Jump to content

whiterose

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

About whiterose

  • Birthday 9/6/1961

Personal Information

  • Occupation
    Electronics/Electrical Eng

Tech Info

  • Experience
    some_experience
  • System: windows_xp_home

whiterose's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. whiterose
    Had to abort Activescan. It was running for 3 hours and still only 31% of way thru! It was ticking over at one file every 20sec or so...Cant be right...can it? regards, Chris
  2. whiterose
    Trojan infection Right, here is the Hijack report that should have been on the last post.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:45:14, on 09/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\S3tray2.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - C:\PROGRA~1\ORANGE~1\TOOLBA~4.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer255.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Update Service (gupdate1c9b6c16b61bf62) (gupdate1c9b6c16b61bf62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe -- End of file - 4435 bytes regards,Chris
  3. whiterose
    Trojan infection Evening people, I did what follows as a quick reply but Im not sure if it was successful so am doing it again. ==================================== ComboFix 09-10-08.03 - User 09/10/2009 20:25.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.735.423 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\system32\149523544.sys" "c:\windows\system32\drivers\bed231b.sys" "c:\windows\system32\drivers\btsc6d5.sys" "c:\windows\system32\drivers\crl9444.sys" "c:\windows\system32\drivers\dtsb44e.sys" "c:\windows\system32\drivers\ehf9f23.sys" "c:\windows\system32\drivers\fgf0625.sys" "c:\windows\system32\drivers\fih96d2.sys" "c:\windows\system32\drivers\gqo69a0.sys" "c:\windows\system32\drivers\htrf884.sys" "c:\windows\system32\drivers\jkia364.sys" "c:\windows\system32\drivers\jmk0b9f.sys" "c:\windows\system32\drivers\lkjc280.sys" "c:\windows\system32\drivers\ntr5541.sys" "c:\windows\system32\drivers\pfef197.sys" "c:\windows\system32\drivers\qedc204.sys" "c:\windows\system32\drivers\qqp4897.sys" "c:\windows\system32\drivers\rec45cf.sys" "c:\windows\system32\drivers\tcbc210.sys" "c:\windows\system32\sdra64.exe" . ((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 ))))))))))))))))))))))))))))))) . 2009-10-08 07:35 . 2009-10-08 07:35 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2009-10-08 07:35 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-08 07:35 . 2009-10-08 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-08 07:35 . 2009-10-08 07:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 07:35 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-07 14:42 . 2009-10-07 14:42 -------- d-----w- c:\program files\Trend Micro 2009-09-23 17:18 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-08 08:49 . 2008-12-24 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-08-19 08:38 . 2009-04-02 22:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-19 08:38 . 2009-04-02 22:35 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-19 08:38 . 2009-04-02 22:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-05 09:01 . 2007-01-09 09:27 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2007-01-09 09:23 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-12 11:21 . 2007-01-09 09:28 233472 ----a-w- c:\windows\system32\wmpdxm.dll . ((((((((((((((((((((((((((((( SnapShot@2009-10-08_09.28.19 ))))))))))))))))))))))))))))))))))))))))) . + 2007-01-09 09:28 . 2008-04-14 00:12 26624 c:\windows\system32\dllcache\startoc.dll + 2007-01-09 09:28 . 2008-04-13 16:43 62976 c:\windows\system32\dllcache\spgrmr.dll + 2008-02-16 12:38 . 2008-04-14 00:12 65536 c:\windows\system32\dllcache\oledb32r.dll + 2007-01-09 09:27 . 2008-04-14 00:12 57344 c:\windows\system32\dllcache\ndisnpp.dll + 2008-02-16 12:38 . 2008-04-14 00:12 24576 c:\windows\system32\dllcache\msxactps.dll + 2007-01-09 09:26 . 2008-04-14 00:12 39936 c:\windows\system32\dllcache\mslwvtts.dll + 2008-02-16 12:38 . 2008-04-14 00:11 36864 c:\windows\system32\dllcache\msdfmap.dll + 2008-02-16 12:38 . 2008-04-14 00:11 20480 c:\windows\system32\dllcache\msdatt.dll + 2008-02-16 12:38 . 2008-04-14 00:11 94208 c:\windows\system32\dllcache\msdatl3.dll + 2008-02-16 12:38 . 2008-04-13 17:26 16384 c:\windows\system32\dllcache\msdasqlr.dll + 2008-02-16 12:38 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msdaremr.dll + 2008-02-16 12:38 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msdaprsr.dll + 2008-02-16 12:38 . 2008-04-14 00:11 77824 c:\windows\system32\dllcache\msdaosp.dll + 2008-02-16 12:38 . 2008-04-13 17:24 16384 c:\windows\system32\dllcache\msdaorar.dll + 2008-02-16 12:38 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\msadrh15.dll + 2008-02-16 12:38 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\msador15.dll + 2008-02-16 12:38 . 2008-04-13 17:26 24576 c:\windows\system32\dllcache\msader15.dll + 2008-02-16 12:38 . 2008-04-13 17:25 24576 c:\windows\system32\dllcache\msaddsr.dll + 2008-02-16 12:38 . 2008-04-14 00:11 53248 c:\windows\system32\dllcache\msadcs.dll + 2008-02-16 12:38 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msadcor.dll + 2008-02-16 12:38 . 2008-04-13 17:25 16384 c:\windows\system32\dllcache\msadcfr.dll + 2008-02-16 12:38 . 2008-04-14 00:11 61440 c:\windows\system32\dllcache\msadcf.dll + 2008-02-16 12:38 . 2008-04-13 17:25 20480 c:\windows\system32\dllcache\msadcer.dll + 2007-01-09 09:26 . 2008-04-14 00:11 19968 c:\windows\system32\dllcache\log.dll + 2008-02-16 12:38 . 2008-04-14 00:12 20480 c:\windows\system32\dllcache\inetwiz.exe + 2008-02-16 12:38 . 2008-04-14 00:11 49152 c:\windows\system32\dllcache\icwutil.dll + 2008-02-16 12:38 . 2008-04-14 00:12 24576 c:\windows\system32\dllcache\icwrmind.exe + 2008-02-16 12:38 . 2008-04-14 00:11 32768 c:\windows\system32\dllcache\icwdl.dll + 2008-02-16 12:38 . 2008-04-14 00:12 86016 c:\windows\system32\dllcache\icwconn2.exe + 2008-02-16 12:38 . 2008-04-14 00:11 61440 c:\windows\system32\dllcache\icwconn.dll + 2009-01-16 16:52 . 2008-04-13 16:44 17920 c:\windows\system32\dllcache\cobramsg.dll + 2007-01-09 09:23 . 2008-04-14 00:11 24064 c:\windows\system32\dllcache\agtintl.dll + 2007-01-09 09:23 . 2007-04-02 18:26 20480 c:\windows\system32\dllcache\agt0c0a.dll + 2007-01-09 09:23 . 2007-04-02 18:26 20992 c:\windows\system32\dllcache\agt0816.dll + 2008-02-16 12:25 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt041f.dll + 2007-01-09 09:23 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt041d.dll + 2008-02-16 12:25 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0419.dll + 2007-01-09 09:23 . 2007-04-02 18:26 20480 c:\windows\system32\dllcache\agt0416.dll + 2008-02-16 12:25 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0415.dll + 2007-01-09 09:23 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0414.dll + 2007-01-09 09:23 . 2007-04-02 18:26 20992 c:\windows\system32\dllcache\agt0413.dll + 2007-01-09 09:23 . 2007-04-02 18:26 20992 c:\windows\system32\dllcache\agt0410.dll + 2008-02-16 12:25 . 2007-04-02 18:26 19968 c:\windows\system32\dllcache\agt040e.dll + 2007-01-09 09:23 . 2007-04-02 18:26 21504 c:\windows\system32\dllcache\agt040c.dll + 2007-01-09 09:23 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt040b.dll + 2008-02-16 12:25 . 2007-04-02 18:26 22016 c:\windows\system32\dllcache\agt0408.dll + 2007-01-09 09:23 . 2007-04-02 18:26 21504 c:\windows\system32\dllcache\agt0407.dll + 2007-01-09 09:23 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0406.dll + 2008-02-16 12:25 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0405.dll + 2007-01-09 09:23 . 2008-04-14 00:11 44032 c:\windows\system32\dllcache\agentsr.dll + 2007-01-09 09:23 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\agentdpv.dll + 2007-01-09 09:23 . 2008-04-14 00:11 24064 c:\windows\system32\dllcache\agentanm.dll + 2008-02-16 12:39 . 2008-04-14 00:12 5632 c:\windows\system32\dllcache\wmm2res2.dll + 2008-02-16 12:39 . 2008-04-14 00:12 7680 c:\windows\system32\dllcache\wmm2ext.dll + 2008-02-16 12:39 . 2008-04-14 00:12 4096 c:\windows\system32\dllcache\wmm2eres.dll + 2008-02-16 12:38 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdaurl.dll + 2008-02-16 12:38 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdasc.dll + 2008-02-16 12:38 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdaer.dll + 2008-02-16 12:38 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdaenum.dll + 2008-02-16 12:38 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\msdadc.dll + 2008-02-16 12:39 . 2008-04-14 00:12 325632 c:\windows\system32\dllcache\wmm2fxb.dll + 2008-02-16 12:39 . 2008-04-14 00:12 502272 c:\windows\system32\dllcache\wmm2fxa.dll + 2008-02-16 12:39 . 2008-04-14 00:12 402432 c:\windows\system32\dllcache\wmm2filt.dll + 2008-02-16 12:39 . 2008-04-14 00:12 167936 c:\windows\system32\dllcache\wmm2ae.dll + 2009-01-16 16:58 . 2008-04-14 00:12 173568 c:\windows\system32\dllcache\sysmoda.dll + 2007-01-09 09:28 . 2008-04-14 00:12 193024 c:\windows\system32\dllcache\sysmod.dll + 2008-02-16 12:38 . 2008-04-14 00:12 217088 c:\windows\system32\dllcache\sqlxmlx.dll + 2007-01-09 09:28 . 2008-04-14 00:12 110592 c:\windows\system32\dllcache\sqlse20.dll + 2007-01-09 09:28 . 2008-04-14 00:12 462848 c:\windows\system32\dllcache\sqlqp20.dll + 2007-01-09 09:28 . 2008-04-14 00:12 151552 c:\windows\system32\dllcache\sqldb20.dll + 2009-01-16 16:58 . 2008-04-13 18:40 576512 c:\windows\system32\dllcache\sprc0424.dll + 2009-01-16 16:58 . 2008-04-13 18:40 577536 c:\windows\system32\dllcache\sprc041b.dll + 2007-01-09 09:28 . 2008-04-13 18:38 732160 c:\windows\system32\dllcache\sprb0424.dll + 2007-01-09 09:28 . 2008-04-13 18:38 757248 c:\windows\system32\dllcache\sprb041b.dll + 2007-01-09 09:28 . 2008-04-13 18:35 192512 c:\windows\system32\dllcache\spra0424.dll + 2007-01-09 09:28 . 2008-04-13 18:35 192512 c:\windows\system32\dllcache\spra041b.dll + 2007-01-09 09:28 . 2008-04-14 00:12 130048 c:\windows\system32\dllcache\softkbd.dll + 2009-01-16 16:58 . 2008-04-14 00:12 199680 c:\windows\system32\dllcache\scripta.dll + 2007-01-09 09:27 . 2008-04-14 00:12 215552 c:\windows\system32\dllcache\script.dll + 2008-02-16 12:25 . 2008-04-14 00:12 741376 c:\windows\system32\dllcache\sapi.dll + 2008-02-16 12:36 . 2008-04-14 00:12 281088 c:\windows\system32\dllcache\pinball.exe + 2007-01-09 09:27 . 2008-04-13 18:40 408576 c:\windows\system32\dllcache\obrb0424.dll + 2007-01-09 09:27 . 2008-04-13 18:40 405504 c:\windows\system32\dllcache\obrb041b.dll + 2008-02-16 12:38 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll + 2008-02-16 12:38 . 2008-04-14 00:11 315392 c:\windows\system32\dllcache\msdasql.dll + 2008-02-16 12:38 . 2008-04-14 00:11 118784 c:\windows\system32\dllcache\msdarem.dll + 2008-02-16 12:38 . 2008-04-14 00:11 204800 c:\windows\system32\dllcache\msdaps.dll + 2008-02-16 12:38 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msdaprst.dll + 2008-02-16 12:38 . 2008-04-14 00:11 233472 c:\windows\system32\dllcache\msdaora.dll + 2007-01-09 09:26 . 2008-04-14 00:11 220160 c:\windows\system32\dllcache\mscandui.dll + 2008-02-16 12:38 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll + 2008-02-16 12:38 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll + 2008-02-16 12:38 . 2008-04-14 00:11 155648 c:\windows\system32\dllcache\msadds.dll + 2009-01-16 16:55 . 2008-04-14 00:11 261120 c:\windows\system32\dllcache\migisma.dll + 2007-01-09 09:26 . 2008-04-14 00:11 274432 c:\windows\system32\dllcache\migism.dll + 2008-02-16 12:38 . 2008-04-14 00:11 172032 c:\windows\system32\dllcache\icwhelp.dll + 2008-02-16 12:38 . 2008-04-14 00:12 214528 c:\windows\system32\dllcache\icwconn1.exe + 2009-01-16 16:53 . 2008-04-14 00:11 115200 c:\windows\system32\dllcache\guitrna.dll + 2007-01-09 09:25 . 2008-04-14 00:11 133120 c:\windows\system32\dllcache\guitrn.dll + 2008-02-16 12:43 . 2008-04-14 00:11 618605 c:\windows\system32\dllcache\fp4autl.dll + 2007-01-09 09:23 . 2008-04-14 00:11 214016 c:\windows\system32\dllcache\agentctl.dll + 2007-01-09 09:23 . 2008-04-14 00:11 116224 c:\windows\system32\dllcache\acxtrnal.dll + 2007-01-09 09:23 . 2008-04-14 00:11 245248 c:\windows\system32\dllcache\acspecfc.dll + 2007-01-09 09:23 . 2008-04-14 00:11 141312 c:\windows\system32\dllcache\aclua.dll + 2007-01-09 09:23 . 2008-04-14 00:11 451072 c:\windows\system32\dllcache\aclayers.dll + 2008-02-16 12:39 . 2008-04-14 00:11 3166208 c:\windows\system32\dllcache\msgr3en.dll + 2008-02-16 12:39 . 2008-04-14 00:12 3558912 c:\windows\system32\dllcache\moviemk.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-11-17 577536] "S3TRAY2"="S3tray2.exe" - c:\windows\system32\S3tray2.exe [2003-02-25 69632] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-19 08:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/04/2009 23:35 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/04/2009 23:35 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/04/2009 23:34 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/04/2009 23:34 297752] S2 gupdate1c9b6c16b61bf62;Google Update Service (gupdate1c9b6c16b61bf62);c:\program files\Google\Update\GoogleUpdate.exe [06/04/2009 15:10 133104] . Contents of the 'Scheduled Tasks' folder 2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-06 14:09] 2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-06 14:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/home IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-10-09 20:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="REMOVED" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1872) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2009-10-09 20:32 ComboFix-quarantined-files.txt 2009-10-09 19:32 ComboFix2.txt 2009-10-09 10:57 Pre-Run: 32,136,962,048 bytes free Post-Run: 32,131,891,200 bytes free 227 --- E O F --- 2009-09-24 21:09 =============================== Have just been told that text is too long in this message so will have to send Hijack report in seperate. Regards, Chris
  4. whiterose
    Mind you keep your fingers off the pins when you get the chips out and put them on a piece of paper pins down. It doesnt take much static to blow one. CMOS just dont take to big sparks..
  5. whiterose
    trojan infection Tried your suggestion nev..nothing in clipboard just a plain dark grey screen so I have given up and attached..I hope... Just to update...whatever scans have been performed so far have already improved situation. trojan warnings from antivirus have gone and symptoms with them but lets go the whole hog and have a look see. its probably just lurking around a corner in my firmware just WAITING to bite me on the backside! regards, Chris virus rep1.txt ComboFix.txt mbam-log-2009-10-08 (09-07-36).txt
  6. whiterose
    Trojan virus infection Malware and combofix downloads complete and have files on notepad but cant copy/paste reports to this site! Got plastic nevs idiot guide but it wont do it...highlites ok, copies ok(i think..nothing actually happens it just stays as the highlighted screen but I presume its gone to clipboard. Bring up this window alongside notepad,edit,paste..nothing appears on this message window. Tried practising offline to other document locations but no success either way.Im not familiar with this process but Im no novice either. What am I doing wrong. Any suggestions anybody? By the time I have figured this out for myself my trojan will have eaten away at most of my software and will be starting on the wifes slippers! In the words of Terry Wogan....Is it me? :confused:
  7. whiterose
    Sorry about that.I knew as soon as I had sent it that it wasnt the right way to do it but I am not very familiar with the copy and paste method with a notepad message. I just dont copy and paste very much.. and I dont think i have used notepad in my LIFE to be honest. I cant find the icons on this "add new post" toolbar. Give me a quick run down on the steps..
  8. whiterose
    Virus report As requested..hope its attached ok. :confused: virus rep1.txt
  9. whiterose
    I have an HP pavilion with an AMD Athlon running Windows XP Home. I use AVG Free(latest Ed) and have found it quite effective..until now...that is.. Couple of days ago it detected Trojans going by the name of: Trojan Horse Agent2 TVH -------"---- Back Door Agent ACGG and.. -------"---- Win32 cryptor The virus seems to have infected one ore more files in Windows\system32 and cannot be healed permanently so is recurring. It isnt proving a great problem, more of an inconvenience. The main symptom is a "program not responding" when closing down a word document. The program is still actually running fine,it doesnt need rebooting at all. Any ideas on how to locate this or is it too complicated for a novice like me. Can,t understand how its got past the update database to do the damage in the first place. Guess thats why its free.. Any help appreciated
  10. whiterose
    XP to Vista upgrade Sorry about that.I was in a bit of a rush and forgot the important bits..:rolleyes: HP pavilion a 110.uk AMD Athlon(1.67 ghz) AGP graphics with 32mb of vid ram ...was standard 256 ram but just banged in another 500 so now 760..ish.. 40gb hdd but am replacing with 80gb when installing Vista pack. As far asIcan see the only thing I need to ad that I am a bit unsure of is the video card.I expected to just pull out my old one and slot an upgrade card in its place but on this motherboard its integrated.Im taking it that the old one can be driver disabled and the new one after installation can be enabled and it will just take over... in theory.. or am I being a little naive! I had a look at that Vista upgrade info and as far as I can see I have got it pretty much covered.Im just trying to source the video card now. Economy is the key word.Cheap as possible so it does the job and no more.Im not a serious user.Most of my usage is word processing and business work and some private photo printing.If I can get something for 25 quid it,ll do me fine.
  11. whiterose
    Seeing as xp is on its way out in a few years, I have been advised to go to Vista. I have had a few probs with my hdd and a reinstall is on the cards so an upgrade is sensible. Any body have any choices or suggestions for a cost effective video card to satisfy the criteria for vista. i dont need fancy graphics. My mother board has integrated prosavage8 video hardware.can I purchase a suitable card to just plug into the spare channels on the mother board(there are two spare connectors below the modem) and set up a new driver.This should ignore the original video electronics shouldnt it? I dont suppose Vista will run on my present agp graphics will it! Any advice much appreciated as always:D
  12. whiterose
    its not too expensive for either option.I would have to increase ram on this and maybe look at the graphics to do a vista update but thats not too taxing.At least it gives me some reusable software of my own. Im getting to the end of my tether with this to be honest.Its now just cost me a new ext usb hdd. Its put something on it that is now corrupt and wont allow me to read the drive.I think Im going to cut my losses. Thanks for everyones help.Much appreciated.Chris
  13. whiterose
    Yepp.I think I am banging my head against the preverbial...I should have done all this before the the damned horse bolted. I did a chkdsk anyway. If it repaired anything it didnt tell me(doesnt give any report by looks of it) . tried the backup option but of course windows home doesnt HAVE the option,its only on PRO isnt it so forget THAT one! I,ll just wait for the fateful day when it all goes pear shape and let the pc shop reinstall it all again on a new drive.I might try that Knoppix site though and get a bit more info.As I say,its a learning curve for me with the software.Its all knowledge. Any more ideas though I,ll certainly give them a go ps.What does a new xp pack cost these days.Is it silly money.If i could get hold of my own I can do it all myself and cover my backside to boot if it happens again!
  14. whiterose
    Lets leave chkdsk alone then.As far as i can see there is only one partition.i cant see any hidden but I am not sure I would notice one anyway.I only have so much software skill and can only dig so deep. All I have at my disposal is my present machine,a spare hdd identical to the dodgy one and spare connections on the computer to slave the spare to it and 1 x external usb hdd to twice the capacity of the failing internal one so no probs with memory. ...and...this is where the problem lies.I have tried to clone... and ghost...and image but I get within 5% of success and comes up with a read and bad sector error.Whtever I do ,i dont think I can get past that point. I think I am stuffed either way!! Could my os have a bad sector that would defy a full dump but would not give any obvious day to day running probs unless really pushed..as my machine is doing at the moment.This is a strange one to me. What would YOU say is the best and most economical way of solving this problem and having the facilities(back-up) to reinstall if the problem occurs again in the future.THIS as been caused by the pc supplier not giving me a RECOVERY medium...and me not having the experience (at the time ) to ASK for one! You live and learn. regards,Chris
  15. whiterose
    Right.I am hardware and electronics experienced but on a software learning curve. My hdd is playing up.All kinds of error messages,slow to update and operate,freezing screen etc. hdd is making intermittent clunking noise while operating. Tried to do a full drive to drive backup with hdclone, Nero, True image and other software to a slave drive and then an external drive but got within 95% of success and stopped with a read error and bad sector problem. Is this, as i suspect,a hdd going south or minor problems that could be fixed with a scandisc sweep.I suspect the former..or are there files that cannot be accessed and read thus not allowing a straight full download ? Is it possible to just dump the whole shooting match down to a another hdd with the click of a button or is there more to it. When this problem is sorted what do I need to be able to reinstall windows xp to be able to avoid having to go to the pc shop and pay stupid money to have a clean install as I dont have a recovery medium. Any help most appreciated Ps. Does Winnt/32 unattend do the job and ,if so,where can I find my source files to do it
×
×
  • Create New...