|
Answer» I know I have a trojan, things wrong with it, when i turn on pc i have to pick user account, NEVER did that before, plus my clock never stays the right time the minutes yes but never the hours.
here are the posts: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Malwarebytes' Anti-Malware 1.30
Database version: 1370
Windows 5.1.2600 Service Pack 2
11/6/2008 9:59:03 PM
mbam-log-2008-11-06 (21-59-03).txt
Scan type: Quick Scan
Objects scanned: 47865
Time elapsed: 17 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
REGISTRY KEYS Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/06/2008 at 09:14 PM
Application Version : 4.21.1004
Core Rules Database Version : 3622
Trace Rules Database Version: 1606
Scan type : Complete Scan
Total Scan Time : 00:40:36
Memory items scanned : 500
Memory threats detected : 0
Registry items scanned : 4224
Registry threats detected : 0
File items scanned : 11931
File threats detected : 75
Adware.Tracking Cookie
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][3].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:36 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AirLink101\AWLL3025V2\ZDWlan.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Final Draft 7\Final Draft.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search PAGE = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\AirLink101\AWLL3025V2\ZDWlan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207948767812
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9530 bytes
This does not appear to be a malware issue. I suggest making a new topic in the Microsoft Windows forum so they can help you figure out what all is wrong.this is a computer store copy of windows,,,, with my last pc I had a store copy of windows I downloaded updates and it crashed my computer.
I have this trojan from a bad music file, it came on this one tim ewhen i was loading songs to my mp3 player. We can do a more thorough scan and find anything that might be there.
Run the Kaspersky Online Scanner
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
- Click on SCAN NOW
- Click Accept.
- The program will then begin downloading the latest DEFINITION files.
- Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
- The scan will take a while, so be patient and let it finish.
When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As- Next, in the Save as prompt, Save in area, select: Desktop.
- In the File name area use KScan, or something similar.
- In Save as type: click the drop arrow and select: Text file [*.txt]
- Then, click: Save
Copy and paste the Kaspersky Online Scanner Report in your next reply.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.i don't have vista , I have windows xp, and I think not 100% but it might not be like a real copy, like I didn't by the xp cd from a store or what not. It's either a legal copy or it isn't. Like you know.
|
