Jump to content

Harry1

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Harry1
    Hi. Here's the logfile and the zipped attach file. DDS (Ver_09-02-01.01) - NTFSx86 Run by Harry at 19:50:10.93 on Fri 13/03/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1418 [GMT 2:00] AV: AVG 7.5.557 *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PRISMSVC.EXE c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\snmp.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Logitech\Profiler\lwemon.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Harry\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.i-choice.com.cy/user_site.asp uInternet Settings,ProxyOverride = <local> BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: {140BD8E3-C167-11D4-B4A3-080000180323} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: {5D7C8712-AAB5-4766-8E18-DC9A84F564E5} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: BrowserHelper Class: {ebcdda60-2a68-11d3-8a43-0060083cfb9c} - c:\windows\system32\nzdd.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [system configuration backup] c:\recycler\s-1-5-21-8837846407-3411793962-273322305-3591\sysdate.exe uRunOnce: [Ad Muncher Reboot Required] mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP mRunOnce: [Cleanup] C:\cleanup.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE StartupFolder: c:\docume~1\harry\startm~1\programs\startup\digigu~1.lnk - c:\program files\digiguide tv guide\Client.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: Download all links with IDM IE: Download FLV video content with IDM IE: Download linked FLV with GetFLV - c:\program files\getflv\iemenu\DownloadLinkFLV.htm IE: Download with IDM IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: PRISMAPI.DLL - PRISMAPI.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-9 64160] R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2008-7-31 821856] R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2008-7-31 4224] R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2008-7-31 27776] R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2008-7-31 10760] R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2008-7-31 418816] R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2008-7-31 49664] R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2008-7-31 406528] R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2008-7-31 4960] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-5-28 61526] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-7-11 14976] R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2008-8-23 36288] S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2006-7-5 371349] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936] S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-7-21 2560] S3 asbp2poa;asbp2poa;\??\c:\docume~1\harry\locals~1\temp\asbp2poa.sys --> c:\docume~1\harry\locals~1\temp\asbp2poa.sys [?] =============== Created Last 30 ================ 2009-03-11 23:55 <DIR> --d----- C:\cmdcons 2009-03-11 23:54 161,792 a------- c:\windows\SWREG.exe 2009-03-11 23:54 98,816 a------- c:\windows\sed.exe 2009-03-11 22:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-03-11 22:16 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-03-11 22:16 <DIR> --d----- c:\docume~1\harry\applic~1\SUPERAntiSpyware.com 2009-03-11 20:56 <DIR> --d----- C:\autoruns 2009-03-11 01:16 <DIR> --d----- c:\docume~1\harry\applic~1\Malwarebytes 2009-03-11 01:16 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-03-11 01:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-11 01:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-03-11 01:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-03-11 01:01 54,472 a------- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx 2009-03-11 01:01 54,472 a------- c:\windows\system32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx 2009-03-11 01:01 788 a------- c:\windows\system32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx 2009-03-10 03:41 <DIR> --d----- C:\New Folder (2) 2009-03-10 02:55 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll 2009-03-10 02:55 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-03-10 02:55 17,408 a------- c:\windows\system32\dllcache\xrxscnui.dll 2009-03-10 02:55 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe 2009-03-10 02:53 35,871 a------- c:\windows\system32\dllcache\wbfirdma.sys 2009-03-10 02:52 113,762 a------- c:\windows\system32\dllcache\usrpda.sys 2009-03-10 02:51 216,064 a------- c:\windows\system32\dllcache\um34scan.dll 2009-03-10 02:50 81,408 a------- c:\windows\system32\dllcache\tgiul50.dll 2009-03-10 02:49 48,736 a------- c:\windows\system32\dllcache\srwlnd5.sys 2009-03-10 02:48 45,568 a------- c:\windows\system32\dllcache\smb3w.dll 2009-03-10 02:47 98,080 a------- c:\windows\system32\dllcache\sgiulnt5.sys 2009-03-10 02:46 210,496 a------- c:\windows\system32\dllcache\s3mvirge.dll 2009-03-10 02:45 20,736 a------- c:\windows\system32\dllcache\ramdisk.sys 2009-03-10 02:40 482,304 a------- c:\windows\system32\dllcache\pintlgnt.ime 2009-03-10 02:40 175,104 a------- c:\windows\system32\dllcache\pintlcsa.dll 2009-03-10 02:40 70,144 a------- c:\windows\system32\dllcache\pintlphr.exe 2009-03-10 02:40 53,760 a------- c:\windows\system32\dllcache\pintlcsd.dll 2009-03-10 02:40 121,344 a------- c:\windows\system32\dllcache\phvfwext.dll 2009-03-10 02:40 79,360 a------- c:\windows\system32\dllcache\phon.ime 2009-03-10 02:40 19,840 a------- c:\windows\system32\dllcache\philtune.sys 2009-03-10 02:40 92,416 a------- c:\windows\system32\dllcache\phildec.sys 2009-03-10 02:40 173,696 a------- c:\windows\system32\dllcache\philcam2.sys 2009-03-10 02:38 54,186 a------- c:\windows\system32\dllcache\otcsercb.sys 2009-03-10 02:37 27,936 a------- c:\windows\system32\dllcache\n9i3d.sys 2009-03-10 02:36 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys 2009-03-10 02:35 58,880 a------- c:\windows\system32\dllcache\m3092dc.dll 2009-03-10 02:34 8,704 a------- c:\windows\system32\dllcache\kbdjpn.dll 2009-03-10 02:33 20,480 a------- c:\windows\system32\dllcache\icam5ext.dll 2009-03-10 02:32 199,711 a------- c:\windows\system32\dllcache\hsf_faxx.sys 2009-03-10 02:31 17,408 a------- c:\windows\system32\dllcache\gpr400.sys 2009-03-10 02:30 137,088 a------- c:\windows\system32\dllcache\essm2e.sys 2009-03-10 02:29 8,704 a------- c:\windows\system32\dllcache\dot4scan.sys 2009-03-10 02:28 27,648 a------- c:\windows\system32\dllcache\cyyports.dll 2009-03-10 02:27 195,618 a------- c:\windows\system32\dllcache\c_10002.nls 2009-03-10 02:26 10,880 a------- c:\windows\system32\dllcache\admjoy.sys 2009-03-09 22:29 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-03-09 22:17 <DIR> --d----- c:\program files\K-Lite Codec Pack 2009-03-09 20:14 15,688 a------- c:\windows\system32\lsdelete.exe 2009-03-09 05:58 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-03-09 05:58 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-03-09 04:26 2,148 a------- c:\windows\system32\wpa.dbl 2009-03-08 17:25 <DIR> --d----- c:\program files\Super Internet TV 2009-03-08 03:48 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}(2) 2009-03-07 22:48 3 a------- c:\windows\system32\bactname 2009-03-07 18:58 <DIR> --d----- c:\program files\Trend Micro 2009-02-24 23:05 <DIR> --d----- C:\Heroes of Might and Magic III Complete 2009-02-22 20:21 <DIR> --d----- c:\program files\vSoft 2009-02-22 20:13 1,772,288 a------- c:\docume~1\harry\applic~1\Integrator.exe 2009-02-12 17:30 <DIR> --d----- c:\program files\vanBasco's Karaoke Player ==================== Find3M ==================== 2009-03-01 17:47 139,152 a------- c:\docume~1\harry\applic~1\GDIPFONTCACHEV1.DAT 2009-02-10 22:12 796,672 a------- c:\windows\GPInstall.exe 2009-02-09 20:56 67,584 a------- c:\windows\system32\ff_vfw.dll 2009-01-28 19:06 98,304 a------- c:\windows\system32\CmdLineExt.dll 2008-12-24 17:18 1,969 a------- c:\windows\system32\mmf.sys 2008-12-22 15:48 2,396 a------- c:\windows\eReg.dat 2008-12-01 19:16 88 a--shr-- c:\docume~1\alluse~1\applic~1\BF835C99C3.sys 2008-12-01 19:16 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2008-08-23 19:39 94,208 a------- c:\docume~1\harry\applic~1\ezplay.sys 2008-08-23 19:38 47,360 a------- c:\docume~1\harry\applic~1\pcouffin.sys 2008-06-17 19:28 38 a------- c:\documents and settings\harry\A.BAT 1999-09-26 15:25 589,824 a------- c:\documents and settings\harry\VOBMerger.exe 2008-03-10 04:06 66,936 a--sh--- c:\windows\dlinfo_0.drv 2006-11-08 21:14 104 ---shr-- c:\windows\system32\C3995C83BF.sys ============= FINISH: 19:50:34.64 =============== Attach.zip Attach.zip
  2. Harry1
    Does my system have a trojan or is it ok? system configuration backup is coming up as a trojan and the file associated with this in the registry (sysdate.exe) seems to be bad. sysdate.exe is nowhere on my system as I deleted everything from c:\recycler. Anti-malware finds a registry entry infected but will not delete it. Here's my anit-malware logfile and hijackthis logfile: Malwarebytes' Anti-Malware 1.34 Database version: 1837 Windows 5.1.2600 Service Pack 2 13/03/2009 12:37:55 AM mbam-log-2009-03-13 (00-37-54).txt Scan type: Quick Scan Objects scanned: 74622 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system configuration backup (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:29:11 AM, on 13/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\system32\PRISMSVR.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PRISMSVC.EXE c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Logitech\Profiler\lwemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i-choice.com.cy/user_site.asp O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {5D7C8712-AAB5-4766-8E18-DC9A84F564E5} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [system configuration backup] C:\RECYCLER\S-1-5-21-8837846407-3411793962-273322305-3591\sysdate.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Intel
  3. Harry1
    Is the following OK? HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system configuration backup (Trojan.Agent) -> No action taken. In the the registry, there is an entry in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run called system configuration backup with the data C:\RECYCLER\S-1-5-21-8837846407-3411793962-273322305-3591\sysdate.exe Is sysdate.exe a trojan? I tried disabling sysdate in autoruns but it's telling me the file isn't found. It's in the Logon tab and points to the registry twice. It points to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run with a tick next to it and to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled without the tick. Since the file isn't in c:\recycler, does that mean my system is clean? Anti-malware deletes system configuration backup (Trojan.Agent) but whe I run the scan again it always returns. Sysdate also always comes back to the registry even though disabled by msconfig. Any help is appreciated because I'm sure syschk is bad but since the file isn't there I can't be sure.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.