false trojans or remove?

View previous topic View next topic Go down

false trojans or remove?

Post by airtas on 13th June 2009, 4:56 am

Did a Scan with malwarebytes and got this.........legit?

Malwarebytes' Anti-Malware 1.37
Database version: 2266
Windows 5.1.2600 Service Pack 3

6/13/2009 12:53:33 AM
mbam-log-2009-06-13 (00-53-28).txt

Scan type: Quick Scan
Objects scanned: 106650
Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50a70867-20df-45d5-81eb-e3e08bedd123} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{50a70867-20df-45d5-81eb-e3e08bedd123} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89e82d98-8dfa-4908-893d-b2ffa952c7d7} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{89e82d98-8dfa-4908-893d-b2ffa952c7d7} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce867828-5cc1-4e92-99c4-02ee2e1a7ca9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ce867828-5cc1-4e92-99c4-02ee2e1a7ca9} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe36ba93-3f00-4a00-a476-b7b6f60096b6} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe36ba93-3f00-4a00-a476-b7b6f60096b6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe851c36-2edb-4007-8712-eb848f05959f} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe851c36-2edb-4007-8712-eb848f05959f} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 13th June 2009, 1:22 pm

"No action taken"

Please press the "Remove selected" button in MBAM and let it delete everything it finds.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 13th June 2009, 4:45 pm

how to I post the file since it is too big

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 13th June 2009, 4:46 pm

Split it up into more than one post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 13th June 2009, 7:44 pm

DDS (Ver_09-05-14.01) - NTFSx86
Run by John Tasinas at 12:16:40.87 on Sat 06/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.573 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Weather Add-in for Windows Live Toolbar\WeatherDataClient.exe
C:\Documents and Settings\John Tasinas\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {0A437B73-C519-4AC6-BF6C-976FD3E31FD0} - No File
BHO: {1172130F-0AB0-4D4E-8B63-5B1EFE7C2CF9} - No File
BHO: {11CF9A58-B6C6-495D-94C0-E193AF6A19FC} - No File
BHO: {184384EF-BA20-4BA4-86F0-3B7570C15444} - No File
BHO: {2730B2CF-2533-4AAC-B075-57DE533DB075} - No File
BHO: {2A042D21-2F43-4B86-A2D7-16756B9CD22B} - No File
BHO: {2D5E76F8-B3E7-4B3E-AD03-A4A249F5F8DF} - No File
BHO: {356A7A14-F695-4F8F-85FC-5494AA7114B7} - No File
BHO: {366B16B2-7AA6-444C-943D-1DBB35A1A9B3} - No File
BHO: {4631D05A-990C-4752-ADC5-AC46D1625377} - No File
BHO: {48D0E15C-A6ED-4283-A3FC-CB78C922404C} - No File
BHO: {4c21fbf0-da83-4298-adb8-82d018b8d58c} - c:\windows\system32\MFD71FRA.DLL
BHO: {520D22E2-E3EB-4A5B-81F6-DB54E161B1E8} - No File
BHO: {5a4e624b-a960-478d-8d07-0fb8cc21e1f9} - c:\windows\system32\MP43DMOE.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.134\coIEPlg.dll
BHO: {66D3D963-6C1C-4809-9A23-626E9984BB0B} - No File
BHO: {6bfb1a37-71cc-4b0b-945e-727475918c3e} - c:\windows\system32\psapi32.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.134\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7B3E2373-6A7E-4A18-BD08-26000800C045} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {82163F5D-BC32-4168-A7A5-91F549061E51} - No File
BHO: {8A3400D8-B84A-4C3E-A761-BAD675F23D49} - No File
BHO: {8B53318F-259A-4436-B9AE-7E34F0E0104C} - No File
BHO: {8B93A866-0C81-48A8-B9CC-40585651616E} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {942E0D83-6B0C-4F44-94BD-568A5C953415} - No File
BHO: {95865880-39C1-45A1-9503-81F7050F1364} - No File
BHO: {A5FB2B15-9420-49D7-A68A-84BBE2972815} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: {C4D1AE52-460B-4256-AE1F-682D60CD5FF4} - No File
BHO: {c8e975eb-7c02-4db9-854f-9baa904ecf96} - c:\windows\system32\qutil32.dll
BHO: {D9613065-FD61-4E31-A2D9-56259CF4CA92} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EB4D7A57-7CC4-4F21-AAC5-5CE7B2ACEFC8} - No File
BHO: {ef78228c-5d74-4b27-9ef1-8a3a58007015} - c:\windows\system32\MFC72KOR.DLL
BHO: {FF35ADE7-87FA-4232-993D-256160109A15} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.134\coIEPlg.dll
uRun: [P2kAutostart]
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: []
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\johnta~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {EE2499C3-FE60-11D3-996B-0060081C6822} - [You must be registered and logged in to see this link.]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.134\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 13th June 2009, 7:44 pm

FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnta~1\applic~1\mozilla\firefox\profiles\8wdv1e9j.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-13 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.086\SymEFA.sys [2009-3-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.086\BHDrvx86.sys [2009-3-3 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.086\cchpx86.sys [2009-3-3 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090610.006\IDSXpx86.sys [2009-6-12 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.134\ccSvcHst.exe [2009-3-3 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090613.003\NAVENG.SYS [2009-6-13 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090613.003\NAVEX15.SYS [2009-6-13 876144]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-7-23 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-7-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-7-23 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-7-23 23680]

=============== Created Last 30 ================

2009-06-13 11:51 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-13 01:08 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-13 01:02 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-13 01:02 --d----- c:\program files\Lavasoft
2009-06-12 12:06 --d----- c:\docume~1\johnta~1\applic~1\Malwarebytes
2009-06-12 12:06 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 12:06 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-12 12:06 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-12 12:06 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 02:15 --d----- c:\program files\iPod
2009-05-30 11:14 --d----- c:\program files\True Audio
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-23 13:32 --d----- c:\program files\common files\Adobe Systems Shared
2009-05-23 13:17 --d----- c:\docume~1\johnta~1\applic~1\foobar2000
2009-05-23 13:16 --d----- c:\program files\foobar2000
2009-05-22 01:38 --d----- c:\windows\Replay Media Catcher
2009-05-21 16:16 --d----- c:\program files\Sonic
2009-05-21 16:00 --d----- c:\program files\Roxio

==================== Find3M ====================

2009-05-23 20:34 34 a------- c:\documents and settings\john tasinas\jagex_runescape_preferences.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-01 13:00 87,608 a------- c:\docume~1\johnta~1\applic~1\inst.exe
2009-04-01 13:00 47,360 a------- c:\docume~1\johnta~1\applic~1\pcouffin.sys
2008-06-14 20:43 79,328 a------- c:\documents and settings\john tasinas\mqdmserd.sys
2008-06-14 20:43 5,936 a------- c:\documents and settings\john tasinas\mqdmwhnt.sys
2008-06-14 20:43 92,064 a------- c:\documents and settings\john tasinas\mqdmmdm.sys
2008-06-14 20:43 66,656 a------- c:\documents and settings\john tasinas\mqdmbus.sys
2008-06-14 20:43 25,600 a------- c:\documents and settings\john tasinas\usbsermptxp.sys
2008-06-14 20:43 22,768 a------- c:\documents and settings\john tasinas\usbsermpt.sys
2008-06-14 20:43 9,232 a------- c:\documents and settings\john tasinas\mqdmmdfl.sys
2008-06-14 20:43 6,208 a------- c:\documents and settings\john tasinas\mqdmcmnt.sys
2008-06-14 20:43 4,048 a------- c:\documents and settings\john tasinas\mqdmcr.sys
2008-08-28 18:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 12:17:43.68 ===============

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 13th June 2009, 7:45 pm

Hello.
Just some leftovers to get.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 13th June 2009, 8:38 pm

will do................any idea why norton or ADAWARE never found anything?


and how serious were my trohans?

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Origin on 13th June 2009, 8:40 pm

I wouldn't recommend using Ad-aware, it just finds tracking cookies, you are better off using Malwarebytes same goes with Norton. Please post the log Wink


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 2:53 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:31 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Weather Add-in for Windows Live Toolbar\WeatherDataClient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A437B73-C519-4AC6-BF6C-976FD3E31FD0} - (no file)
O2 - BHO: (no name) - {1172130F-0AB0-4D4E-8B63-5B1EFE7C2CF9} - (no file)
O2 - BHO: (no name) - {11CF9A58-B6C6-495D-94C0-E193AF6A19FC} - (no file)
O2 - BHO: (no name) - {184384EF-BA20-4BA4-86F0-3B7570C15444} - (no file)
O2 - BHO: (no name) - {2730B2CF-2533-4AAC-B075-57DE533DB075} - (no file)
O2 - BHO: (no name) - {2A042D21-2F43-4B86-A2D7-16756B9CD22B} - (no file)
O2 - BHO: (no name) - {2D5E76F8-B3E7-4B3E-AD03-A4A249F5F8DF} - (no file)
O2 - BHO: (no name) - {356A7A14-F695-4F8F-85FC-5494AA7114B7} - (no file)
O2 - BHO: (no name) - {366B16B2-7AA6-444C-943D-1DBB35A1A9B3} - (no file)
O2 - BHO: (no name) - {4631D05A-990C-4752-ADC5-AC46D1625377} - (no file)
O2 - BHO: (no name) - {48D0E15C-A6ED-4283-A3FC-CB78C922404C} - (no file)
O2 - BHO: (no name) - {4C21FBF0-DA83-4298-ADB8-82D018B8D58C} - C:\WINDOWS\system32\MFD71FRA.DLL (file missing)
O2 - BHO: (no name) - {520D22E2-E3EB-4A5B-81F6-DB54E161B1E8} - (no file)
O2 - BHO: (no name) - {5A4E624B-A960-478D-8D07-0FB8CC21E1F9} - C:\WINDOWS\system32\MP43DMOE.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: (no name) - {66D3D963-6C1C-4809-9A23-626E9984BB0B} - (no file)
O2 - BHO: (no name) - {6BFB1A37-71CC-4B0B-945E-727475918C3E} - C:\WINDOWS\system32\psapi32.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7B3E2373-6A7E-4A18-BD08-26000800C045} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {82163F5D-BC32-4168-A7A5-91F549061E51} - (no file)
O2 - BHO: (no name) - {8A3400D8-B84A-4C3E-A761-BAD675F23D49} - (no file)
O2 - BHO: (no name) - {8B53318F-259A-4436-B9AE-7E34F0E0104C} - (no file)
O2 - BHO: (no name) - {8B93A866-0C81-48A8-B9CC-40585651616E} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942E0D83-6B0C-4F44-94BD-568A5C953415} - (no file)
O2 - BHO: (no name) - {95865880-39C1-45A1-9503-81F7050F1364} - (no file)
O2 - BHO: (no name) - {A5FB2B15-9420-49D7-A68A-84BBE2972815} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C4D1AE52-460B-4256-AE1F-682D60CD5FF4} - (no file)
O2 - BHO: (no name) - {C8E975EB-7C02-4DB9-854F-9BAA904ECF96} - C:\WINDOWS\system32\qutil32.dll (file missing)
O2 - BHO: (no name) - {D9613065-FD61-4E31-A2D9-56259CF4CA92} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EB4D7A57-7CC4-4F21-AAC5-5CE7B2ACEFC8} - (no file)
O2 - BHO: (no name) - {EF78228C-5D74-4B27-9EF1-8A3A58007015} - C:\WINDOWS\system32\MFC72KOR.DLL (file missing)
O2 - BHO: (no name) - {FF35ADE7-87FA-4232-993D-256160109A15} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 2:53 am

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {EE2499C3-FE60-11D3-996B-0060081C6822} (PscViewer Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15655 bytes

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 2:56 am

[You must be registered and logged in to see this link.] wrote:I wouldn't recommend using Ad-aware, it just finds tracking cookies, you are better off using Malwarebytes same goes with Norton. Please post the log Wink


norton normally finds trojans though

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Origin on 16th June 2009, 4:13 am

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean. Please see here for instructions on how to disable it:

1. Right-click on the Ad-Watch icon in the system tray (located down by the system clock for most configurations)
2. Choose *Settings* from the dropdown menu
3. Under the *General Settings* tab turn OFF (red x) the option to "Load Ad-Watch at Startup" (if enabled)

4. Click on the *Status* button in the left hand menu
5. Turn OFF (red x) the option for *Regshield*
6. Close that window, then right-click on the Ad-Watch icon shield again down in the system tray next to the clock.
7. Choose *Turn off Ad-Watch* from the drop menu




  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {0A437B73-C519-4AC6-BF6C-976FD3E31FD0} - (no file)
    O2 - BHO: (no name) - {1172130F-0AB0-4D4E-8B63-5B1EFE7C2CF9} - (no file)
    O2 - BHO: (no name) - {11CF9A58-B6C6-495D-94C0-E193AF6A19FC} - (no file)
    O2 - BHO: (no name) - {184384EF-BA20-4BA4-86F0-3B7570C15444} - (no file)
    O2 - BHO: (no name) - {2730B2CF-2533-4AAC-B075-57DE533DB075} - (no file)
    O2 - BHO: (no name) - {2A042D21-2F43-4B86-A2D7-16756B9CD22B} - (no file)
    O2 - BHO: (no name) - {2D5E76F8-B3E7-4B3E-AD03-A4A249F5F8DF} - (no file)
    O2 - BHO: (no name) - {356A7A14-F695-4F8F-85FC-5494AA7114B7} - (no file)
    O2 - BHO: (no name) - {366B16B2-7AA6-444C-943D-1DBB35A1A9B3} - (no file)
    O2 - BHO: (no name) - {4631D05A-990C-4752-ADC5-AC46D1625377} - (no file)
    O2 - BHO: (no name) - {48D0E15C-A6ED-4283-A3FC-CB78C922404C} - (no file)
    O2 - BHO: (no name) - {4C21FBF0-DA83-4298-ADB8-82D018B8D58C} - C:\WINDOWS\system32\MFD71FRA.DLL (file missing)
    O2 - BHO: (no name) - {520D22E2-E3EB-4A5B-81F6-DB54E161B1E8} - (no file)
    O2 - BHO: (no name) - {5A4E624B-A960-478D-8D07-0FB8CC21E1F9} - C:\WINDOWS\system32\MP43DMOE.dll (file missing)
    O2 - BHO: (no name) - {66D3D963-6C1C-4809-9A23-626E9984BB0B} - (no file)
    O2 - BHO: (no name) - {6BFB1A37-71CC-4B0B-945E-727475918C3E} - C:\WINDOWS\system32\psapi32.dll (file missing)
    O2 - BHO: (no name) - {7B3E2373-6A7E-4A18-BD08-26000800C045} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {82163F5D-BC32-4168-A7A5-91F549061E51} - (no file)
    O2 - BHO: (no name) - {8A3400D8-B84A-4C3E-A761-BAD675F23D49} - (no file)
    O2 - BHO: (no name) - {8B53318F-259A-4436-B9AE-7E34F0E0104C} - (no file)
    O2 - BHO: (no name) - {8B93A866-0C81-48A8-B9CC-40585651616E} - (no file)
    O2 - BHO: (no name) - {942E0D83-6B0C-4F44-94BD-568A5C953415} - (no file)
    O2 - BHO: (no name) - {95865880-39C1-45A1-9503-81F7050F1364} - (no file)
    O2 - BHO: (no name) - {A5FB2B15-9420-49D7-A68A-84BBE2972815} - (no file)
    O2 - BHO: (no name) - {C4D1AE52-460B-4256-AE1F-682D60CD5FF4} - (no file)
    O2 - BHO: (no name) - {C8E975EB-7C02-4DB9-854F-9BAA904ECF96} - C:\WINDOWS\system32\qutil32.dll (file missing)
    O2 - BHO: (no name) - {D9613065-FD61-4E31-A2D9-56259CF4CA92} - (no file)
    O2 - BHO: (no name) - {EB4D7A57-7CC4-4F21-AAC5-5CE7B2ACEFC8} - (no file)
    O2 - BHO: (no name) - {EF78228C-5D74-4B27-9EF1-8A3A58007015} - C:\WINDOWS\system32\MFC72KOR.DLL (file missing)
    O2 - BHO: (no name) - {FF35ADE7-87FA-4232-993D-256160109A15} - (no file)



  • Press "Fix Checked"
  • Close Hijack This.







1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 6:02 am

is there anything I can do to speed up my web browser? seems slower after everything

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 6:03 am

and what exactly am I removing?

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 16th June 2009, 8:40 am

The Hijack This fix just fixes a bunch of leftovers BHO (Browser Helper Objects) keys.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 4:33 pm

[You must be registered and logged in to see this link.] wrote:The Hijack This fix just fixes a bunch of leftovers BHO (Browser Helper Objects) keys.


what do those do?

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 16th June 2009, 5:59 pm

Their a bit like toolbars, they put add-ons for IE, like the Java quick starter so online Java games load faster.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 6:09 pm

so they are trojan left overs?

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 6:37 pm

ComboFix 09-06-15.07 - John Tasinas 06/16/2009 14:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.542 [GMT -4:00]
Running from: c:\documents and settings\John Tasinas\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John Tasinas\Application Data\inst.exe
c:\windows\system32\systeminfo3.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-16 14:12 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\EECTRL.SYS
2009-06-16 14:12 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\CCERASER.DLL
2009-06-16 14:12 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\ERASER.SYS
2009-06-16 14:12 . 2009-02-19 09:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\NAVENG.SYS
2009-06-16 14:12 . 2009-02-19 09:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\NAVEX15.SYS
2009-06-16 14:12 . 2009-02-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\NAVENG32.DLL
2009-06-16 14:12 . 2009-02-19 09:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\NAVEX32A.DLL
2009-06-16 14:12 . 2009-01-03 15:31 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\ECMSVR32.DLL
2009-06-16 02:49 . 2009-06-16 02:49 -------- d-----w- c:\program files\Trend Micro
2009-06-16 02:47 . 2009-06-16 02:47 -------- d-----w- c:\windows\LastGood
2009-06-15 18:11 . 2009-06-15 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
2009-06-15 18:09 . 2009-06-15 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-15 17:45 . 2009-02-27 11:20 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-15 17:38 . 2009-06-15 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-06-15 17:38 . 2009-06-15 17:38 -------- d-----w- c:\program files\SmartSound Software
2009-06-15 17:36 . 2009-06-15 17:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-15 05:58 . 2009-06-15 16:37 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Download Manager
2009-06-15 05:21 . 2002-03-17 06:00 7420 ----a-w- c:\windows\UA000104.DLL
2009-06-15 05:18 . 2009-06-15 17:48 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Ulead Systems
2009-06-15 05:13 . 2009-06-15 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-06-15 05:12 . 2008-04-02 01:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-06-15 05:12 . 2008-04-02 01:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-06-15 05:12 . 2008-04-02 01:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-06-15 05:12 . 2008-04-02 01:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-06-15 05:12 . 2008-04-02 01:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-06-15 05:12 . 2008-04-02 01:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2009-06-15 05:11 . 2009-06-15 05:11 -------- d-----w- c:\program files\Windows Media Components
2009-06-15 05:08 . 2009-06-15 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-06-15 05:08 . 2009-06-15 05:11 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-15 05:07 . 2009-06-15 05:08 -------- d-----w- c:\program files\Corel
2009-06-15 05:05 . 2002-03-17 06:00 7420 ----a-w- c:\windows\UA000106.DLL
2009-06-13 15:51 . 2009-06-13 05:07 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-13 05:08 . 2009-06-13 05:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-13 05:07 . 2009-06-13 05:07 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-13 05:07 . 2009-06-13 05:07 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-13 05:07 . 2009-06-13 05:07 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-13 05:07 . 2009-06-13 05:07 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-13 05:07 . 2009-06-13 05:07 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-13 05:07 . 2009-06-13 05:07 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-13 05:07 . 2009-06-13 05:07 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-13 05:06 . 2009-06-13 05:06 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-13 05:06 . 2009-06-13 05:06 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-13 05:06 . 2009-06-13 05:06 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-13 05:05 . 2009-06-13 05:05 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-13 05:05 . 2009-06-13 05:05 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-13 05:05 . 2009-06-13 05:05 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-13 05:05 . 2009-06-13 05:05 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-13 05:05 . 2009-06-13 05:05 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-13 05:05 . 2009-06-13 05:05 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-13 05:04 . 2009-06-13 05:04 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-13 05:04 . 2009-06-13 05:04 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-13 05:02 . 2009-06-13 05:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-13 05:02 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-13 05:02 . 2009-06-13 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-13 05:02 . 2009-06-13 05:02 -------- d-----w- c:\program files\Lavasoft
2009-06-12 19:35 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-06-12 19:35 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-06-12 19:35 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-12 19:35 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-12 19:35 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-06-12 16:06 . 2009-06-12 16:06 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Malwarebytes
2009-06-12 16:06 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 16:06 . 2009-06-12 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-12 16:06 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 16:06 . 2009-06-12 16:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 18:19 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll
2009-06-08 18:19 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys
2009-06-08 18:19 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys
2009-06-08 18:19 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll
2009-06-08 18:19 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys
2009-06-08 06:15 . 2009-06-08 06:15 -------- d-----w- c:\program files\iPod
2009-06-08 06:10 . 2009-06-08 06:11 -------- d-----w- c:\program files\QuickTime
2009-06-08 06:02 . 2009-06-08 06:02 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-30 15:14 . 2009-05-30 15:14 -------- d-----w- c:\program files\True Audio
2009-05-29 16:15 . 2009-05-29 16:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-05-25 23:10 . 2009-05-25 23:10 34062 ----a-w- c:\documents and settings\John Tasinas\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-23 17:32 . 2009-05-23 17:32 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-23 17:17 . 2009-05-28 02:35 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\foobar2000
2009-05-23 17:16 . 2009-05-23 17:16 -------- d-----w- c:\program files\foobar2000
2009-05-22 05:38 . 2009-05-22 05:38 -------- d-----w- c:\windows\Replay Media Catcher
2009-05-21 20:16 . 2009-05-21 20:17 -------- d-----w- c:\program files\Sonic
2009-05-21 20:00 . 2009-05-21 20:16 -------- d-----w- c:\program files\Roxio
2009-05-21 20:00 . 2009-05-21 20:16 -------- d-----w- c:\program files\Common Files\Roxio Shared

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 6:37 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 02:44 . 2009-03-22 02:07 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-15 18:16 . 2008-04-10 05:58 97576 ----a-w- c:\documents and settings\John Tasinas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-15 18:02 . 2009-06-15 18:02 -------- d-----w- c:\windows\Fonts\Fonts
2009-06-15 18:00 . 2008-04-10 19:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-15 05:32 . 2008-04-11 23:44 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Azureus
2009-06-15 05:12 . 2008-04-10 05:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 05:06 . 2008-06-15 00:35 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\InstallShield
2009-06-15 04:09 . 2008-04-10 17:54 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\mIRC
2009-06-15 04:08 . 2008-04-10 17:54 -------- d-----w- c:\program files\mIRC
2009-06-15 00:24 . 2008-04-10 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-08 19:48 . 2008-09-16 22:22 -------- d-----w- c:\program files\iTunes
2009-06-08 06:15 . 2008-09-16 22:15 -------- d-----w- c:\program files\Common Files\Apple
2009-06-04 02:19 . 2009-03-22 02:26 256 ----a-w- c:\windows\system32\pool.bin
2009-05-30 17:31 . 2008-06-17 03:14 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\U3
2009-05-25 23:10 . 2008-05-13 13:35 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Move Networks
2009-05-24 00:34 . 2008-10-19 01:11 34 ----a-w- c:\documents and settings\John Tasinas\jagex_runescape_preferences.dat
2009-05-21 20:17 . 2008-04-30 15:43 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-05-21 20:06 . 2008-04-30 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-05-15 17:51 . 2008-04-10 17:58 -------- d-----w- c:\program files\Winamp
2009-05-12 19:25 . 2009-05-12 02:41 -------- d-----w- c:\program files\Exact Audio Copy
2009-05-12 02:41 . 2009-05-12 02:41 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\AccurateRip
2009-05-09 18:09 . 2009-05-09 18:07 -------- d-----w- c:\program files\AoA Audio Extractor
2009-05-09 18:07 . 2009-05-09 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-09 18:01 . 2009-05-09 18:01 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\FLV Extract
2009-05-09 05:49 . 2009-04-14 15:58 -------- d-----w- c:\program files\Trillian
2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 00:13 . 2009-03-22 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-02 16:52 . 2009-05-02 16:52 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Amazon
2009-05-02 05:27 . 2008-05-22 01:07 -------- d-----w- c:\program files\Motorola
2009-05-02 05:25 . 2008-06-14 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-05-02 05:24 . 2008-07-30 16:06 -------- d-----w- c:\program files\QPST
2009-05-02 05:00 . 2008-04-21 02:58 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\LimeWire
2009-04-29 04:56 . 2004-08-03 22:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-03 22:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 19:33 . 2009-04-23 19:33 -------- d-----r- c:\program files\Norton Support
2009-04-23 00:43 . 2008-04-11 23:43 -------- d-----w- c:\program files\Azureus
2009-04-17 12:26 . 2004-08-03 21:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 22:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-04 05:15 . 2009-04-04 05:15 152576 ----a-w- c:\documents and settings\John Tasinas\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-03 18:20 . 2009-04-01 17:00 9618 ----a-w- c:\documents and settings\All Users\Application Data\DVDXStudio\CloneDVD4\MainApp.dll
2009-04-01 17:00 . 2009-04-01 17:00 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-04-01 17:00 . 2009-04-01 17:00 47360 ----a-w- c:\documents and settings\John Tasinas\Application Data\pcouffin.sys
2009-04-01 17:00 . 2009-04-01 17:00 47360 ----a-w- c:\documents and settings\John Tasinas\Application Data\pcouffin.sys
2009-04-01 16:45 . 2009-04-01 16:45 643072 ----a-w- c:\documents and settings\John Tasinas\Application Data\RipIt4Me\updater\ri4mupdater.exe
2009-03-28 20:17 . 2009-03-28 20:16 27655688 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US62016801cupd.exe
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-19 02:50 . 2008-11-07 01:20 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 02:50 . 2008-11-07 01:20 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 02:50 . 2008-11-07 01:20 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 02:50 . 2008-11-07 01:20 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 02:50 . 2008-11-07 01:20 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2006-07-11 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-06-05 615696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-13 518488]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]

c:\documents and settings\John Tasinas\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-8-18 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/13/2009 1:08 AM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SymEFA.sys [3/3/2009 5:24 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [3/3/2009 5:24 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\cchpx86.sys [3/3/2009 5:23 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys [6/12/2009 3:35 PM 276344]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 2:02 PM 163840]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [3/3/2009 5:24 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 8:30 PM 101936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys --> c:\windows\system32\DRIVERS\CSVirtA.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/23/2008 10:54 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/23/2008 10:54 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/23/2008 10:54 PM 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [7/23/2008 10:54 PM 23680]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ADOBEACTIVEFILEMONITOR7.0
*NewlyCreated* - FLEXNET_LICENSING_SERVICE
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 05:05]

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]

2009-06-16 c:\windows\Tasks\User_Feed_Synchronization-{851895F6-3FCC-4F98-94BF-83BFCA8185B3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-P2kAutostart - (no file)
HKLM-Run-RoxWatchTray - c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: {EE2499C3-FE60-11D3-996B-0060081C6822} - [You must be registered and logged in to see this link.]
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-16 14:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2009-06-16 14:28
ComboFix-quarantined-files.txt 2009-06-16 18:28

Pre-Run: 21,082,923,008 bytes free
Post-Run: 23,485,251,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

284 --- E O F --- 2009-06-15 00:24

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 16th June 2009, 6:43 pm

Hello.
Just need to remove Azerus now.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 6:45 pm

[You must be registered and logged in to see this link.] wrote:Hello.
Just need to remove Azerus now.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

I use Azerus though?

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 16th June 2009, 6:52 pm

Hello.
Okay, just be careful what you download.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 7:01 pm

everything is great except when I try to connect to the first homepage.......takes longer than normal not a lot but not as fast as it was

do i need to reset an IP setting?

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 16th June 2009, 7:05 pm

If your on a router, reboot it so the router cache if flushed.
You can also flush your DNS by doing the following:

Start > Run. In the run box, copy and paste in:

ipconfig /flushdns

Hit enter.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 16th June 2009, 7:07 pm

before I do that, I have another PC that connects quickly.........will the DNS be computer specific?

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 16th June 2009, 10:14 pm

DNS is given by your ISP via the router, but it will be quicker if that's what you mean.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 17th June 2009, 12:42 am

so its not a DNS issue issue since the other cpu should be slow as well correct?

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 17th June 2009, 12:28 pm

Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 18th June 2009, 6:32 pm

how do I remove windows recovery?

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 18th June 2009, 7:57 pm

I would prefer if that stays, it can be helpful in a tough situation.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 18th June 2009, 10:39 pm

Autoplay of external devices no longer works..........

is that a registry setting

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

Re: false trojans or remove?

Post by Belahzur on 18th June 2009, 10:49 pm

Yes, for your safety. Combofix turns autoplay/autorun off, stops flash drive infections from running when USB devices are plugged in.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: false trojans or remove?

Post by airtas on 7th August 2009, 6:16 pm

Not sure if this is related though but whenever I use Roxio Burning Software I get this error


Unspecified Error 0x80004005


Any ideas? It is not the burner because I cant creat an iso from the file and I uninstalled/reinstalled numerous times, is there anything that I may have removed?


It was working fine up until I did all this

airtas
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-06-11
OS OS : XP
Points Points : 27635
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum