1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive trojan horse adload_r.akj

Discussion in 'Malware and Virus Removal Archive' started by bigmreds64, 2010/09/03.

Thread Status:
Not open for further replies.
  1. 2010/09/03
    bigmreds64

    bigmreds64 Inactive Thread Starter

    Joined:
    2010/09/03
    Messages:
    1
    Likes Received:
    0
    [Inactive] trojan horse adload_r.akj

    kj
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by lloyd at 12:07:21.67 on Fri 09/03/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.595 [GMT -4:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSA.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\Plus\TranscodingService.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Documents and Settings\lloyd\Local Settings\Apps\2.0\P51M5Y1H.27P\TEH19V7W.VWR\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AVG\AVG9\avgui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\lloyd\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: ShopperReports: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shopperreports3\bin\3.0.489.0\ShopperReports.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: ShopperReports "“ Price Comparison: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shopperreports3\bin\3.0.489.0\ShopperReports.dll
    uRun: [<NO NAME>]
    uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [TivoServer] c:\program files\tivo\desktop\TiVoServer.exe /service /registry /auto:TivoServer
    uRun: [TivoTransfer] c:\program files\tivo\desktop\TiVoTransfer.exe
    uRun: [TivoNotify] c:\program files\tivo\desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
    uRun: [TranscodingService] c:\program files\tivo\desktop\plus\\TranscodingService.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [<NO NAME>]
    mRun: [HBLiteSA] "c:\program files\hblite\bin\11.0.258.0\HBLiteSA.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    StartupFolder: c:\documents and settings\lloyd\start menu\programs\startup\CurseClientStartup.ccip
    StartupFolder: c:\docume~1\lloyd\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shopperreports3\bin\3.0.489.0\ShopperReports.dll
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shopperreports3\bin\3.0.489.0\ShopperReports.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280862406062
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280862381171
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\lloyd\applic~1\mozilla\firefox\profiles\yf8ib7oh.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\hblite\bin\11.0.258.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-2 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-2 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-2 243024]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-2 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-2 308136]
    S2 QuestDns Service;QuestDns Service;c:\documents and settings\all users\application data\questdns\questdns115.exe [2010-8-21 57608]
    S4 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2010-5-17 1104656]

    =============== Created Last 30 ================

    2010-09-03 00:36:42 0 d--h--w- C:\$AVG
    2010-09-03 00:26:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-09-03 00:26:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-09-03 00:26:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-09-03 00:26:36 0 d-----w- c:\windows\system32\drivers\Avg
    2010-09-03 00:22:07 0 d-----w- c:\program files\AVG
    2010-09-03 00:21:39 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-09-03 00:13:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-03 00:00:04 0 d-----w- c:\windows\system32\wbem\Repository
    2010-09-01 02:02:52 0 d-----w- c:\program files\Game Elements
    2010-08-31 21:09:07 0 d-----w- c:\program files\TorrentMan
    2010-08-31 21:09:00 0 d-----w- c:\program files\BitLord
    2010-08-30 19:24:09 652 ------w- c:\windows\hpomdl36.dat.temp
    2010-08-30 19:24:09 166525 ------w- c:\windows\hpoins36.dat.temp
    2010-08-30 19:20:10 0 d-----w- c:\program files\common files\Hewlett-Packard
    2010-08-30 19:18:09 0 d-----w- c:\program files\HP
    2010-08-30 19:16:47 652 ------w- c:\windows\hpomdl36.dat
    2010-08-30 19:16:47 161136 ----a-w- c:\windows\hpoins36.dat
    2010-08-18 16:23:08 0 d-----w- c:\program files\TiVo
    2010-08-18 16:23:08 0 d-----w- c:\docume~1\alluse~1\applic~1\TiVo
    2010-08-18 16:22:57 0 d-----w- c:\program files\Bonjour
    2010-08-16 04:56:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
    2010-08-16 04:53:58 36734 ----a-w- c:\windows\system32\OggDSuninst.exe
    2010-08-16 04:51:20 0 d-----w- c:\program files\Trymedia
    2010-08-16 04:51:03 0 d-----w- c:\program files\Valusoft
    2010-08-13 16:10:29 0 d-----w- c:\program files\common files\DivX Shared
    2010-08-13 16:06:05 0 d-----w- c:\program files\DivX
    2010-08-13 16:05:37 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-08-13 03:52:58 0 d-----w- c:\program files\Windows Media Connect 2
    2010-08-05 13:32:28 0 d-----w- c:\docume~1\lloyd\applic~1\LimeWire
    2010-08-04 23:07:26 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat

    ==================== Find3M ====================

    2010-08-04 05:20:01 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-08-03 16:14:47 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
    2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe
    2010-06-09 23:01:10 123888 ------w- c:\windows\system32\pxcpyi64.exe

    ============= FINISH: 12:08:26.19 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/3/2010 12:20:06 PM
    System Uptime: 9/2/2010 11:59:55 PM (13 hours ago)

    Motherboard: Dell Computer Corp. | | 0C2425
    Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | Microprocessor | 2525/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 401.957 GiB free.
    D: is FIXED (NTFS) - 75 GiB total, 32.65 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Video Controller
    Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
    Manufacturer:
    Name: Video Controller
    PNP Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
    Service:

    ==== System Restore Points ===================

    RP1: 8/3/2010 12:24:12 PM - System Checkpoint
    RP2: 8/3/2010 12:25:52 PM - Installed Broadcom 440x 10/100 Integrated Controller
    RP3: 8/3/2010 12:34:48 PM - Installed Broadcom Management Programs
    RP4: 8/3/2010 12:47:31 PM - Installed Windows Installer KB893803v2.
    RP5: 8/3/2010 12:50:07 PM - Installed DirectX 9.0
    RP6: 8/3/2010 12:50:33 PM - Installed AVIVO Codecs
    RP7: 8/3/2010 12:51:09 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP8: 8/3/2010 12:51:28 PM - Installed ATI Catalyst Control Center
    RP9: 8/3/2010 12:52:16 PM - Installed ATI Parental Control & Encoder
    RP10: 8/3/2010 8:56:16 PM - Configured Broadcom 440x 10/100 Integrated Controller
    RP11: 8/3/2010 9:04:11 PM - Installed Broadcom Advanced Control Suite
    RP12: 8/3/2010 9:14:38 PM - Configured Broadcom 440x 10/100 Integrated Controller
    RP13: 8/3/2010 9:17:45 PM - Configured Broadcom 440x 10/100 Integrated Controller
    RP14: 8/3/2010 10:04:40 PM - Installed Windows XP Service Pack 2.
    RP15: 8/3/2010 10:15:16 PM - Software Distribution Service 3.0
    RP16: 8/3/2010 10:29:34 PM - Software Distribution Service 3.0
    RP17: 8/3/2010 10:53:31 PM - Software Distribution Service 3.0
    RP18: 8/3/2010 11:17:15 PM - Software Distribution Service 3.0
    RP19: 8/4/2010 3:00:14 AM - Software Distribution Service 3.0
    RP20: 8/5/2010 3:00:15 AM - Software Distribution Service 3.0
    RP21: 8/6/2010 3:18:15 AM - System Checkpoint
    RP22: 8/7/2010 4:49:56 AM - System Checkpoint
    RP23: 8/8/2010 5:29:29 AM - System Checkpoint
    RP24: 8/9/2010 6:45:26 AM - System Checkpoint
    RP25: 8/10/2010 7:41:29 AM - System Checkpoint
    RP26: 8/11/2010 3:00:14 AM - Software Distribution Service 3.0
    RP27: 8/12/2010 3:24:27 AM - System Checkpoint
    RP28: 8/12/2010 11:45:25 PM - Installed Windows Media Player 11
    RP29: 8/12/2010 11:51:05 PM - Software Distribution Service 3.0
    RP30: 8/13/2010 3:00:14 AM - Software Distribution Service 3.0
    RP31: 8/14/2010 3:00:15 AM - Software Distribution Service 3.0
    RP32: 8/15/2010 3:01:10 AM - System Checkpoint
    RP33: 8/16/2010 3:00:14 AM - Software Distribution Service 3.0
    RP34: 8/17/2010 3:01:10 AM - System Checkpoint
    RP35: 8/18/2010 3:18:33 AM - System Checkpoint
    RP36: 8/18/2010 12:22:56 PM - Installed Bonjour
    RP37: 8/18/2010 12:23:05 PM - Installed TiVo Desktop 2.8.1
    RP38: 8/19/2010 1:18:33 PM - System Checkpoint
    RP39: 8/20/2010 10:43:13 PM - System Checkpoint
    RP40: 8/21/2010 11:46:56 PM - System Checkpoint
    RP41: 8/23/2010 12:17:15 AM - System Checkpoint
    RP42: 8/24/2010 12:57:58 AM - System Checkpoint
    RP43: 8/25/2010 1:53:55 AM - System Checkpoint
    RP44: 8/26/2010 2:40:26 AM - System Checkpoint
    RP45: 8/27/2010 3:40:26 AM - System Checkpoint
    RP46: 8/28/2010 4:40:26 AM - System Checkpoint
    RP47: 8/29/2010 5:40:26 AM - System Checkpoint
    RP48: 8/30/2010 6:40:26 AM - System Checkpoint
    RP49: 8/31/2010 6:38:26 PM - System Checkpoint
    RP50: 8/31/2010 10:12:13 PM - Installed Windows Media Player 11
    RP51: 8/31/2010 10:13:31 PM - Installed Windows XP MSCompPackV1.
    RP52: 8/31/2010 11:41:06 PM - Installed Windows Media Player 11
    RP53: 8/31/2010 11:42:19 PM - Installed Windows XP MSCompPackV1.
    RP54: 9/1/2010 3:00:15 AM - Software Distribution Service 3.0
    RP55: 9/1/2010 9:23:43 PM - Restore Operation
    RP56: 9/2/2010 7:38:35 PM - Restore Operation
    RP57: 9/2/2010 7:51:58 PM - Restore Operation
    RP58: 9/2/2010 8:21:39 PM - Installed AVG Free 9.0

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    AIM 7
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    ATI Parental Control & Encoder
    AVG Free 9.0
    AVIVO Codecs
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    Broadcom Advanced Control Suite
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Spanish
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Spanish
    Construction Destruction
    Curse Client
    Dell ResourceCD
    Direct Show Ogg Vorbis Filter (remove only)
    DivX Setup
    Download Updater (AOL LLC)
    Hotbar
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Java(TM) 6 Update 16
    LimeWire 5.3.6
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.6.8)
    QuestDns 1.0 build 115
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    ShopperReports
    Skins
    SoundMAX
    TiVo Desktop 2.8.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    World of Warcraft

    ==== Event Viewer Messages From Past Week ========

    9/2/2010 9:44:53 AM, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 000D560B7874 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    9/2/2010 9:02:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QuestDns Service service to connect.
    9/2/2010 7:38:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
    9/2/2010 7:38:40 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    9/2/2010 7:38:40 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/2/2010 7:38:40 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/2/2010 7:38:40 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    9/2/2010 7:38:40 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/2/2010 7:37:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/2/2010 7:37:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    ==== End Of File ===========================
    and i have a trojan horse adload_r.akj
     
    bigmreds64,
    #1
  2. 2010/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, provide more info about your computer issues.

    Then....

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...