Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Need Your Help With Trojans! Posted Combofix Log Report Too!


  • This topic is locked This topic is locked
1 reply to this topic

#1 montecarlo1987

montecarlo1987

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY State
  • Local time:08:43 AM

Posted 19 July 2008 - 05:05 PM

Hello. I need help with Trojans!!! I have Windows Vista Home Premium SP1. The programs to combat this pests include Kaspersky Internet Security 7.0 (KIS 7.0), CounterSpyv2, SUPERAntispyware Pro, and free version of Ad-Aware.

I have gone long periods running my computer where KIS 7.0 has finally detected Trojans on a separate hard drive (s:) that I use for storage. KIS detects them with its auto scan feature that begins to run when the operating system is up and running (and I found some with manual KIS scans). They are Trojan-Downloader.Win32.Agent.vpx,Trojan-Downloader.Win32.FraudLoad.gen, Trojan-Downloader.WIn32.Agent.vur and Trojan-Dropper.Win32.Joiner.fa. I have KIS set to disinfect and to delete if necessary... ...they are deleted automatically after the disinfect fails. None of the other programs that I have ran have detected them. The other anti-spyware programs only detect cookie issues.

What happens is this: KIS will detect them on day 1 after a long scan and then after a few days later detect a different Trojan after another long scan on my S drive (while running long scans in between those days when on my computer and detecting nothing). I ran CCleaner to cleanup my computer's files and folders to see if temp files are an issue. This doesn't matter. I have recently ran in Safe Mode (having already unchecked both the "Hide file extension for known file types" & "Hide protected operating system files (Recommended)"), KIS 7.0, Ad-Aware FREE and SUPERAntispyware Pro and none have detected any Trojans or other issues that instance. Within KIS 7.0 program, I have ran scans using "Critical areas", "My Computer", Startup Objects", & "Rootkit scan" -- sometimes I find them in normal mode and sometimes I don't. Right now KIS says that "Your computer is protected." and all the malware has been deleted.

So what is going on and where are these Trojans coming from? Any solutions to my Trojan plague I get every few days? Of the files that were deleted by KIS and found to be infected can be replaced, I am very lucky so far. ...but for how long???!!!!

For your assistance I have ran your program ComboFix to see what is going on with my system. I have posted the Log Report here. Please let me know if you see anything unusual here too:

ComboFix 08-07-18.5 - Troy 2008-07-19 14:26:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1292 [GMT -4:00]
Running from: C:\Users\Troy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.

2008-07-18 23:47 . 2008-07-18 23:47 <DIR> d-------- C:\Users\All Users\Sunbelt Software
2008-07-18 23:47 . 2008-07-18 23:47 <DIR> d-------- C:\ProgramData\Sunbelt Software
2008-07-18 23:46 . 2008-07-18 23:46 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-07-18 01:15 . 2008-07-17 22:17 <DIR> d-------- C:\Windows\Panther
2008-07-18 01:15 . 2006-09-22 17:36 140,288 --a------ C:\Windows\System32\BrWia06d.dll
2008-07-18 01:15 . 2006-08-09 14:02 39,424 --a------ C:\Windows\System32\brusi06c.dll
2008-07-18 01:02 . 2008-07-18 01:02 <DIR> d--h----- C:\$WINDOWS.~Q
2008-07-18 00:56 . 2008-07-18 00:56 <DIR> d--h----- C:\$INPLACE.~TR
2008-07-17 23:43 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-17 23:43 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-07-17 23:22 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-17 23:22 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-17 23:22 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-17 22:43 . 2008-07-17 22:58 208,412,433 --a------ C:\Windows\MEMORY.DMP
2008-07-17 22:21 . 2008-07-19 14:03 <DIR> d-------- C:\Windows\Debug
2008-07-17 22:03 . 2008-07-17 22:03 <DIR> d-------- C:\Users\Default\video
2008-07-17 21:24 . 2008-07-17 22:02 <DIR> dr------- C:\Users\Troy\Videos
2008-07-17 21:24 . 2008-07-17 22:02 <DIR> dr------- C:\Users\Troy\Saved Games
2008-07-17 21:24 . 2008-07-17 22:30 <DIR> dr------- C:\Users\Troy\Pictures
2008-07-17 21:24 . 2008-07-17 22:30 <DIR> dr------- C:\Users\Troy\Music
2008-07-17 21:24 . 2008-07-17 22:30 <DIR> dr------- C:\Users\Troy\Links
2008-07-17 21:24 . 2008-07-17 22:02 <DIR> dr------- C:\Users\Troy\Downloads
2008-07-17 21:24 . 2008-07-19 14:10 <DIR> dr------- C:\Users\Troy\Documents
2008-07-17 21:24 . 2006-11-02 08:37 <DIR> d-------- C:\Users\Troy\AppData\Roaming\Media Center Programs
2008-07-17 21:24 . 2008-07-17 22:00 <DIR> d--h----- C:\Users\Troy\AppData
2008-07-17 21:24 . 2008-07-17 22:30 <DIR> d-------- C:\Users\Troy
2008-07-17 21:24 . 2008-07-17 21:59 <DIR> dr------- C:\Users\Administrator\Videos
2008-07-17 21:24 . 2008-07-17 21:59 <DIR> d-------- C:\Users\Administrator\Saved Games
2008-07-17 21:24 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Administrator\Pictures
2008-07-17 21:24 . 2006-11-02 06:23 <DIR> dr------- C:\Users\Administrator\Music
2008-07-17 21:24 . 2008-07-17 21:59 <DIR> dr------- C:\Users\Administrator\Links
2008-07-17 21:24 . 2008-07-17 21:59 <DIR> dr------- C:\Users\Administrator\Downloads
2008-07-17 21:24 . 2008-07-17 21:59 <DIR> dr------- C:\Users\Administrator\Documents
2008-07-17 21:24 . 2008-07-17 21:59 <DIR> d--h----- C:\Users\Administrator\AppData
2008-07-17 21:24 . 2008-07-17 21:59 <DIR> d-------- C:\Users\Administrator
2008-07-17 21:23 . 2008-07-17 21:23 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-17 21:22 . 2008-07-17 21:22 0 --a------ C:\Windows\ativpsrm.bin
2008-07-15 23:31 . 2008-07-17 22:01 <DIR> d-------- C:\Users\Troy\AppData\Roaming\CyberLink
2008-07-15 23:30 . 2008-07-17 21:40 <DIR> d-------- C:\Users\Public\CyberLink
2008-07-15 23:25 . 2008-07-17 21:39 <DIR> d-------- C:\Users\All Users\CyberLink
2008-07-15 23:25 . 2008-07-17 21:39 <DIR> d-------- C:\ProgramData\CyberLink
2008-07-15 21:45 . 2007-01-08 22:17 47,136 --a------ C:\Windows\System32\msxmee93.rra
2008-07-15 21:42 . 2008-07-17 21:30 <DIR> d-------- C:\Program Files\CyberLink
2008-07-15 12:59 . 2008-07-15 12:59 685,056 --a------ C:\Windows\is-M84NT.exe
2008-07-15 12:59 . 2008-07-15 12:59 10,498 --a------ C:\Windows\is-M84NT.msg
2008-07-15 12:59 . 2008-07-15 12:59 456 --a------ C:\Windows\is-M84NT.lst
2008-07-14 23:19 . 2008-07-17 21:31 <DIR> d-------- C:\Program Files\Microsoft Corporation
2008-07-14 21:49 . 2000-07-21 12:05 518,416 --a------ C:\Windows\System32\msxml.dll
2008-07-14 21:49 . 2007-01-08 22:17 27,168 --a------ C:\Windows\System32\msxml3a.dll
2008-07-14 21:48 . 2008-07-17 21:29 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-07-14 21:00 . 2008-07-17 21:40 <DIR> d-------- C:\Users\All Users\Stardock
2008-07-14 21:00 . 2008-07-17 21:40 <DIR> d-------- C:\ProgramData\Stardock
2008-07-14 20:58 . 2008-07-17 21:40 <DIR> d--h----- C:\Users\All Users\{2DF91FF8-04D7-4882-9757-DBF7D7EB2FD2}
2008-07-14 20:58 . 2008-07-17 21:40 <DIR> d--h----- C:\ProgramData\{2DF91FF8-04D7-4882-9757-DBF7D7EB2FD2}
2008-07-12 23:15 . 2008-07-17 21:40 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-12 23:15 . 2008-07-17 21:40 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-12 23:15 . 2008-07-17 21:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-11 16:54 . 2008-07-17 22:01 <DIR> d-------- C:\Users\Troy\AppData\Roaming\TK8 Software
2008-07-11 16:54 . 2008-07-17 21:38 <DIR> d-------- C:\Program Files\TK8 Backup
2008-07-11 16:54 . 2003-12-16 19:18 160,016 --a------ C:\Windows\System32\wnaspi32.dll
2008-07-10 16:10 . 2008-07-17 21:40 <DIR> d--h----- C:\Users\All Users\{71502C40-CE33-4AB6-9416-0A620783FB71}
2008-07-10 16:10 . 2008-07-17 21:40 <DIR> d--h----- C:\ProgramData\{71502C40-CE33-4AB6-9416-0A620783FB71}
2008-07-10 16:10 . 2008-07-17 21:28 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-07-08 21:16 . 2008-07-17 21:31 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-07-08 20:46 . 2008-07-17 21:31 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-07-08 18:03 . 2008-07-17 21:41 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU
2008-07-08 16:22 . 2008-07-17 22:01 <DIR> d-------- C:\Users\Troy\AppData\Roaming\Weather Pulse
2008-07-08 16:22 . 2008-07-17 21:38 <DIR> d-------- C:\Program Files\Weather Pulse
2008-07-03 15:05 . 2008-07-17 21:39 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-07-03 15:05 . 2008-07-17 21:39 <DIR> d-------- C:\ProgramData\FLEXnet
2008-07-03 15:02 . 2008-07-17 21:29 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-03 14:55 . 2008-07-03 14:54 129,784 --a------ C:\Windows\System32\pxafs.dll
2008-07-03 14:55 . 2008-07-03 14:54 118,520 --a------ C:\Windows\System32\pxinsi64.exe
2008-07-03 14:55 . 2008-07-03 14:54 116,472 --a------ C:\Windows\System32\pxcpyi64.exe
2008-07-03 14:54 . 2008-07-03 14:54 209 --a------ C:\Windows\ODBCINST.INI
2008-07-02 22:30 . 2008-07-17 21:30 <DIR> d-------- C:\Program Files\Java
2008-07-02 22:29 . 2008-07-17 21:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-02 12:37 . 2008-07-17 21:28 <DIR> d-------- C:\Program Files\CodeStuff
2008-07-01 21:23 . 2008-07-02 15:00 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-07-01 21:22 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-07-01 21:21 . 2008-07-17 21:32 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-01 21:07 . 2008-07-17 21:38 <DIR> d-------- C:\Program Files\Windows Live
2008-07-01 21:07 . 2008-07-17 21:29 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-01 21:05 . 2008-07-18 21:01 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-07-01 21:05 . 2008-07-18 21:01 <DIR> d-------- C:\ProgramData\WLInstaller
2008-06-30 08:22 . 2008-06-30 08:22 <DIR> d-------- C:\Users\Troy\AppData\Roaming\Simple Star
2008-06-29 11:27 . 2008-07-17 21:39 <DIR> d-------- C:\Users\All Users\Google
2008-06-29 03:33 . 2008-07-17 21:38 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-06-28 11:53 . 2008-07-17 21:38 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-06-28 11:52 . 2008-07-17 21:38 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-06-28 11:39 . 2008-07-17 21:31 <DIR> d-------- C:\Program Files\Live Search Maps for Outlook
2008-06-28 11:31 . 2008-07-17 21:32 <DIR> d-------- C:\Program Files\Microsoft Streets & Trips
2008-06-28 11:31 . 2008-07-17 21:31 <DIR> d-------- C:\Program Files\Microsoft Location Finder
2008-06-26 23:53 . 2008-07-17 21:38 <DIR> d-------- C:\Program Files\Unlocker
2008-06-26 12:21 . 2008-07-17 21:40 <DIR> d-------- C:\Windows\Catroot
2008-06-25 20:58 . 2008-07-17 21:38 <DIR> d-------- C:\Program Files\VS Revo Group
2008-06-25 19:15 . 2008-07-17 21:40 <DIR> d-------- C:\Users\All Users\Raxco
2008-06-25 19:15 . 2008-07-17 21:40 <DIR> d-------- C:\ProgramData\Raxco
2008-06-25 19:15 . 2008-07-17 21:37 <DIR> d-------- C:\Program Files\Raxco
2008-06-23 23:41 . 2008-07-17 22:01 <DIR> d-------- C:\Users\Troy\AppData\Roaming\Corel
2008-06-23 23:41 . 2008-07-18 00:47 3,036 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-06-23 23:41 . 2008-06-26 08:59 88 -rahs---- C:\Windows\System32\DEA0E519DC.sys
2008-06-23 23:40 . 2008-07-17 21:39 <DIR> d-------- C:\Users\All Users\Corel
2008-06-23 23:40 . 2008-07-17 21:39 <DIR> d-------- C:\ProgramData\Corel
2008-06-23 23:39 . 2008-07-17 21:29 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-23 23:39 . 2008-07-17 21:29 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-23 23:28 . 2008-07-17 21:30 <DIR> d-------- C:\Program Files\Corel
2008-06-23 19:32 . 2008-07-17 21:37 <DIR> d-------- C:\Program Files\Power Screensaver Builder
2008-06-23 17:30 . 2008-07-17 21:28 <DIR> d-------- C:\Program Files\Atomic Alarm Clock
2008-06-23 15:21 . 2008-07-17 21:37 <DIR> d-------- C:\Program Files\Picasa2
2008-06-23 15:21 . 2006-10-04 22:42 2,560 --a------ C:\Windows\System32\drivers\cdralw2k.sys
2008-06-23 15:21 . 2006-10-04 22:42 2,432 --a------ C:\Windows\System32\drivers\cdr4_xp.sys
2008-06-23 15:20 . 2008-07-18 20:40 <DIR> d-------- C:\Users\All Users\Google Updater
2008-06-23 15:20 . 2008-07-18 20:40 <DIR> d-------- C:\ProgramData\Google Updater
2008-06-23 14:56 . 2008-07-17 21:30 <DIR> d-------- C:\Program Files\Google
2008-06-19 15:55 . 2008-07-17 21:37 <DIR> d-------- C:\Program Files\Real Alternative
2008-06-19 15:41 . 2006-09-24 11:11 389,120 --a------ C:\Windows\System32\lameACM.acm
2008-06-19 15:41 . 2004-01-25 12:18 217,088 --a------ C:\Windows\System32\yv12vfw.dll
2008-06-19 15:41 . 2007-09-04 12:56 164,352 --a------ C:\Windows\System32\unrar.dll
2008-06-19 15:41 . 2007-09-20 20:52 118,784 --a------ C:\Windows\System32\ac3acm.acm
2008-06-19 15:41 . 2007-10-03 11:03 414 --a------ C:\Windows\System32\lame_acm.xml
2008-06-19 15:40 . 2008-06-19 15:40 <DIR> d-------- C:\Users\All Users\Real
2008-06-19 15:40 . 2008-07-17 21:31 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-19 15:40 . 2008-03-21 16:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-06-19 15:40 . 2008-01-10 08:15 755,027 --a------ C:\Windows\System32\xvidcore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 18:38 --------- d---a-w C:\ProgramData\TEMP
2008-07-19 18:36 30,272 ----a-w C:\Windows\system32\drivers\pssdk31.drv
2008-07-19 18:35 3,287,144 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-19 18:35 246,426,912 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-19 17:39 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-18 03:45 --------- d-----w C:\Program Files\Windows Mail
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\WinWay
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\Ulead Systems
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\SUPERAntiSpyware.com
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\Sunbelt Software
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\Sony
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\Nero
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\MiniDm
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\Media Player Classic
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\InstallShield
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\FastStone
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\DAEMON Tools
2008-07-18 02:01 --------- d-----w C:\Users\Troy\AppData\Roaming\ATI
2008-07-18 01:40 --------- d-----w C:\ProgramData\WindowsSearch
2008-07-18 01:40 --------- d-----w C:\ProgramData\Ulead Systems
2008-07-18 01:40 --------- d-----w C:\ProgramData\SupportSoft
2008-07-18 01:40 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-07-18 01:40 --------- d-----w C:\ProgramData\Sony
2008-07-18 01:40 --------- d-----w C:\ProgramData\Nova Development
2008-07-18 01:40 --------- d-----w C:\ProgramData\Nero
2008-07-18 01:40 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-18 01:39 --------- d-----w C:\ProgramData\Brother
2008-07-18 01:39 --------- d-----w C:\ProgramData\ATI
2008-07-18 01:38 --------- d-----w C:\ProgramData\Acronis
2008-07-18 01:38 --------- d-----w C:\Program Files\XNeat Windows Manager
2008-07-18 01:38 --------- d-----w C:\Program Files\WinWay Resume
2008-07-18 01:38 --------- d-----w C:\Program Files\Windows Imaging
2008-07-18 01:38 --------- d-----w C:\Program Files\Windows AIK
2008-07-18 01:38 --------- d-----w C:\Program Files\Web Publish
2008-07-18 01:38 --------- d-----w C:\Program Files\Vstplugins
2008-07-18 01:38 --------- d-----w C:\Program Files\vLite
2008-07-18 01:38 --------- d-----w C:\Program Files\twc
2008-07-18 01:38 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-18 01:37 --------- d-----w C:\Program Files\Stardock
2008-07-18 01:37 --------- d-----w C:\Program Files\Sony Setup
2008-07-18 01:37 --------- d-----w C:\Program Files\Sony
2008-07-18 01:37 --------- d-----w C:\Program Files\RocketDock
2008-07-18 01:37 --------- d-----w C:\Program Files\Recovery for Exchange OST
2008-07-18 01:37 --------- d-----w C:\Program Files\Realtek
2008-07-18 01:34 --------- d-----w C:\Program Files\Nova Development
2008-07-18 01:32 --------- d-----w C:\Program Files\NewBlue
2008-07-18 01:32 --------- d-----w C:\Program Files\Nero
2008-07-18 01:32 --------- d-----w C:\Program Files\MSECache
2008-07-18 01:32 --------- d-----w C:\Program Files\MSBuild
2008-07-18 01:32 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-18 01:32 --------- d-----w C:\Program Files\Microsoft Works
2008-07-18 01:32 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-07-18 01:32 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-18 01:32 --------- d-----w C:\Program Files\Microsoft Small Business
2008-07-18 01:32 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-18 01:32 --------- d-----w C:\Program Files\Microsoft Office Outlook Connector
2008-07-18 01:31 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-18 01:31 --------- d-----w C:\Program Files\Merriam-Webster Reference Library
2008-07-18 01:31 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-18 01:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 01:30 --------- d-----w C:\Program Files\Intel
2008-07-18 01:30 --------- d-----w C:\Program Files\IEPro
2008-07-18 01:30 --------- d-----w C:\Program Files\FastStone Photo Resizer
2008-07-18 01:30 --------- d-----w C:\Program Files\FastStone MaxView
2008-07-18 01:30 --------- d-----w C:\Program Files\FastStone Image Viewer
2008-07-18 01:30 --------- d-----w C:\Program Files\FastStone Capture
2008-07-18 01:30 --------- d-----w C:\Program Files\DigiPortal Software
2008-07-18 01:30 --------- d-----w C:\Program Files\Desktility
2008-07-18 01:30 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-18 01:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 01:29 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-07-18 01:29 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-07-18 01:29 --------- d-----w C:\Program Files\Common Files\Nova Development
2008-07-18 01:29 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-18 01:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-18 01:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 01:28 --------- d-----w C:\Program Files\Common Files\Acronis
2008-07-18 01:28 --------- d-----w C:\Program Files\CCleaner
2008-07-18 01:28 --------- d-----w C:\Program Files\Brother
2008-07-18 01:28 --------- d-----w C:\Program Files\Audacity
2008-07-18 01:28 --------- d-----w C:\Program Files\ATI Technologies
2008-07-18 01:28 --------- d-----w C:\Program Files\ATI
2008-07-18 01:28 --------- d-----w C:\Program Files\ArcSoft
2008-07-18 01:27 --------- d-----w C:\Program Files\Acronis
2008-06-15 15:44 441,760 ----a-w C:\Windows\system32\drivers\timntr.sys
2008-06-15 15:44 44,384 ----a-w C:\Windows\system32\drivers\tifsfilt.sys
2008-06-15 15:44 368,544 ----a-w C:\Windows\system32\drivers\tdrpman.sys
2008-06-15 15:44 129,248 ----a-w C:\Windows\system32\drivers\snapman.sys
2008-05-29 21:41 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-05-29 18:09 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-29 17:48 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-05-28 15:47 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-05-28 15:47 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys
2008-05-27 23:16 61,440 ----a-w C:\Windows\System32\NormalizeDSP.dll
2008-05-23 13:12 323,584 ----a-w C:\Windows\System32\AudioGenie2.dll
2008-05-20 14:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-20 05:25 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-19 04:25 --------- d-----w C:\Users\Troy\AppData\Roaming\Publish Providers
2008-05-16 15:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-10 16:29 315,392 ----a-w C:\Windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 22:23 1233920]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-03-13 00:21 1731072]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-03 15:44 1506544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 22:25 202240]
"XNeat Windows Manager"="C:\Program Files\XNeat Windows Manager\xnViewer.exe" [2008-03-03 18:09 77824]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 20:07 140568]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11 909208]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06 2595616]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09 698864]

C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Desktility.lnk - C:\Program Files\Desktility\Desktility.exe [2008-05-13 16:51:55 1900544]
FastStone Capture.lnk - C:\Program Files\FastStone Capture\FSCapture.exe [2008-05-07 17:41:54 1008128]
VisualToolTip - Shortcut.lnk - C:\visualtooltip22\VisualToolTip.exe [2008-05-12 11:38:44 988672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-06-13 11:24 241912 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Users^Troy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
path=C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--a------ 2006-12-18 11:08 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--a------ 2006-07-19 14:51 65536 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
-ra------ 2007-12-01 17:38 38400 C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 05:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMDownloading your update...1191272106614]
--a------ 2007-08-21 01:24 95560 C:\Program Files\Corel\Corel MediaOne\DIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-02-12 14:37 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-01-08 22:17 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\medicsp2]
--a------ 2007-03-07 11:53 198184 C:\Program Files\twc\medicsp2\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
--a------ 2006-11-14 13:22 121640 C:\Program Files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PerfectDiskRx]
--a------ 2007-06-18 14:11 6030864 C:\Program Files\Raxco\PerfectDiskRx\PerfectDiskRx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoExplosionCalCheck]
--a------ 2006-05-10 12:32 69632 C:\Program Files\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-06-23 14:56 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-03-01 01:10 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"medicsp2"=C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EF549B17-2DD4-4D44-8DB1-633BEC97AA66}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{E5398813-F900-464B-84EF-32101AA03AF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A40DA94A-7F03-4941-A23C-CE4C0287CC67}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A8D212A8-5247-4F62-9D1B-F73890D8AB33}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B94C12DC-E2C5-44F6-BD81-0242D75E3639}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{29470474-67C5-4D1D-A0E7-E8BA66821093}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{24B94393-DAB7-4283-966E-A484C79B1BC3}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E7C48691-88E4-4A23-8AE3-51623A32267A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F2F6C6E-0077-4520-8A47-9A9329AC15FF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3076303E-793C-4E23-AFAC-039029D13D8B}C:\\kav\\kis7\\setup.exe"= UDP:C:\kav\kis7\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{9B9DBB22-6F84-4F30-93AD-2CD68A112E7C}C:\\kav\\kis7\\setup.exe"= TCP:C:\kav\kis7\setup.exe:Kaspersky Internet Security 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-06-15 11:44]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08]
R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe [2008-04-16 13:00]
R2 PD9Engine;PD9Engine;C:\Program Files\Raxco\PerfectDiskRx\PD9Engine.exe [2007-06-18 14:11]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 11:54]
R2 svcChoiceMail;Choice Mail;C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe [2008-01-30 13:41]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 20:51]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 03:13]
R3 PsSdk31;PsSdk31;C:\Windows\system32\Drivers\pssdk31.drv [2008-07-19 14:36]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe [2008-04-16 13:00]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 22:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 22:23]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-19 17:50:01 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Corel\Corel MediaOne\Corel PhotoDownloader.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-TrojanKiller - C:\Program Files\Trojan Killer\TrojanKiller.exe
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 14:38:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Program Files\XNeat Windows Manager\XNeatDrv.dll
-> C:\Program Files\XNeat Windows Manager\dlls\xnMenuBuilder.dll
-> C:\Program Files\XNeat Windows Manager\dlls\xnSaveAsDlg.dll
-> C:\Program Files\XNeat Windows Manager\dlls\xnTBSorter.dll
-> C:\Program Files\XNeat Windows Manager\dlls\xnTransparency.dll
-> C:\Program Files\Atomic Alarm Clock\Clock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Raxco\PerfectDisk\PD91AgentS1.exe
C:\Program Files\XNeat Windows Manager\XNeatWM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-19 14:44:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-19 18:44:00

Pre-Run: 37,503,361,024 bytes free
Post-Run: 37,303,193,600 bytes free

411 --- E O F --- 2008-07-18 03:35:21

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:08:43 AM

Posted 20 July 2008 - 05:56 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users