Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Help-trojan.fakedrop/gen


  • This topic is locked This topic is locked
3 replies to this topic

#1 boofreedom

boofreedom

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 05 June 2008 - 07:29 PM

I am having trouble removing numerous trojans on my machine mainly Trojan.fakedrop/gen. Ive run adware, spybot S & D as well as super antispyware numerous times (both in and out of safe mode). In addition I have run Clamwin as well as Trend micro house call. I am able to identify and delete the virus but it keeps reappearing. Most recently when I ran SuperAntiSpyware It found over 70 trojans on my machine. I have attached both a HJT log as well as a combo fix log. If anyone can help it would be greatly appreciated. Thanks in advance!

ComboFix 08-06-05.3 - Robet Jones 2008-06-05 17:45:07.1 - NTFSx86

Running from: C:\Documents and Settings\Robet Jones\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mbols~1\??mbols\
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\WINDOWS\BM63404450.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\SYSTEM32\jknVyyay.ini
C:\WINDOWS\SYSTEM32\jknVyyay.ini2
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mbols~1\n?tepad.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ntms.dll
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\winio.dll
C:\WINDOWS\system32\winup.dll

----- BITS: Possible infected sites -----

hxxp://ftp.hp.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Legacy_TNIDRIVER
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 14:21 . 2008-06-05 14:21 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-05 14:04 . 2008-06-05 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-05 14:03 . 2008-06-05 14:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-05 14:03 . 2008-06-05 14:03 <DIR> d-------- C:\Documents and Settings\Robet Jones\Application Data\SUPERAntiSpyware.com
2008-06-05 12:05 . 2008-06-05 14:41 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-05 12:01 . 2008-06-05 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-05 09:48 . 2008-06-05 09:50 <DIR> d-------- C:\Program Files\CCleaner
2008-06-05 08:57 . 2008-06-05 14:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 08:55 . 2008-06-05 08:55 32,512 --a------ C:\WINDOWS\loader.exe
2008-06-05 07:47 . 2008-06-05 07:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:04 . 2008-06-04 22:04 15,872 --------- C:\WINDOWS\x.exe_tobedeleted
2008-06-04 16:49 . 2008-06-04 16:49 <DIR> d-------- C:\Documents and Settings\Robet Jones\Application Data\Malwarebytes
2008-06-04 16:48 . 2008-06-04 16:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 16:48 . 2008-06-04 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 16:48 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-04 16:48 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-06-04 16:47 . 2008-06-04 16:46 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-04 16:47 . 2008-06-04 16:47 2,548 --a------ C:\WINDOWS\unins000.dat
2008-06-04 12:35 . 2004-05-09 16:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-04 12:35 . 2004-05-09 16:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-06-04 12:35 . 2004-05-09 16:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-06-04 12:35 . 2008-06-04 12:35 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-04 11:10 . 2008-06-04 11:10 401,972 --a------ C:\WINDOWS\SYSTEM32\g7.exe
2008-06-04 11:06 . 2008-06-04 11:06 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\HPAppData
2008-06-04 11:05 . 2008-06-04 11:05 4 --a------ C:\WINDOWS\SYSTEM32\hljwugsf.bin
2008-06-04 11:04 . 2008-06-05 14:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\vntiho01
2008-06-04 11:04 . 2008-06-04 22:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\Vco1
2008-06-04 11:04 . 2008-06-05 14:40 <DIR> d-------- C:\WINDOWS\SYSTEM32\sTMP
2008-06-04 11:04 . 2008-06-05 11:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\fIE
2008-06-04 11:04 . 2008-06-04 22:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\Dev3
2008-06-04 11:04 . 2008-06-05 14:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\a053
2008-06-04 11:04 . 2008-06-04 22:03 <DIR> d-------- C:\WINDOWS\SYSTEM32\6026c
2008-05-28 16:40 . 2008-05-28 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-28 16:04 . 2008-05-28 16:04 <DIR> d-------- C:\Documents and Settings\Robet Jones\Application Data\HPAppData
2008-05-28 16:04 . 2008-05-28 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-28 16:02 . 2008-05-28 16:02 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-05-28 16:02 . 2008-05-28 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-28 16:00 . 2008-05-28 17:13 139,042 --a------ C:\WINDOWS\hpoins15.dat
2008-05-28 16:00 . 2007-09-21 06:46 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-05-28 14:09 . 2008-05-28 14:21 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-05-28 11:53 . 2008-05-28 16:56 139,042 --------- C:\WINDOWS\hpoins15.dat.temp
2008-05-28 11:53 . 2007-09-21 06:46 1,039 --------- C:\WINDOWS\hpomdl15.dat.temp
2008-05-23 10:58 . 2008-05-23 11:24 <DIR> d-------- C:\Program Files\ACW
2008-05-22 17:12 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2008-05-22 16:18 . 2007-03-17 14:39 958,464 --a------ C:\WINDOWS\SYSTEM32\hpotiop4.dll
2008-05-22 16:18 . 2007-03-17 14:39 675,840 --a------ C:\WINDOWS\SYSTEM32\hpowiax4.dll
2008-05-22 16:18 . 2007-03-08 13:20 364,544 --a------ C:\WINDOWS\SYSTEM32\hppldcoi.dll
2008-05-22 16:18 . 2007-03-08 13:20 309,760 --a------ C:\WINDOWS\SYSTEM32\difxapi.dll
2008-05-22 16:18 . 2007-03-17 14:39 303,104 --a------ C:\WINDOWS\SYSTEM32\hpovst11.dll
2008-05-22 08:55 . 2008-05-22 08:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-22 08:55 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\SYSTEM32\hpz3l5ha.dll
2008-05-22 08:37 . 2008-05-22 08:37 <DIR> d-------- C:\Documents and Settings\Robet Jones\Application Data\HP
2008-05-22 08:28 . 2008-05-22 08:28 <DIR> d-------- C:\Program Files\Common Files\HP
2008-05-22 08:28 . 2008-05-28 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-05-22 08:27 . 2008-05-28 13:51 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2008-05-22 08:27 . 2008-05-22 08:27 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-22 08:27 . 2007-03-30 23:29 267,864 --a------ C:\WINDOWS\SYSTEM32\hpzids01.dll
2008-05-22 08:27 . 2007-03-08 13:20 49,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys
2008-05-22 08:27 . 2007-03-08 13:20 21,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
2008-05-22 08:27 . 2007-03-08 13:20 16,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
2008-05-22 08:26 . 2008-05-28 16:04 <DIR> d-------- C:\Program Files\HP
2008-05-19 13:59 . 2004-04-13 19:20 929,792 -ra------ C:\WINDOWS\SYSTEM32\PRISME5.dll
2008-05-19 13:59 . 2004-04-13 19:41 372,825 --a------ C:\WINDOWS\SYSTEM32\PRISMAPI.dll
2008-05-19 13:59 . 2004-04-13 19:45 290,905 --a------ C:\WINDOWS\SYSTEM32\PRISMSVR.exe
2008-05-19 13:59 . 2004-04-13 19:20 15,781 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\SYSTEM32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 21:49 3,094 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-05 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 15:48 --------- d-----w C:\Program Files\Yahoo!
2008-06-05 13:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-05 04:53 --------- d-----w C:\Program Files\eMusic Download Manager
2008-06-04 21:31 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-04 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-04 17:18 269 ----a-w C:\Program Files\Common Files\quha86
2008-06-04 16:43 --------- d-----w C:\Documents and Settings\Robet Jones\Application Data\AdobeUM
2008-05-23 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 17:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 17:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 17:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 09:41 142 ----a-w C:\Program Files\Common Files\rteqe.html
.
<pre>
-c--a-w		   180,269 2008-01-21 01:22:35  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
-c--a-w		   460,784 2008-01-21 01:22:48  C:\Program Files\DellSupport\DSAgnt .exe
-c--a-w		   625,152 2008-01-20 22:39:18  C:\Program Files\Internet Explorer\iexplore .exe
-c--a-w		   257,088 2008-01-21 01:22:34  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   282,624 2008-01-21 01:22:29  C:\Program Files\QuickTime\qttask   .exe
----a-w			15,360 2008-01-21 01:22:51  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w		   126,976 2008-01-21 01:22:30  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w		   155,648 2008-01-21 01:22:31  C:\WINDOWS\SYSTEM32\igfxtray .exe
-c--a-w		   114,741 2008-01-21 01:22:30  C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe
</pre>


------- Sigcheck -------

2002-08-29 04:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\backup\svchost.exe
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\backup\svchost.exe
2004-08-04 01:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\SYSTEM32\svchost.exe

2003-07-10 11:19 70656 06bf1d3c21274f92ddd0e09317c80b35 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2002-08-29 04:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll
2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ws2_32.dll
2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\backup\ws2_32.dll
2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\backup\ws2_32.dll
2004-08-04 01:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\SYSTEM32\ws2_32.dll

2002-08-29 04:00 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\backup\winlogon.exe
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\backup\winlogon.exe
2004-08-04 01:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\SYSTEM32\winlogon.exe

2003-10-04 01:54 168192 d999ce17681d7d074d534fc5bc662e0a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\backup\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\backup\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys

2003-06-30 15:35 29952 eddca9c72f1e7f2e2e2ab6ad7106c4a5 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\backup\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\backup\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys

2002-08-29 04:00 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 01:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-04 01:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe
2004-08-04 01:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\backup\services.exe
2004-08-04 01:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\backup\services.exe
2004-08-04 01:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\SYSTEM32\services.exe

2002-08-29 04:00 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 01:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-04 01:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe
2004-08-04 01:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\backup\lsass.exe
2004-08-04 01:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\backup\lsass.exe
2004-08-04 01:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\SYSTEM32\lsass.exe

2002-08-29 04:00 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 01:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-04 01:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
2004-08-04 01:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SoftwareDistribution\Download\354955e5a48449db338e32557238a670\backup\ctfmon.exe
2004-08-04 01:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cad69f32-5360-46e5-af97-2ec8cf4da009}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-05-15 16:32:00 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 09:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 11:13 45056 C:\WINDOWS\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkklm]
pmnkklm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpzrcv01.LNK]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpzsetup.LNK]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
--a------ 2008-01-20 22:08 77824 C:\Program Files\ClamWin\bin\ClamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iexplore.exe]
--a------ 2008-02-29 02:55 625664 C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-20 19:22 282624 C:\Program Files\QuickTime\qttask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
"Sonic RecordNow!"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe"
"RegistryMechanic"=
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 4\\Dreamweaver.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 21:59]
S1 kmixerr;kmixerr;C:\WINDOWS\system32\drivers\kmixerr.sys []
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S4 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 15:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 17:54:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-06-05 18:11:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 00:10:17

Pre-Run: 48,414,105,600 bytes free
Post-Run: 48,412,135,424 bytes free

303 --- E O F --- 2008-05-28 17:47:42


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:45 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bobjonespaintings.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://wm.claires.com/iNotes.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/15cb9c06e4aee2...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnkklm - pmnkklm.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6148 bytes

BC AdBot (Login to Remove)

 


#2 boofreedom

boofreedom
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 06 June 2008 - 12:31 PM

I appologize...I just noticed that I was not to post a ComboFix log. Sorry about that
Bob

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 13 June 2008 - 09:50 AM

Hello Bob, my name is fenzodahl512 Please do the following..

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Regards
fenzodahl512

Edited by fenzodahl512, 13 June 2008 - 09:50 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 20 June 2008 - 09:53 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users