Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

found 6 trojans, still infected with?


  • This topic is locked This topic is locked
2 replies to this topic

#1 smXsuflkaNUTsmXsudnt

smXsuflkaNUTsmXsudnt

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 12 January 2010 - 07:39 AM

Got rid of the trojans, but something is in there. hotmail abruptly closed my acct and asked if i recently sent a bunch of messages and i looked around and realized i didnt have the control i used to. there is a new faxsetup.log that wont stay deleted, same with a hyper dialer(never noticed it anyway)
If y'all would take a look and help me out here i'd really appreciate it. Mahalo





Ver_09-12-01.01) - NTFSx86
Run by jkl at 22:53:46.03 on Mon 01/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.382.67 [GMT -10:00]

AV: avast! antivirus 4.8.1169 [VPS 100111-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

I:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
I:\Program Files\Microsoft Security Essentials\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
svchost.exe
I:\Program Files\Prevx\prevx.exe
C:\FileDeleter.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\svchost.exe -k imgsvc
I:\Program Files\Prevx\prevx.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
I:\Program Files\Microsoft Security Essentials\msseces.exe
I:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
I:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
I:\WINDOWS\system32\RunDll32.exe
I:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
I:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
I:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
i:\program files\aol email toolbar\AolMailTbServer.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Documents and Settings\Butt-Head Ledgerwood\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - i:\program files\aol email toolbar\aolmailtb.dll
mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - i:\program files\aol email toolbar\aolmailtb.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: TBSB00982 Class: {da3d342f-ff20-4e31-9e82-22334155730c} - i:\program files\antbar\ant.com toolbar\tbu02012\tbcore3.dll
BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - i:\program files\aol email toolbar\aolmailtb.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - i:\program files\antbar\ant.com toolbar\tbu02012\tbcore3.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - i:\program files\aol email toolbar\aolmailtb.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ISUSPM] "i:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [RIMDeviceManager] "i:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer
uRun: [Google Update] "i:\documents and settings\butt-head ledgerwood\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
uRun: [ZSLEScheduler] RunDll32.exe "c:\zsscheduler.dll", runscheduler c:\
mRun: [avast!] i:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [RoxWatchTray] "i:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [MSSE] "i:\program files\microsoft security essentials\msseces.exe" -hide
dRun: [DWQueuedReporting] "i:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - i:\program files\research in motion\blackberry\DesktopMgr.exe
IE: &AOL Email Toolbar Search - i:\documents and settings\all users\application data\aol email toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - i:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {4A0FB978-1067-4120-9819-33AE5C7B3819} = 10.177.0.34 10.176.80.242
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;i:\windows\system32\drivers\pxscan.sys [2010-1-4 30280]
R1 aswSP;avast! Self Protection;i:\windows\system32\drivers\aswSP.sys [2004-1-2 75856]
R1 MpFilter;Microsoft Malware Protection Driver;i:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 aswFsBlk;aswFsBlk;i:\windows\system32\drivers\aswFsBlk.sys [2004-1-2 20560]
R2 avast! Antivirus;avast! Antivirus;i:\program files\alwil software\avast4\ashServ.exe [2004-1-2 144760]
R2 CSIScanner;CSIScanner;i:\program files\prevx\prevx.exe [2010-1-4 6222312]
R2 FileDeleter;ZeroSpyware FileDeleter;C:\FileDeleter.exe [2009-12-31 278528]
R2 pxrts;pxrts;i:\windows\system32\drivers\pxrts.sys [2010-1-4 47408]
R3 avast! Mail Scanner;avast! Mail Scanner;i:\program files\alwil software\avast4\ashMaiSv.exe [2004-1-2 247160]
R3 avast! Web Scanner;avast! Web Scanner;i:\program files\alwil software\avast4\ashWebSv.exe [2004-1-2 345464]
R3 pxkbf;pxkbf;i:\windows\system32\drivers\pxkbf.sys [2010-1-4 24496]

=============== Created Last 30 ================

2010-01-12 08:48:37 524288 ----a-w- I:\dds.scr
2010-01-07 07:39:27 0 d-----w- i:\program files\Trend Micro
2010-01-07 07:37:49 812344 ----a-w- I:\HJTInstall.exe
2010-01-05 01:22:41 53136 ----a-w- i:\windows\system32\PxSecure.dll
2010-01-05 01:22:40 47408 ----a-w- i:\windows\system32\drivers\pxrts.sys
2010-01-05 01:22:40 30280 ----a-w- i:\windows\system32\drivers\pxscan.sys
2010-01-05 01:22:38 24496 ----a-w- i:\windows\system32\drivers\pxkbf.sys
2010-01-05 01:22:34 0 d-----w- i:\program files\Prevx
2010-01-05 01:20:52 0 d-----w- i:\docume~1\alluse~1\applic~1\PrevxCSI
2010-01-05 01:20:51 51 ----a-w- i:\windows\wininit.ini
2010-01-05 01:20:24 910072 ----a-w- I:\PREVXCSIFREE.EXE
2010-01-03 10:58:04 953360 ----a-w- I:\TEApplet.exe
2009-12-31 15:25:55 256 ----a-w- i:\documents and settings\butt-head ledgerwood\pool.bin
2009-12-31 15:14:11 471552 -c----w- i:\windows\system32\dllcache\aclayers.dll
2009-12-31 14:51:45 12307656 ----a-w- I:\info.aspx
2009-12-31 13:43:37 0 d-----w- i:\windows\system32\zslfiles
2009-12-31 13:43:30 0 d-----w- i:\program files\Fbm Software
2009-12-31 13:43:05 0 d-----w- i:\windows\system32\ZeroSpyware Limited Edition
2009-12-31 13:42:37 939224 ----a-r- i:\windows\system32\Flash.ocx
2009-12-29 22:45:43 2145280 -c----w- i:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-29 22:45:41 2066048 -c----w- i:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-29 22:45:41 2023936 -c----w- i:\windows\system32\dllcache\ntkrpamp.exe
2009-12-29 22:41:05 691712 -c----w- i:\windows\system32\dllcache\inetcomm.dll
2009-12-29 22:31:42 272128 -c----w- i:\windows\system32\dllcache\bthport.sys
2009-12-29 22:27:47 284160 -c----w- i:\windows\system32\dllcache\pdh.dll
2009-12-29 22:27:46 401408 -c----w- i:\windows\system32\dllcache\rpcss.dll
2009-12-29 22:27:45 473600 -c----w- i:\windows\system32\dllcache\fastprox.dll
2009-12-29 22:27:45 110592 -c----w- i:\windows\system32\dllcache\services.exe
2009-12-29 22:27:44 453120 -c----w- i:\windows\system32\dllcache\wmiprvsd.dll
2009-12-29 22:27:44 227840 -c----w- i:\windows\system32\dllcache\wmiprvse.exe
2009-12-29 22:27:43 730112 -c----w- i:\windows\system32\dllcache\lsasrv.dll
2009-12-29 22:27:43 617472 -c----w- i:\windows\system32\dllcache\advapi32.dll
2009-12-29 22:27:42 714752 -c----w- i:\windows\system32\dllcache\ntdll.dll
2009-12-29 22:20:03 455296 -c----w- i:\windows\system32\dllcache\mrxsmb.sys
2009-12-29 22:19:21 333952 -c----w- i:\windows\system32\dllcache\srv.sys
2009-12-29 22:17:46 1315328 -c----w- i:\windows\system32\dllcache\msoe.dll
2009-12-29 22:12:36 337408 -c----w- i:\windows\system32\dllcache\netapi32.dll
2009-12-29 12:08:17 0 d-----w- i:\windows\system32\scripting
2009-12-29 12:08:14 0 d-----w- i:\windows\l2schemas
2009-12-29 12:08:12 0 d-----w- i:\windows\system32\en
2009-12-29 12:08:11 0 d-----w- i:\windows\system32\bits
2009-12-29 11:54:50 0 d-----w- i:\windows\network diagnostic
2009-12-29 00:18:07 0 d-----w- i:\program files\common files\Software Update Utility
2009-12-28 19:34:56 195456 ------w- i:\windows\system32\MpSigStub.exe
2009-12-28 17:33:17 9034488 ----a-w- I:\mssefullinstall-x86fre-en-us-xp.exe
2009-12-28 16:23:54 215920 ----a-w- i:\windows\system32\muweb.dll
2009-12-28 16:23:53 274288 ----a-w- i:\windows\system32\mucltui.dll
2009-12-28 12:34:58 0 d-----w- i:\windows\system32\wbem\Repository
2009-12-28 12:32:49 0 d-----w- i:\docume~1\butt-h~1\applic~1\GlarySoft
2009-12-28 12:32:49 0 d-----w- i:\docume~1\butt-h~1\applic~1\Foxit
2009-12-28 12:32:49 0 d-----w- i:\docume~1\butt-h~1\applic~1\DriverCure
2009-12-28 12:32:49 0 d-----w- i:\docume~1\butt-h~1\applic~1\Blitware
2009-12-28 11:40:22 0 d-----w- i:\program files\MSXML 4.0
2009-12-27 12:11:24 0 d-----w- i:\docume~1\butt-h~1\applic~1\Macromedia(2)
2009-12-26 23:53:12 0 d-----w- i:\program files\AOL Email Toolbar
2009-12-26 23:53:12 0 d-----w- i:\docume~1\alluse~1\applic~1\AOL Email Toolbar
2009-12-26 02:23:57 10240 ------w- i:\windows\system32\drivers\sffp_mmc.sys
2009-12-26 02:22:59 79872 -c----w- i:\windows\system32\dllcache\msxml6r.dll
2009-12-26 02:21:46 37376 ------w- i:\windows\system32\l2gpstore.dll
2009-12-26 02:20:59 8704 -c--a-w- i:\windows\system32\dllcache\fxsperf.dll
2009-12-26 02:19:59 4255 ------w- i:\windows\system32\drivers\adv01nt5.dll
2009-12-26 02:19:59 3967 ------w- i:\windows\system32\drivers\adv02nt5.dll
2009-12-26 02:19:59 3775 ------w- i:\windows\system32\drivers\adv11nt5.dll
2009-12-26 02:19:59 3711 ------w- i:\windows\system32\drivers\adv09nt5.dll
2009-12-26 02:19:59 3647 ------w- i:\windows\system32\drivers\adv07nt5.dll
2009-12-26 02:19:59 3615 ------w- i:\windows\system32\drivers\adv05nt5.dll
2009-12-26 02:19:59 3135 ------w- i:\windows\system32\drivers\adv08nt5.dll
2009-12-26 02:19:55 136192 ------w- i:\windows\system32\aaclient.dll
2009-12-26 01:46:01 16736 ----a-w- i:\windows\system32\mucltui.dll.mui
2009-12-25 14:17:50 0 d-----w- i:\program files\Microsoft Security Essentials
2009-12-14 19:15:14 2146304 ----a-w- i:\windows\system32\GPhotos.scr

==================== Find3M ====================

2009-12-02 13:56:20 18030130 ----a-w- I:\vlc-1.0.3-win32.exe
2009-11-30 14:33:51 9052816 ----a-w- I:\MSNOIE8_ENUS_XPL.EXE
2009-10-29 07:45:38 916480 ----a-w- i:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- i:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- i:\windows\system32\httpapi.dll

============= FINISH: 22:55:24.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:59 AM

Posted 17 January 2010 - 02:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:59 AM

Posted 23 January 2010 - 08:47 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users