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp9A1F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp7F1F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp542F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp3B2F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp103F2.FOT
2009-03-25 17:56 --d----- e:\documents and settings\victor\Drawings 2009

==================== Find3M ====================

2009-03-26 22:31 512 a---h--- E:\gt2008.bin
2009-03-17 18:39 0 a---h--- e:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-17 18:39 0 a---h--- e:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-06 11:22 284,160 a------- e:\windows\system32\pdh.dll
2009-03-02 21:18 826,368 a------- e:\windows\system32\wininet.dll
2009-03-02 18:47 107,888 a------- e:\windows\system32\CmdLineExt.dll
2009-02-20 15:09 78,336 -------- e:\windows\system32\ieencode.dll
2009-02-09 09:10 729,088 a------- e:\windows\system32\lsasrv.dll
2009-02-09 09:10 714,752 a------- e:\windows\system32\ntdll.dll
2009-02-09 09:10 617,472 a------- e:\windows\system32\advapi32.dll
2009-02-09 09:10 401,408 a------- e:\windows\system32\rpcss.dll
2009-02-09 08:13 1,846,784 a------- e:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- e:\windows\system32\ntkrnlpa.exe
2009-02-06 08:11 110,592 a------- e:\windows\system32\services.exe
2009-02-06 08:08 2,189,056 a------- e:\windows\system32\ntoskrnl.exe
2009-02-06 07:39 35,328 a------- e:\windows\system32\sc.exe
2009-02-03 16:59 56,832 a------- e:\windows\system32\secur32.dll

============= FINISH: 19:11:33.57 ===============

VICTORD
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-04-21
Gender Gender : Male
OS OS : windows xp home edition
Points Points : 27906
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by Belahzur on 22nd April 2009, 10:29 pm

Hello.

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Please double-click GooredFix.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    e:\windows\system32\SelfDel.bat
    e:\windows\Nfabexopa.bin

    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by VICTORD on 22nd April 2009, 11:24 pm

GooredFix v1.92 by jpshortstuff
Log created at 20:11 on 22/04/2009 running Option #2 (Victor)
Firefox version 3.0.9 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{4477A6FC-B7CC-4967-B8FC-6260BBBC37D7}"="E:\Documents and Settings\Victor\Local Settings\Application Data\{4477A6FC-B7CC-4967-B8FC-6260BBBC37D7}"
->Backing up value... Done.
->Deleting value... Done.

E:\Documents and Settings\Victor\Local Settings\Application Data\{4477A6FC-B7CC-4967-B8FC-6260BBBC37D7}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
E:\Program Files\Mozilla Firefox\extensions\{0C206843-6F84-46F6-AA3B-03A09852E02A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Plugins"="E:\Program Files\Mozilla Firefox\plugins"

VICTORD
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-04-21
Gender Gender : Male
OS OS : windows xp home edition
Points Points : 27906
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by VICTORD on 22nd April 2009, 11:29 pm

GooredFix v1.92 by jpshortstuff
Log created at 20:11 on 22/04/2009 running Option #2 (Victor)
Firefox version 3.0.9 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{4477A6FC-B7CC-4967-B8FC-6260BBBC37D7}"="E:\Documents and Settings\Victor\Local Settings\Application Data\{4477A6FC-B7CC-4967-B8FC-6260BBBC37D7}"
->Backing up value... Done.
->Deleting value... Done.

E:\Documents and Settings\Victor\Local Settings\Application Data\{4477A6FC-B7CC-4967-B8FC-6260BBBC37D7}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
E:\Program Files\Mozilla Firefox\extensions\{0C206843-6F84-46F6-AA3B-03A09852E02A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Plugins"="E:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Components"="E:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="E:\Program Files\Java\jre6\lib\deploy\jqs\ff"







========== FILES ==========
e:\windows\system32\SelfDel.bat moved successfully.
e:\windows\Nfabexopa.bin moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04222009_202740

VICTORD
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-04-21
Gender Gender : Male
OS OS : windows xp home edition
Points Points : 27906
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by Belahzur on 22nd April 2009, 11:38 pm

Click Start >> Run and then copy/paste the following into the box and hit Enter:
"%userprofile%\Desktop\GooredFix.exe" /uninstall
note the space between " /
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

We can remove OTMoveIt now.

  • Please double-click OTMoveIt3.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by VICTORD on 23rd April 2009, 12:58 am

Not running so good. Very slow. The two front USB connections in the front are not being recognized. The one on the back is ok. Running low on memory message popping up.

VICTORD
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-04-21
Gender Gender : Male
OS OS : windows xp home edition
Points Points : 27906
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by Belahzur on 23rd April 2009, 8:25 am

Please post a new DDS log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by VICTORD on 23rd April 2009, 11:58 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/23/2008 4:25:26 AM
System Uptime: 4/23/2009 8:28:52 PM (0 hours ago)

Motherboard: ASRock | | K7VM2
Processor: AMD Athlon(tm) XP 2000+ | Socket-A | 1666/133mhz

==== Disk Partitions =========================

A: is Removable
C: is Removable
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 81.958 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP222: 1/23/2009 9:35:44 PM - System Checkpoint
RP223: 1/24/2009 10:20:02 PM - System Checkpoint
RP224: 1/25/2009 11:10:48 PM - System Checkpoint
RP225: 1/26/2009 11:56:27 PM - System Checkpoint
RP226: 1/27/2009 11:57:55 PM - System Checkpoint
RP227: 1/29/2009 1:00:24 AM - System Checkpoint
RP228: 1/30/2009 1:52:23 AM - System Checkpoint
RP229: 1/31/2009 1:54:00 AM - System Checkpoint
RP230: 1/31/2009 8:54:28 AM - Avg8 Update
RP231: 1/31/2009 8:57:11 AM - Avg8 Update
RP232: 1/31/2009 9:38:43 AM - Avg8 Update
RP233: 2/1/2009 2:07:15 PM - System Checkpoint
RP234: 2/2/2009 2:47:33 PM - System Checkpoint
RP235: 2/2/2009 6:26:52 PM - Installed DirectX 9.0
RP236: 2/2/2009 6:32:07 PM - Installed DirectX 9.0
RP237: 2/22/2009 2:54:13 PM - Avg8 Update
RP238: 2/22/2009 9:40:44 PM - Software Distribution Service 3.0
RP239: 2/23/2009 9:41:21 PM - System Checkpoint
RP240: 2/24/2009 8:10:05 PM - Installed GenuTax Standard.
RP241: 2/24/2009 11:01:36 PM - Software Distribution Service 3.0
RP242: 2/25/2009 11:27:18 PM - Removed GenuTax Standard.
RP243: 2/25/2009 11:29:01 PM - Installed GenuTax Standard.
RP244: 2/27/2009 5:15:30 PM - System Checkpoint
RP245: 2/28/2009 11:44:35 AM - Installed DirectX 9.0
RP246: 2/28/2009 11:48:22 AM - Installed Autodesk Land Desktop 2007
RP247: 2/28/2009 12:40:48 PM - Installed Autodesk Civil 3D - Civil Design Companion 2007
RP248: 2/28/2009 12:43:26 PM - Installed Autodesk Survey 2007
RP249: 3/1/2009 1:06:42 PM - System Checkpoint
RP250: 3/1/2009 1:26:14 PM - Installed Hoyle Casino
RP251: 3/2/2009 1:44:53 PM - System Checkpoint
RP252: 3/3/2009 2:31:40 PM - System Checkpoint
RP253: 3/4/2009 3:31:42 PM - System Checkpoint
RP254: 3/5/2009 8:49:18 AM - Avg8 Update
RP255: 3/6/2009 3:00:22 AM - Software Distribution Service 3.0
RP256: 3/7/2009 3:31:42 AM - System Checkpoint
RP257: 3/8/2009 6:30:56 PM - System Checkpoint
RP258: 3/9/2009 7:17:01 PM - System Checkpoint
RP259: 3/10/2009 8:52:46 PM - System Checkpoint
RP260: 3/10/2009 11:12:56 PM - Software Distribution Service 3.0
RP261: 3/12/2009 4:05:59 PM - System Checkpoint
RP262: 3/12/2009 10:37:59 PM - Software Distribution Service 3.0
RP263: 3/13/2009 10:54:21 PM - System Checkpoint
RP264: 3/15/2009 11:41:09 AM - System Checkpoint
RP265: 3/15/2009 12:18:47 PM - Removed GenuTax Standard.
RP266: 3/15/2009 12:19:00 PM - Installed GenuTax Standard.
RP267: 3/16/2009 4:09:50 PM - System Checkpoint
RP268: 3/17/2009 5:26:47 PM - System Checkpoint
RP269: 3/17/2009 6:38:58 PM - Installed Windows XP Wdf01005.
RP270: 3/18/2009 5:35:20 PM - Avg8 Update
RP271: 3/19/2009 6:33:14 PM - System Checkpoint
RP272: 3/20/2009 6:49:56 PM - System Checkpoint
RP273: 3/21/2009 6:51:01 PM - System Checkpoint
RP274: 3/23/2009 11:56:20 AM - System Checkpoint
RP275: 3/24/2009 12:36:20 PM - System Checkpoint
RP276: 3/25/2009 4:03:42 PM - System Checkpoint
RP277: 3/26/2009 6:47:40 PM - Avg8 Update
RP278: 3/27/2009 7:33:24 PM - System Checkpoint
RP279: 3/28/2009 3:05:12 PM - Configured iTunes
RP280: 3/28/2009 3:07:51 PM - Configured iPod for Windows 2005-09-23
RP281: 3/29/2009 6:22:02 PM - System Checkpoint
RP282: 3/30/2009 10:21:26 PM - System Checkpoint
RP283: 3/31/2009 6:12:05 PM - Installed Windows KB954550-v5.
RP284: 3/31/2009 6:12:43 PM - Printer Driver Microsoft XPS Document Writer Installed
RP285: 3/31/2009 6:13:19 PM - Printer Driver Microsoft XPS Document Writer Installed
RP286: 4/1/2009 8:59:50 PM - System Checkpoint
RP287: 4/2/2009 12:08:06 AM - Software Distribution Service 3.0
RP288: 4/3/2009 4:29:34 PM - System Checkpoint
RP289: 4/14/2009 7:23:05 PM - System Checkpoint
RP290: 4/15/2009 5:24:33 PM - Avg8 Update
RP291: 4/16/2009 8:44:24 AM - Avg8 Update
RP292: 4/17/2009 4:46:01 PM - System Checkpoint
RP293: 4/18/2009 6:12:11 PM - System Checkpoint
RP294: 4/19/2009 6:37:28 PM - Removed AVG 8.0
RP295: 4/19/2009 6:56:13 PM - Installed AVG 8.0
RP296: 4/19/2009 7:08:41 PM - Removed Hoyle Casino
RP297: 4/20/2009 7:38:05 PM - Installed Java(TM) SE Development Kit 6 Update 13
RP298: 4/20/2009 9:11:17 PM - Installed Java(TM) 6 Update 13
RP299: 4/20/2009 9:33:24 PM - Installed JavaFX(TM) 1.1 SDK
RP300: 4/20/2009 9:58:50 PM - Software Distribution Service 3.0
RP301: 4/21/2009 7:05:12 AM - Software Distribution Service 3.0
RP302: 4/22/2009 6:33:18 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Shockwave Player 11
Audacity 1.2.6
Autodesk Civil 3D - Civil Design Companion 2007
Autodesk DWF Viewer
Autodesk Land Desktop 2007
Autodesk Survey 2007
Camera Driver
Canon MP Navigator 3.0
Canon MP460
Compatibility Pack for the 2007 Office system
Digital Camera
Driver Detective
FinePixViewer Ver.4.2
FUJIFILM USB Driver
GenuTax Standard
getPlus(R)
Google Desktop
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
ImageMixer VCD2 for FinePix
InCD
InCD Reader
Java DB 10.4.1.3
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 13
JavaFX(TM) 1.1 SDK
Last.fm 1.5.1.30182
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MicroStaff WINASPI
Mozilla Firefox (3.0.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Media Player
Nero OEM
Nero PhotoShow Express
NeroVision Express 2
NeroVision Express 2 Content
Nokia Connectivity Cable Driver
Picasa 2
PolderbitS Sound Recorder and Editor
ProSavageDDR and Utilities
QuickTax 2005
QuickTime
RAW FILE CONVERTER LE
RHSI Self Healing (remove only)
RHSI Toolbar (remove only)
S3Display
S3Gamma2
S3Info2
S3Overlay
SANYO Digital Camera Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SPYWAREfighter
Switch Sound File Converter
Ulead Photo Explorer 8.0 SE Basic
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Audio Driver Setup Program
VIRUSfighter
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Service Pack 3
Yahoo! Install Manager

==== End Of File ===========================

VICTORD
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-04-21
Gender Gender : Male
OS OS : windows xp home edition
Points Points : 27906
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by Belahzur on 24th April 2009, 12:04 am

You have a lot of system restore points, so lets flush them.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Download [You must be registered and logged in to see this link.]

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by VICTORD on 24th April 2009, 1:34 am

Still slow. Here is the latest dds
Will not run Disk Defrag


DDS (Ver_09-03-16.01) - NTFSx86
Run by Victor at 22:30:06.96 on Thu 04/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.351.155 [GMT -3:00]

AV: VIRUSfighter ver. 5.99 *On-access scanning enabled* (Updated)

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
E:\WINDOWS\system32\svchost -k rpcss
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
E:\VIRUSfighter\Npm\Bin\Zanda.exe
E:\WINDOWS\System32\svchost.exe -k NetworkService
E:\WINDOWS\System32\svchost.exe -k LocalService
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\svchost.exe -k LocalService
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Fighters\configservice.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\Program Files\Fighters\licenseservice.exe
E:\Program Files\Fighters\updateservice.exe
E:\Program Files\Fighters\ScannerService.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\VIRUSfighter\Npm\bin\NJEEVES.EXE
E:\VIRUSfighter\Nse\bin\NSESVC.EXE
E:\WINDOWS\System32\alg.exe
E:\VIRUSfighter\Nvc\bin\nvcoas.exe
E:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Ahead\InCD\InCD.exe
E:\VIRUSfighter\Npm\bin\ZLH.EXE
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
E:\VIRUSfighter\Nvc\BIN\NIP.EXE
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe
E:\VIRUSfighter\Nvc\bin\cclaw.exe
E:\WINDOWS\explorer.exe
E:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
E:\WINDOWS\msagent\AgentSvr.exe
E:\Documents and Settings\Victor\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - e:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: RHSI Toolbar: {4df5b116-4fd9-4039-b377-1130953a980f} - e:\program files\rogers hi-speed internet\rhsi toolbar\ToolBand.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [RHSI SHS] "c:\program files\rogers hi-speed internet\rhsi selfhealing\SHS.exe" /background
uRun: [PhotoShow Deluxe Media Manager] e:\progra~1\ahead\ahead\data\xtras\mssysmgr.exe
uRun: [swg] e:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [REGSHAVE] e:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NeroFilterCheck] e:\windows\system32\NeroCheck.exe
mRun: [Ulead AutoDetector] e:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [InCD] e:\program files\ahead\incd\InCD.exe
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [spywarefighterguard] e:\program files\fighters\spywarefighter\SpywarefighterUser.exe
mRun: [Norman ZANDA] "e:\virusfighter\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [Google Desktop Search] "e:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Picasa Media Detector] e:\program files\picasa2\PicasaMediaDetector.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - e:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office\OSA9.EXE
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\polder~1.lnk - e:\program files\polderbits\recorder\driver\PBDriverMonitor_uk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.windowsupdate
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - e:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - [You must be registered and logged in to see this link.]
AppInit_DLLs: e:\progra~1\google\google~4\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\victor\applic~1\mozilla\firefox\profiles\vbft347w.default\
FF - component: e:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: e:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npclntax_SeekmoSA.dll

============= SERVICES / DRIVERS ===============

R1 NGS;Norman General Security Driver;e:\virusfighter\nvc\bin\ngs.sys [2009-4-10 22712]
R2 Ndiskio;Ndiskio;e:\virusfighter\nse\bin\Ndiskio.sys [2009-4-10 20448]
R2 Norman ZANDA;Norman ZANDA;e:\virusfighter\npm\bin\Zanda.exe [2009-4-10 408696]
R2 PTK License-FIGHTERS-272645987;PTK License-FIGHTERS-272645987;e:\program files\fighters\LicenseService.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-272645987;PTK Live Update-FIGHTERS-272645987;e:\program files\fighters\UpdateService.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-272645987;PTK Scanner-FIGHTERS-272645987;e:\program files\fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-272645987;PTK SharedAccess-FIGHTERS-272645987;e:\program files\fighters\ConfigService.exe [2008-11-18 139912]
R3 nsesvc;Norman Scanner Engine Service;e:\virusfighter\nse\bin\Nsesvc.exe [2009-4-10 183352]
R3 NvcMFlt;NvcMFlt;e:\windows\system32\drivers\nvcw32mf.sys [2009-4-10 19512]
R3 nvcoas;Norman Virus Control on-access component;e:\virusfighter\nvc\bin\Nvcoas.exe [2009-4-10 183352]
R3 NVCScheduler;Norman Virus Control Scheduler;e:\virusfighter\nvc\bin\Nvcsched.exe [2009-4-10 146488]
R3 PbsAuDrv;PolderbitS Audio Driver;e:\windows\system32\drivers\pbsaudrv.sys [2008-10-22 103824]
R3 Vfscan;Vfscan;e:\windows\system32\drivers\vffilter.sys [2008-11-18 15496]
S3 getPlus(R) Helper;getPlus(R) Helper;e:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-18 33176]
S3 NPF;Netgroup Packet Filter;e:\windows\system32\drivers\npf.sys [2008-6-25 30336]

=============== Created Last 30 ================

2009-04-22 21:33 2,432 -------- e:\windows\system32\drivers\cdr4_xp.sys
2009-04-22 21:33 2,560 -------- e:\windows\system32\drivers\cdralw2k.sys
2009-04-22 21:30 --d----- e:\program files\Picasa2
2009-04-22 21:08 --d----- e:\program files\Western Digital
2009-04-22 19:09 --d-h--- e:\windows\PIF
2009-04-20 22:54 --d----- e:\docume~1\victor\applic~1\Malwarebytes
2009-04-20 22:54 15,504 a------- e:\windows\system32\drivers\mbam.sys
2009-04-20 22:54 38,496 a------- e:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 22:54 --d----- e:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-20 22:53 --d----- e:\program files\Malwarebytes' Anti-Malware
2009-04-20 22:25 --d----- e:\program files\Trend Micro
2009-04-20 21:33 --d----- e:\program files\JavaFX
2009-04-20 21:12 --d----- e:\program files\Sun
2009-04-20 21:11 410,984 a------- e:\windows\system32\deploytk.dll
2009-04-20 21:11 73,728 a------- e:\windows\system32\javacpl.cpl
2009-04-15 07:13 206 a------- e:\windows\system32\MRT.INI
2009-04-15 07:13 --d----- e:\windows\system32\MpEngineStore
2009-04-14 18:12 284,160 -c------ e:\windows\system32\dllcache\pdh.dll
2009-04-14 18:12 401,408 -c------ e:\windows\system32\dllcache\rpcss.dll
2009-04-14 18:12 110,592 -c------ e:\windows\system32\dllcache\services.exe
2009-04-14 18:12 473,600 -c------ e:\windows\system32\dllcache\fastprox.dll
2009-04-14 18:12 227,840 -c------ e:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 18:12 453,120 -c------ e:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 18:12 729,088 -c------ e:\windows\system32\dllcache\lsasrv.dll
2009-04-14 18:12 714,752 -c------ e:\windows\system32\dllcache\ntdll.dll
2009-04-14 18:12 617,472 -c------ e:\windows\system32\dllcache\advapi32.dll
2009-04-14 18:08 2,560 -------- e:\windows\system32\xpsp4res.dll
2009-04-14 18:08 1,203,922 -c------ e:\windows\system32\dllcache\sysmain.sdb
2009-04-14 18:08 215,552 -c------ e:\windows\system32\dllcache\wordpad.exe
2009-04-10 22:18 19,512 a------- e:\windows\system32\drivers\nvcw32mf.sys
2009-04-10 22:05 --d----- E:\VIRUSfighter
2009-04-08 20:36 --d----- e:\program files\Fighters
2009-04-08 20:36 --d----- e:\docume~1\alluse~1\applic~1\Fighters
2009-04-08 20:27 --d----- e:\docume~1\victor\applic~1\Logs
2009-04-06 13:29 27,648 a------- e:\windows\system32\winsetupsm.exe
2009-04-06 13:14 27,648 a------- e:\windows\system32\winsetupsn.exe
2009-04-04 21:20 1,429,499 ---sh--- e:\windows\system32\uzafuyat.ini
2009-04-01 19:11 1,089,593 -c------ e:\windows\system32\dllcache\ntprint.cat
2009-03-31 18:14 --d----- e:\windows\system32\XPSViewer
2009-03-31 18:11 597,504 -c------ e:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-31 18:11 575,488 -c------ e:\windows\system32\dllcache\xpsshhdr.dll
2009-03-31 18:11 89,088 -c------ e:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-31 18:11 575,488 -------- e:\windows\system32\xpsshhdr.dll
2009-03-31 18:11 117,760 -------- e:\windows\system32\prntvpt.dll
2009-03-31 18:11 1,676,288 -c------ e:\windows\system32\dllcache\xpssvcs.dll
2009-03-31 18:11 1,676,288 -------- e:\windows\system32\xpssvcs.dll
2009-03-31 18:11 --d----- E:\22ac219e7ba93b034486a0
2009-03-31 14:52 54,156 a---h--- e:\windows\QTFont.qfn
2009-03-31 14:52 1,409 a------- e:\windows\QTFont.for
2009-03-30 00:18 268 a---h--- E:\sqmdata18.sqm
2009-03-30 00:18 244 a---h--- E:\sqmnoopt18.sqm
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmpC11F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp9A1F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp7F1F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp542F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp3B2F2.FOT
2009-03-28 16:07 1,409 a------- e:\windows\system32\tmp103F2.FOT
2009-03-25 17:56 --d----- e:\documents and settings\victor\Drawings 2009

==================== Find3M ====================

2009-03-26 22:31 512 a---h--- E:\gt2008.bin
2009-03-17 18:39 0 a---h--- e:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-17 18:39 0 a---h--- e:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-06 11:22 284,160 a------- e:\windows\system32\pdh.dll
2009-03-02 21:18 826,368 a------- e:\windows\system32\wininet.dll
2009-03-02 18:47 107,888 a------- e:\windows\system32\CmdLineExt.dll
2009-02-20 15:09 78,336 -------- e:\windows\system32\ieencode.dll
2009-02-09 09:10 729,088 a------- e:\windows\system32\lsasrv.dll
2009-02-09 09:10 714,752 a------- e:\windows\system32\ntdll.dll
2009-02-09 09:10 617,472 a------- e:\windows\system32\advapi32.dll
2009-02-09 09:10 401,408 a------- e:\windows\system32\rpcss.dll
2009-02-09 08:13 1,846,784 a------- e:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- e:\windows\system32\ntkrnlpa.exe
2009-02-06 08:11 110,592 a------- e:\windows\system32\services.exe
2009-02-06 08:08 2,189,056 a------- e:\windows\system32\ntoskrnl.exe
2009-02-06 07:39 35,328 a------- e:\windows\system32\sc.exe
2009-02-03 16:59 56,832 a------- e:\windows\system32\secur32.dll

============= FINISH: 22:31:14.50 ===============

VICTORD
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-04-21
Gender Gender : Male
OS OS : windows xp home edition
Points Points : 27906
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse sheur2 virous

Post by Belahzur on 24th April 2009, 4:25 pm

Hello.
Looks okay, no malware showing.
Lets kill some startup stuff, post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum