Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32: Fasec [trj]


  • Please log in to reply
1 reply to this topic

#1 ashish1619

ashish1619

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 02 February 2009 - 01:41 AM

I am having a problem exactly the same as mentioned in http://www.bleepingcomputer.com/forums/t/191494/win32-fasec-trj/
As suggested i carried out DDS, please find attached the scan results.
Please look into the matter immediately.


DDS (Ver_09-02-01.01) - NTFSx86
Run by ashish at 11:49:41.74 on Mon 02/02/2009
Internet Explorer: 7.0.6000.16764 BrowserJavaVersion: 1.6.0_10

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.509.6972\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! uC: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\ashish\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://supportapj.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ashish\appdata\roaming\mozilla\firefox\profiles\ac9eqa3a.default\
FF - plugin: c:\program files\google\google updater\2.3.1314.1135\npCIDetect12.dll
FF - plugin: c:\users\ashish\appdata\local\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\users\ashish\appdata\roaming\mozilla\plugins\npgoogletalk.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-30 14:39 97,800 a------- c:\windows\system32\infocardapi.dll
2009-01-30 14:39 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-01-30 14:39 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-01-30 14:39 622,080 a------- c:\windows\system32\icardagt.exe
2009-01-30 14:39 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-01-30 14:39 11,264 a------- c:\windows\system32\icardres.dll
2009-01-30 14:39 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-01-30 14:39 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-01-30 14:37 32,636,928 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-01-30 14:37 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-01-30 14:37 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-01-30 14:29 96,760 a------- c:\windows\system32\dfshim.dll
2009-01-30 14:28 282,112 a------- c:\windows\system32\mscoree.dll
2009-01-30 14:28 41,984 a------- c:\windows\system32\netfxperf.dll
2009-01-30 14:28 158,720 a------- c:\windows\system32\mscorier.dll
2009-01-30 14:28 83,968 a------- c:\windows\system32\mscories.dll
2009-01-25 16:36 --d----- c:\windows\pss
2009-01-25 15:58 --d----- c:\programdata\Symantec
2009-01-25 15:58 --d----- c:\progra~2\Symantec
2009-01-25 03:01 --d----- c:\windows\system32\Adobe
2009-01-24 22:31 147,456 a------- c:\windows\system32\bzpdfc.dll
2009-01-24 22:31 187,392 a------- c:\windows\system32\bzpdf.dll
2009-01-24 22:31 --d----- c:\program files\Bullzip
2009-01-24 03:13 --d--r-- C:\UDC Output Files
2009-01-22 02:46 --d----- c:\program files\RssReader
2009-01-22 02:43 --d----- c:\windows\system32\URTTEMP
2009-01-20 23:33 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-01-15 03:03 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-01-08 20:02 --d----- c:\programdata\avg8
2009-01-08 20:02 --d----- c:\program files\AVG
2009-01-08 20:02 --d----- c:\progra~2\avg8
2009-01-08 18:55 --d----- C:\kav
2009-01-04 20:01 --d-h--- c:\program files\Zero G Registry
2009-01-04 20:00 --d-h--- c:\users\ashish\InstallAnywhere

==================== Find3M ====================

2009-01-20 23:30 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-20 23:30 86,016 a------- c:\windows\inf\infstor.dat
2009-01-20 23:30 51,200 a------- c:\windows\inf\infpub.dat
2008-12-10 13:46 174 a--sh--- c:\program files\desktop.ini
2008-11-20 11:06 61,224 a------- c:\users\ashish\GoToAssistDownloadHelper.exe
2008-06-11 20:23 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-02-22 01:19 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 11:51:10.35 ===============


==== Installed Programs ======================

Able2Extract Professional v5.0
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bonjour
Bullzip PDF Printer 5.0.0.599
Cisco Clean Access Agent
Dell Resource CD
Dell Touchpad
FLV Player 2.0, build 24
Free Download Manager 2.5
Free Studio version 4.1
Free Video to iPod Converter version 2.5
Free YouTube Download 2.2
Free YouTube to iPod Converter version 3.1
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Updater
GPL Ghostscript Lite 8.63
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Webcam
IBN Video Splitter
Intel Graphics Media Accelerator Driver
iTunes
Java™ 6 Update 10
Java™ SE Runtime Environment 6
K-Lite Mega Codec Pack 3.6.5
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.5)
net4
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenOffice.org Installer 1.0
Prowess ( Client )
QuickTime
RealPlayer
RssReader
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
SigmaTel Audio
Smart Menus (Windows Live Toolbar)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
VideoLAN VLC media player 0.8.6f
VirtualCloneDrive
Vista Profile Pack
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip
WordWeb
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! uC

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:49 AM

Posted 15 February 2009 - 09:38 AM

Hello ashish1619

Welcome to BleepingComputer :thumbup2:
========================
Post an updated log from dds then do the following.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users