Trojan Alert

View previous topic View next topic Go down

Trojan Alert

Post by Sir $wat on 8th September 2009, 5:01 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:19 PM, on 9/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0027C515-D40B-45EB-ADAC-E7A213A3E52E}: NameServer = 190.80.16.3 190.80.16.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0027C515-D40B-45EB-ADAC-E7A213A3E52E}: NameServer = 190.80.16.3 190.80.16.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 8032 bytes



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Alert

Post by Dr Jay on 8th September 2009, 6:36 pm

Hi,

This log is clean. Let us do a quick check with MBAM, before we decide your computer is clean.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Alert

Post by Sir $wat on 8th September 2009, 8:11 pm

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

9/8/2009 12:45:16 PM
mbam-log-2009-09-08 (12-45-16).txt

Scan type: Quick Scan
Objects scanned: 68224
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\m.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Alert

Post by Dr Jay on 8th September 2009, 10:35 pm

Hi


Download [You must be registered and logged in to see this link.] to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, and Perform Full Scan.

In your next reply, please post the Malwarebytes log, and tell me how your computer is running. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Alert

Post by Sir $wat on 9th September 2009, 3:17 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

9/9/2009 11:16:26 AM
mbam-log-2009-09-09 (11-16-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 116393
Time elapsed: 12 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







it seems to be ruunnig better. thanx alot



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Alert

Post by Dr Jay on 9th September 2009, 5:57 pm

Hi

Let's get one last look, hopefully, to make sure trojan.agent is gone. Trojan.agent can be a tough one sometimes.

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Alert

Post by Sir $wat on 9th September 2009, 7:11 pm

im on dial up and this will take forever to install the components and scan.

Why dont i scan it with avast since i already have it intalled?



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Alert

Post by Dr Jay on 9th September 2009, 8:57 pm

Hi

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


====

NEXT

Go ahead an scan with avast!

Then, post any results back here. Just format the results like this, since there may not be a log:

Items found or infected (if any): XX
Infections (if any): ------------
--------------
--------------
Total Items Scanned: XXXXXXX
Type of scan: Full or quick or
Warnings/cautions (if any): XXXXXXXXXX


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Alert

Post by Sir $wat on 14th September 2009, 5:09 pm

Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Antivirus


Antivirus out of date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
TuneUp Utilities 2009
CCleaner (remove only)
Java(TM) 6 Update 11
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe

Alwil Software Avast4 setup avast.setup

``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````





Items found or infected (if any): 0
Infections (if any): 0
--------------
--------------
Total Items Scanned: 13.2G
Type of scan: Full
Warnings/cautions (if any): 12 Areas were unable to be scanned.

Just had a pop up from avasr saying there is a virus in the operating system.



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Alert

Post by Dr Jay on 14th September 2009, 7:44 pm

Rooter Rootkit Detector - [You must be registered and logged in to see this link.]

Download lightweight rootkit scanner: [You must be registered and logged in to see this link.] to your desktop

  1. Double click it to start the tool.
  2. A Notepad file containing the report will open, also found at
    %systemdrive%(usually C:)\Rooter.txt. Post that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan Alert

Post by Sir $wat on 15th September 2009, 2:25 am

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 15 Stepping 11, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
.
Internet Explorer 7.0.5730.11
.
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:63 Go )
D:\ [CD_Rom]
.
Scan : 22:22.57
Path : C:\Documents and Settings\Admin\Desktop\Rooter.exe
User : Admin ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1140)
______ \??\C:\WINDOWS\system32\csrss.exe (1012)
______ \??\C:\WINDOWS\system32\winlogon.exe (1116)
______ C:\WINDOWS\system32\services.exe (1216)
______ C:\WINDOWS\system32\lsass.exe (1380)
______ C:\WINDOWS\System32\svchost.exe (1508)
______ C:\WINDOWS\system32\svchost.exe (1612)
______ C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (1688)
______ C:\WINDOWS\system32\svchost.exe (1680)
______ C:\WINDOWS\System32\svchost.exe (1772)
______ C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (1736)
______ C:\WINDOWS\system32\svchost.exe (1868)
______ C:\WINDOWS\system32\svchost.exe (1972)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (352)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (456)
______ C:\WINDOWS\system32\spoolsv.exe (908)
______ C:\WINDOWS\System32\SCardSvr.exe (948)
______ C:\Program Files\Intel\AMT\atchksrv.exe (1372)
______ C:\WINDOWS\system32\ifxspmgt.exe (1864)
______ C:\WINDOWS\system32\ifxtcs.exe (2008)
______ C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (220)
______ C:\Program Files\Java\jre6\bin\jqs.exe (312)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (440)
______ C:\Program Files\Intel\AMT\LMS.exe (640)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (712)
______ C:\WINDOWS\system32\IfxPsdSv.exe (672)
______ C:\WINDOWS\system32\svchost.exe (872)
______ C:\WINDOWS\System32\TUProgSt.exe (1016)
______ C:\Program Files\Intel\AMT\UNS.exe (1096)
______ C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (1240)
______ C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (1560)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (1968)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (1920)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (1888)
______ C:\WINDOWS\System32\alg.exe (2312)
______ C:\WINDOWS\Explorer.EXE (3828)
______ C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe (3896)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2276)
______ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe (2284)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (2392)
______ C:\WINDOWS\system32\ctfmon.exe (2692)
______ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (2756)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3564)
______ C:\WINDOWS\system32\wuauclt.exe (3312)
______ C:\Documents and Settings\Admin\Desktop\Rooter.exe (3936)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:80015491584)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\1-Click Maintenance.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 22:23.01
.
C:\Rooter$\Rooter_1.txt - (14/09/2009 | 22:23.01)



Sir $wat
Top Dog
Top Dog

Posts Posts : 2078
Joined Joined : 2008-08-16
Gender Gender : Male
OS OS : Windows XP Professional SP3
Protection Protection : Panda Cloud
Points Points : 34201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Alert

Post by Dr Jay on 15th September 2009, 3:03 am

Hi

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via [url="http://update.microsoft.com"]Windows Update[/url].

==

Adobe Acrobat Reader is out of date.

Please download the newest version from here: [You must be registered and logged in to see this link.]

It's important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel > Software and open Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader.

Once old versions are gone, please install the newest version.

==

Java is out of date.

Download the newest version from here [You must be registered and logged in to see this link.].

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel > Software and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them:
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

==

!! Please update your antivirus.

Please tell me how the updates went. Any problems in updating can be sign of more malware on your computer.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum