Member Avatar for Luwie

I'm having bit of problems with trojans.
Malwarebytes deleted alg.exe from register, which i'm almost sure is something windows 7 needs for internet
(application layer gateway service)
See attachments

thanks!

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 31/12/2009 13:44:24
System Uptime: 1/03/2010 11:52:02 (-1356 hours ago)

Motherboard: ASUSTeK Computer INC. |  | P7P55D
Processor: Intel(R) Core(TM) i7 CPU         860  @ 2.80GHz | LGA1156 | 1176/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 70,251 GiB free.
D: is FIXED (NTFS) - 834 GiB total, 560,766 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: 
Description: 
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&2D87D632&0&09F0
Manufacturer: 
Name: 
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&2D87D632&0&09F0
Service: 

==== System Restore Points ===================

RP19: 1/01/2010 18:48:23 - Removed Steam
RP20: 1/01/2010 18:50:03 - Installed Steam
RP21: 1/01/2010 18:54:31 - Removed Steam
RP22: 1/01/2010 18:55:19 - Installed Steam
RP24: 1/01/2010 19:12:28 - Removed Grand Theft Auto IV
RP25: 1/01/2010 19:13:11 - Removed Rockstar Games Social Club
RP26: 1/01/2010 19:13:34 - Removed Microsoft Games for Windows - LIVE
RP27: 1/01/2010 19:13:49 - Removed Microsoft Games for Windows - LIVE Redistributable
RP28: 1/01/2010 19:15:08 - Installed Rockstar Games Social Club
RP30: 1/01/2010 19:15:47 - Installed Grand Theft Auto IV
RP32: 1/01/2010 19:19:39 - Installed DirectX
RP33: 1/01/2010 20:45:35 - Removed Rockstar Games Social Club
RP35: 1/01/2010 20:46:00 - Removed Grand Theft Auto IV
RP36: 1/01/2010 21:35:13 - Installed Rockstar Games Social Club
RP38: 1/01/2010 21:35:48 - Installed Grand Theft Auto IV
RP39: 2/01/2010 2:11:17 - Installed Nero 8 Trial. Available with Windows Installer version 1.2 and later.
RP40: 2/01/2010 14:59:26 - Windows Update
RP42: 2/01/2010 15:05:55 - Microsoft Antimalware Checkpoint
RP43: 3/01/2010 22:51:44 - Installed HiJackThis

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Alt.Binz 0.25.0
AMD DnD V1.0.19
AndrewLabs ATSurround for Winamp
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CloneCD
ESET Online Scanner v3
Foxit Reader
Grand Theft Auto IV
Half-Life
HiJackThis
JMicron JMB36X Driver
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Antimalware
Microsoft Antimalware Service NL-NL Language Pack
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Nero 8
neroxml
QuickPar 0.9
Realtek 8136 8168 8169 Ethernet Driver
Rockstar Games Social Club
Steam
Symantec Endpoint Protection Small Business Edition
SyncBack
ToCA Race Driver 3
Winamp
WinRAR archiver

==== Event Viewer Messages From Past Week ========

31/12/2009 15:25:27, Error: Service Control Manager [7030]  - The Symantec Management Client service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
31/12/2009 14:18:43, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
3/01/2010 18:53:02, Error: Service Control Manager [7000]  - The COH_Mon service failed to start due to the following error:  This driver has been blocked from loading
3/01/2010 12:53:00, Error: Application Popup [875]  - Driver COH_Mon.sys has been blocked from loading.
2/01/2010 17:15:19, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.  	Feature: Behavior Monitoring  	Error Code: 0x80004005  	Error description: Unspecified error   	Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/01/2010 20:49:37, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
1/01/2010 20:49:37, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
DDS (Ver_09-12-01.01) - NTFSx86  
Run by A at 23:29:56,27 on zo 03/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.32.1033.18.3063.1667 [GMT 1:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Outdated)   {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Outdated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
FW: Symantec Endpoint Protection *enabled*   {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\A\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hoehel.be/
uRun: [RGSC] d:\games\rockstar games social club\RGSCLauncher.exe /silent
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Application Layer Gateway] c:\program files\common files\alg.exe
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-31 102448]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-2 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]

=============== Created Last 30 ================

2010-01-03 21:52:11	0	d-----w-	c:\program files\TrendMicro
2010-01-03 21:30:24	0	d-----w-	c:\program files\ESET
2010-01-02 14:03:14	0	d-----w-	c:\users\a\appdata\roaming\Malwarebytes
2010-01-02 14:03:11	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 14:03:10	0	d-----w-	c:\programdata\Malwarebytes
2010-01-02 14:03:09	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-01-02 14:03:09	0	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-01-02 13:59:35	195456	------w-	c:\windows\system32\MpSigStub.exe
2010-01-02 13:57:53	0	d-----w-	c:\program files\Microsoft Security Essentials
2010-01-02 01:12:52	1024	----a-w-	c:\users\a\.rnd
2010-01-02 01:12:01	0	d-----w-	c:\programdata\Nero
2010-01-02 01:12:01	0	d-----w-	c:\program files\Nero
2010-01-02 00:48:10	0	d-----w-	c:\users\a\appdata\roaming\Foxit
2010-01-02 00:48:10	0	d-----w-	c:\program files\Foxit Software
2010-01-02 00:41:23	0	d-----w-	c:\program files\QuickPar
2010-01-02 00:27:21	0	d-----w-	c:\program files\Alcohol Soft
2010-01-01 18:17:05	0	d-----w-	c:\windows\system32\xlive
2010-01-01 18:17:05	0	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2010-01-01 17:55:28	0	d-----w-	c:\program files\Steam
2010-01-01 17:50:14	0	d-----w-	c:\program files\common files\Steam
2010-01-01 17:48:59	0	d-----w-	c:\windows\system32\appmgmt
2010-01-01 16:07:47	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2010-01-01 16:07:47	462864	----a-w-	c:\windows\system32\d3dx10_37.dll
2010-01-01 16:07:47	3786760	----a-w-	c:\windows\system32\D3DX9_37.dll
2010-01-01 16:07:47	1420824	----a-w-	c:\windows\system32\D3DCompiler_37.dll
2010-01-01 15:13:18	0	d-----w-	c:\program files\2BrightSparks
2010-01-01 14:18:51	0	d-----w-	c:\program files\AltBinz
2009-12-31 21:37:33	0	d-----w-	c:\windows\Panther
2009-12-31 19:11:32	0	d-----w-	c:\program files\common files\PX Storage Engine
2009-12-31 16:21:15	4958588	----a-w-	c:\windows\{00000007-00000000-00000001-00001102-00000004-20021102}.BAK
2009-12-31 16:20:58	689288	----a-w-	c:\windows\system32\perfh013.dat
2009-12-31 16:20:58	43068	----a-w-	c:\windows\system32\perfd013.dat
2009-12-31 16:20:58	341322	----a-w-	c:\windows\system32\perfi013.dat
2009-12-31 16:20:58	129536	----a-w-	c:\windows\system32\perfc013.dat
2009-12-31 16:19:12	32000	----a-w-	c:\windows\system32\BMXStateBkp-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2009-12-31 16:19:12	32000	----a-w-	c:\windows\system32\BMXState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2009-12-31 16:19:12	31368	----a-w-	c:\windows\system32\BMXCtrlState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2009-12-31 16:19:12	31368	----a-w-	c:\windows\system32\BMXBkpCtrlState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2009-12-31 16:19:12	11564	----a-w-	c:\windows\system32\DVCState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2009-12-31 16:18:47	0	d-----w-	c:\windows\nl-NL
2009-12-31 16:18:46	0	d-----w-	c:\windows\system32\nl
2009-12-31 16:18:46	0	d-----w-	c:\windows\system32\0413
2009-12-31 16:18:41	0	d-----w-	c:\windows\system32\XPSViewer
2009-12-31 16:18:41	0	d-----w-	c:\windows\system32\drivers\nl-NL
2009-12-31 16:18:37	0	d-----w-	c:\windows\system32\wbem\nl-NL
2009-12-31 16:09:50	0	d-----w-	c:\windows\pss
2009-12-31 16:06:36	257024	----a-w-	c:\windows\system32\msv1_0.dll
2009-12-31 16:03:03	4958588	----a-w-	c:\windows\{00000007-00000000-00000001-00001102-00000004-20021102}.CDF
2009-12-31 16:03:02	86016	----a-w-	c:\windows\system32\cttele.dll
2009-12-31 16:03:02	409600	----a-w-	c:\windows\system32\wrap_oal.dll
2009-12-31 16:03:02	114688	----a-w-	c:\windows\system32\OpenAL32.dll
2009-12-31 16:02:26	0	d-----w-	c:\windows\system32\data
2009-12-31 16:01:33	2048	----a-w-	c:\windows\system32\tzres.dll
2009-12-31 14:25:19	805	----a-w-	c:\windows\system32\drivers\SYMEVENT.INF
2009-12-31 14:25:19	123952	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-31 14:25:19	10671	----a-w-	c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-31 14:16:37	503808	----a-w-	c:\windows\system32\MSVCP71.DLL
2009-12-31 14:16:37	348160	----a-w-	c:\windows\system32\MSVCR71.DLL
2009-12-31 14:16:37	1060864	----a-w-	c:\windows\system32\MFC71.DLL
2009-12-31 14:16:37	0	d-----w-	c:\programdata\Symantec
2009-12-31 14:16:37	0	d-----w-	c:\program files\Symantec
2009-12-31 14:16:37	0	d-----w-	c:\program files\common files\Symantec Shared
2009-12-31 14:13:58	0	d-----w-	c:\windows\PCHEALTH
2009-12-31 14:12:33	0	d-----w-	c:\programdata\Microsoft Help
2009-12-31 14:05:47	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-12-31 14:05:38	0	d-----w-	c:\program files\DAEMON Tools Lite
2009-12-31 14:05:18	0	d-----w-	c:\users\a\appdata\roaming\DAEMON Tools Lite
2009-12-31 14:05:16	0	d-----w-	c:\programdata\DAEMON Tools Lite
2009-12-31 13:42:53	0	d-----w-	c:\program files\Elaborate Bytes
2009-
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 23:00:42, on 3/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hoehel.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alg.exe
O4 - HKCU\..\Run: [RGSC] D:\Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 5401 bytes
Malwarebytes' Anti-Malware 1.43
Database versie: 3477
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/01/2010 15:07:54
mbam-log-2010-01-02 (15-07-54).txt

Scan type: Snelle Scan
Objecten gescand: 99179
Verstreken tijd: 3 minute(s), 17 second(s)

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 0
Registerwaarden genfecteerd: 0
Registerdata bestanden genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 1

Geheugenprocessen genfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen genfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels genfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden genfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden genfecteerd:
(Geen kwaadaardige items gevonden)

Mappen genfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden genfecteerd:
C:\Users\A\AppData\Roaming\silent.exe (Trojan.MultiDropper) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.43
Database versie: 3477
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/01/2010 23:58:27
mbam-log-2010-01-03 (23-58-21).txt

Scan type: Volledige Scan (C:\|)
Objecten gescand: 183726
Verstreken tijd: 35 minute(s), 27 second(s)

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 0
Registerwaarden genfecteerd: 1
Registerdata bestanden genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 0

Geheugenprocessen genfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen genfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels genfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden genfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\application layer gateway (Trojan.Agent) -> No action taken.

Registerdata bestanden genfecteerd:
(Geen kwaadaardige items gevonden)

Mappen genfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden genfecteerd:
(Geen kwaadaardige items gevonden)
Malwarebytes' Anti-Malware 1.43
Database versie: 3477
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/01/2010 23:58:34
mbam-log-2010-01-03 (23-58-34).txt

Scan type: Volledige Scan (C:\|)
Objecten gescand: 183726
Verstreken tijd: 35 minute(s), 27 second(s)

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 0
Registerwaarden genfecteerd: 1
Registerdata bestanden genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 0

Geheugenprocessen genfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen genfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels genfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden genfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\application layer gateway (Trojan.Agent) -> Quarantined and deleted successfully.

Registerdata bestanden genfecteerd:
(Geen kwaadaardige items gevonden)

Mappen genfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden genfecteerd:
(Geen kwaadaardige items gevonden)
Microsoft_se.jpg 82.37 KB
  • 2 Contributors
  • 1 Reply
  • 91 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by jholland1964
Member Avatar for jholland1964

I'm having bit of problems with trojans.
Malwarebytes deleted alg.exe from register, which i'm almost sure is something windows 7 needs for internet
(application layer gateway service)
See attachments

thanks!

Depends on the location of the file. It could have been a trojan as there are many which use this file name. If you are online then obviously this was not the real file but a trojan. It seems many people have difficulty with hotmail and IE 8.

Edited by jholland1964 because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.