Thread: Win32: Trojan-gen
View Single Post
Old 11-18-2008, 03:19 PM   #3 (permalink)
tonitiger7
Registered User
 
Join Date: Nov 2008
Posts: 9
OS: Windows XP


Re: Win32: Trojan-gen
Hi,

I hope I did everything all right. Please let me know if not. I appreciate your help and patience with me.

Thanks!
Tonitiger7


DS (Version 1.0) - NTFSx86
Run by Kayla at 14:50:38.86 on Sun 11/16/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.197 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Kayla\Local Settings\Temporary Internet Files\Content.IE5\BHR0YU4C\dds[1].scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} -
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {96372AB6-15EB-4316-B497-71C741BC548C} - c:\program files\easy gif animator extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: {35065594-9169-4A34-B167-FC4865038E53} - c:\program files\easy gif animator extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {430DDB4F-38CC-4E91-AF33-4157334EC937} - c:\program files\internet content filter\setoolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {35065594-9169-4A34-B167-FC4865038E53} - c:\program files\easy gif animator extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {430DDB4F-38CC-4E91-AF33-4157334EC937} - c:\program files\internet content filter\setoolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ICF] "c:\program files\internet content filter\SafeEyes.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: ICF.dll
Notify: igfxcui - igfxdev.dll
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\windows\system32\upnpui.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe
R3 wacommousefilter;Wacom Mouse Filter Driver;c:\windows\system32\drivers\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;c:\windows\system32\drivers\wacomvhid.sys
R3 WacomVKHid;Virtual Keyboard Driver;c:\windows\system32\drivers\WacomVKHid.sys
S4 Lpnae_ea;Lpnae_ea;

============== File Associations ===============

regfile=*** no open command defined ***

=============== Created Last 30 ================

2008-11-14 18:58 250 a------- c:\windows\gmer.ini
2008-11-13 17:15 <DIR> --d----- c:\program files\Trend Micro
2008-11-13 13:54 <DIR> --d----- c:\program files\CCleaner
2008-11-13 12:23 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-13 12:23 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-13 12:23 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-13 12:23 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-12 02:25 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 02:24 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-03 19:46 <DIR> --d----- c:\program files\Unity
2008-10-25 12:41 23,552 a------- c:\windows\system32\msansspc.dll
2008-10-23 22:21 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-20 15:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2008-11-15 09:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-14 17:51 <DIR> --d----- c:\docume~1\kayla\applic~1\WTablet
2008-11-14 17:36 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-10-20 15:56 <DIR> --d----- c:\program files\iTunes
2008-10-20 15:53 <DIR> --d----- c:\program files\iPod
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-03 11:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-28 18:37 <DIR> --d----- c:\program files\Bonjour
2008-09-27 15:07 <DIR> --d----- c:\program files\Messenger
2008-09-27 10:59 77,915 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-27 10:51 <DIR> --d----- c:\program files\Windows NT
2008-09-17 15:39 <DIR> --d----- c:\program files\Tablet
2008-09-15 06:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 06:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-09 19:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-09 19:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 04:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-09-04 11:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-01 17:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll
2008-08-27 02:24 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-08-26 12:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AOP
2008-08-25 02:38 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 02:37 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-08-22 23:56 635,848 -------- c:\windows\system32\dllcache\iexplore.exe
2008-08-22 23:54 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-06-21 21:24 <DIR> --d----- c:\docume~1\kayla\applic~1\AVGTOOLBAR
2008-05-13 16:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2008-03-09 10:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Knowledge Adventure
2008-01-27 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SupportSoft
2008-01-27 15:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Dell
2007-10-11 15:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Broderbund Software
2007-08-14 11:59 <DIR> --d----- c:\docume~1\kayla\applic~1\AOP
2007-07-06 09:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kodak
2006-06-09 15:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Macrovision
2005-10-24 12:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2005-09-06 21:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Dell Photo Printer 720
2005-08-23 05:32 <DIR> --d----- c:\docume~1\kayla\applic~1\Symantec
2005-08-23 05:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2005-08-23 05:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2005-08-23 05:22 <DIR> --d----- c:\docume~1\kayla\applic~1\Jasc Software Inc
2004-08-10 12:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 14:51:29.09 ===============
Attached Files
File Type: txt gmer.txt (8.3 KB, 1 views)
File Type: txt Attach.txt (12.1 KB, 3 views)
tonitiger7 is offline