| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 88827 | 2008-04-10 08:49:00 | Help!!!!! Trojan | ACKS (11537) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 657831 | 2008-04-10 23:06:00 | Sorry.My fault.I forgot SDFix does not run with Vista.We will still need the Combofix to be run. | Pancake (6359) | ||
| 657832 | 2008-04-11 00:21:00 | Sorry . My fault . I forgot SDFix does not run with Vista . We will still need the Combofix to be run . Wow i ran combfix and my desk top and icons are back to normal :clap :clap Dose that mean everything is ok now?? ComboFix 08-04-08 . 7 - Meryl 2008-04-11 11:13:52 . 1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6 . 0 . 6000 . 0 . 1252 . 1 . 1033 . 18 . 332 [GMT 12:00] Running from: C:\Users\Meryl\Downloads\ComboFix . exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Meryl\AppData\Roaming\macromedia\Flash Player\#SharedObjects\B8VG2D57\iforex . com C:\Users\Meryl\AppData\Roaming\macromedia\Flash Player\#SharedObjects\B8VG2D57\iforex . com\Emerp\Ev ents\flash_object . swf\user_data . sol C:\Users\Meryl\AppData\Roaming\macromedia\Flash Player\macromedia . com\support\flashplayer\sys\#ifo rex . com C:\Users\Meryl\AppData\Roaming\macromedia\Flash Player\macromedia . com\support\flashplayer\sys\#ifo rex . com\settings . sol C:\Users\Meryl\Desktopblackbird . jpg C:\Users\Meryl\DesktopEditorFKWP1 . 5 . exe C:\Users\Meryl\DesktopEditorFKWP2 . 0 . exe C:\Users\Meryl\Desktopfilemanagerclient . exe C:\Users\Meryl\Desktopfkwp1 . 5 . exe C:\Users\Meryl\Desktopfkwp2 . 0 . exe C:\Users\Meryl\Desktopfwebd . exe C:\Users\Meryl\DesktopFWebdEditor . exe C:\Users\Meryl\DesktopTrojan . Win32 . BlackBird . exe C:\Users\Meryl\Desktopvirii . ((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-04-10 20:44 --------- d-----w C:\Program Files\Trend Micro 2008-04-10 09:23 --------- d---a-w C:\ProgramData\TEMP 2008-04-09 19:01 --------- d-----w C:\Program Files\Windows Mail 2008-04-09 11:12 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-09 10:54 --------- d-----w C:\Program Files\iTunes 2008-04-09 10:54 --------- d-----w C:\Program Files\iPod 2008-04-09 10:52 --------- d-----w C:\ProgramData\Apple Computer 2008-04-09 10:52 --------- d-----w C:\Program Files\QuickTime 2008-04-09 10:49 --------- d-----w C:\Program Files\Apple Software Update 2008-04-09 10:48 --------- d-----w C:\Program Files\Common Files\Apple 2008-04-09 08:42 --------- d-----w C:\Program Files\CCleaner 2008-04-09 08:40 --------- d-----w C:\Program Files\RegistrySmart 2008-04-09 07:23 --------- d-----w C:\Users\Meryl\AppData\Roaming\RegistrySmart 2008-04-08 20:12 --------- d-----w C:\ProgramData\Lavasoft 2008-04-08 20:11 --------- d-----w C:\Program Files\Lavasoft 2008-04-08 20:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-08 12:05 --------- d-----w C:\Users\Meryl\AppData\Roaming\DivX 2008-04-08 12:04 --------- d-----w C:\ProgramData\alebqgmd 2008-04-08 12:01 --------- d-----w C:\Program Files\DivX 2008-04-08 12:01 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-04-08 11:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-04-08 10:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-08 10:37 --------- d-----w C:\ProgramData\lolcrali 2008-04-08 10:37 --------- d-----w C:\ProgramData\ffijtjky 2008-04-04 19:36 --------- d-----w C:\Users\Meryl\AppData\Roaming\toshiba 2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a . dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c . dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07 . dll 2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11 . dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX . dll 2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker . exe 2008-03-27 05:19 --------- d-----w C:\Program Files\Windows Live 2008-03-27 05:07 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-27 05:07 --------- d-----w C:\Program Files\Windows Live Favorites 2008-03-27 04:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-27 03:59 --------- d-----w C:\ProgramData\WLInstaller 2008-03-23 20:03 737,280 ----a-w C:\Windows\iun6002 . exe 2008-03-23 20:03 --------- d-----w C:\Program Files\Codec Pack - All In 1 2008-03-23 15:52 --------- d-----w C:\Users\Meryl\AppData\Roaming\Apple Computer 2008-03-23 15:50 --------- d-----w C:\Program Files\Bonjour 2008-03-23 15:47 --------- d-----w C:\ProgramData\Apple 2008-03-23 11:11 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-23 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-23 11:04 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-23 11:02 --------- d-----w C:\ProgramData\UDL 2008-03-23 11:02 --------- d-----w C:\Program Files\epson 2008-03-23 10:57 --------- d-----w C:\ProgramData\EPSON 2008-03-22 20:30 --------- d-----w C:\ProgramData\Roaming 2008-03-22 20:30 --------- d-----w C:\ProgramData\Intel 2008-03-22 20:30 --------- d-----w C:\Program Files\Intel 2008-03-22 20:29 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_0100 0 . Wdf 2008-03-22 20:29 --------- d-----w C:\Program Files\ltmoh 2008-03-22 20:28 0 --sha-r C:\Windows\system32\drivers\1179_TOSHIBA_Satellite M200_S3A6130D004_PSMC3A-06N008 . MRK 2008-03-22 20:28 --------- d-----w C:\Program Files\Synaptics 2008-03-22 14:46 174 --sha-w C:\Program Files\desktop . ini 2008-03-22 14:41 --------- d-----w C:\Program Files\Windows Sidebar 2008-03-22 14:41 --------- d-----w C:\Program Files\Windows Defender 2008-03-22 14:41 --------- d-----w C:\Program Files\Windows Calendar 2008-03-22 13:45 704,000 ----a-w C:\Windows\System32\PhotoScreensaver . scr 2008-03-22 13:45 67,584 ----a-w C:\Windows\System32\wlanhlp . dll 2008-03-22 13:45 542,720 ----a-w C:\Windows\System32\sysmain . dll 2008-03-22 13:45 502,784 ----a-w C:\Windows\System32\wlansvc . dll 2008-03-22 13:45 47,104 ----a-w C:\Windows\System32\wlanapi . dll 2008-03-22 13:45 299,008 ----a-w C:\Windows\System32\wlansec . dll 2008-03-22 13:45 289,280 ----a-w C:\Windows\System32\wlanmsm . dll 2008-03-22 13:45 28,344 ----a-w C:\Windows\system32\drivers\battc . sys 2008-03-22 13:45 258,232 ----a-w C:\Windows\system32\drivers\acpi . sys 2008-03-22 13:45 24,064 ----a-w C:\Windows\System32\wtsapi32 . dll 2008-03-22 13:45 20,920 ----a-w C:\Windows\system32\drivers\compbatt . sys 2008-03-22 13:45 2,923,520 ----a-w C:\Windows\explorer . exe 2008-03-22 13:45 14,208 ----a-w C:\Windows\system32\drivers\CmBatt . sys 2008-03-22 13:44 194,560 ----a-w C:\Windows\System32\WebClnt . dll 2008-03-22 13:44 110,080 ----a-w C:\Windows\system32\drivers\mrxdav . sys 2008-03-22 13:43 49,664 ----a-w C:\Windows\System32\csrsrv . dll 2008-03-22 13:43 376,320 ----a-w C:\Windows\System32\winsrv . dll 2008-03-22 13:38 41,984 ----a-w C:\Windows\system32\drivers\monitor . sys 2008-03-22 13:38 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel . dll 2008-03-22 13:38 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs . sys 2008-03-22 13:37 8,147,968 ----a-w C:\Windows\System32\wmploc . DLL 2008-03-22 13:37 7,680 ----a-w C:\Windows\System32\spwmp . dll 2008-03-22 13:37 414,208 ----a-w C:\Windows\System32\msscp . dll 2008-03-22 13:37 4,096 ----a-w C:\Windows\System32\dxmasf . dll 2008-03-22 13:37 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler . dll 2008-03-22 13:36 86,016 ----a-w C:\Windows\System32\icfupgd . dll 2008-03-22 13:36 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv . sys 2008-03-22 13:36 61,952 ----a-w C:\Windows\System32\cmifw . dll 2008-03-22 13:36 396,800 ----a-w C:\Windows\System32\MPSSVC . dll 2008-03-22 13:36 392,192 ----a-w C:\Windows\System32\FirewallAPI . dll 2008-03-22 13:36 23,040 ----a-w C:\Windows\system32\drivers\tunnel . sys 2008-03-22 13:36 178,688 ----a-w C:\Windows\System32\iphlpsvc . dll 2008-03-22 13:36 16,896 ----a-w C:\Windows\System32\wfapigp . dll 2008-03-22 13:36 15,360 ----a-w C:\Windows\system32\drivers\TUNMP . SYS 2008-03-22 13:35 45,112 ----a-w C:\Windows\system32\drivers\pciidex . sys 2008-03-22 13:35 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa . exe 2008-03-22 13:35 3,470,392 ----a-w C:\Windows\System32\ntoskrnl . exe 2008-03-22 13:35 211,000 ----a-w C:\Windows\system32\drivers\volsnap . sys 2008-03-22 13:35 21,560 ----a-w C:\Windows\system32\drivers\atapi . sys 2008-03-22 13:35 17,464 ----a-w C:\Windows\system32\drivers\intelide . sys 2008-03-22 13:35 154,624 ----a-w C:\Windows\system32\drivers\nwifi . sys 2008-03-22 13:35 109,624 ----a-w C:\Windows\system32\drivers\ataport . sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar . exe" [2008-03-23 01:27 1232896] "TOSCDSPD"="TOSCDSPD . EXE" [] "EPSON Stylus CX5500 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIC AP . exe" [2007-03-01 18:01 180736] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr . exe" [2007-10-18 10:34 5724184] "ehTray . exe"="C:\Windows\ehome\ehTray . exe" [2006-11-03 00:35 125440] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG . exe" [2006-11-03 00:36 201728] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui . exe" [2008-03-23 01:39 1006264] "IgfxTray"="C:\Windows\system32\igfxtray . exe" [2007-03-29 17:32 138008] "HotKeysCmds"="C:\Windows\system32\hkcmd . exe" [2007-03-29 17:32 154392] "Persistence"="C:\Windows\system32\igfxpers . exe" [2007-03-29 17:32 133912] "RtHDVCpl"="RtHDVCpl . exe" [2007-03-14 19:50 4399104 C:\Windows\RtHDVCpl . exe] "NDSTray . exe"="NDSTray . exe" [] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh . exe" [2007-02-02 17:36 835584] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain . EXE" [2006-12-19 23:16 411768] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON . exe" [2006-12-07 16:49 55416] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView . exe" [2007-03-22 11:46 448632] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain . exe" [2007-03-23 14:41 538744] "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar . exe" [2007-03-21 17:23 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper . exe" [2008-03-30 10:36 267048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm . dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm . acm [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{B25A6774-39DC-4FDF-B117-9BA99C35A4B8}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook . exe:Microsoft Office Outlook "{EABA27EC-76F7-4E6D-9007-D0C592BEABCF}"= UDP:C:\Program Files\Bonjour\mDNSResponder . exe:Bonjour "{AA7095A3-3B98-454F-B637-70C6E18D654F}"= TCP:C:\Program Files\Bonjour\mDNSResponder . exe:Bonjour "{C832B586-8BCF-476C-8437-CE76ABB8299C}"= C:\Program Files\Windows Live\Messenger\livecall . exe:Windows Live Messenger (Phone) "{01DB2E6C-DF28-4CB7-978B-6A16764D64FE}"= UDP:C:\Program Files\iTunes\iTunes . exe:iTunes "{FF9D4EF7-2AF3-42C1-A5E7-075C31C0EC1E}"= TCP:C:\Program Files\iTunes\iTunes . exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost . exe|S vc=DFSR:Allow inbound TCP traffic| R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32 . sys [2007-03-29 17:50] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec . exe [2008-01-28 11:43] R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv . exe [2007-03-29 17:52] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv . exe [2007-02-26 16:55] R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk . sys [2006-11-20 17:11] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32 . sys [2007-03-06 16:24] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst . sys [2006-10-19 06:50] R3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S . SYS [2007-03-12 21:47] R3 yukonwlh;NDIS6 . 0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86 . sys [2007-01-10 05:00] . Contents of the 'Scheduled Tasks' folder "2008-03-27 05:07:26 C:\Windows\Tasks\Check Updates for Windows Live Toolbar . job" - C:\Program Files\Windows Live Toolbar\MSNTBUP . EXE "2008-04-09 19:01:16 C:\Windows\Tasks\RegistrySmart Scheduled Scan . job" - C:\Program Files\RegistrySmart\RegistrySmart . ex - C:\Program Files\RegistrySmart "2008-04-10 09:29:14 C:\Windows\Tasks\User_Feed_Synchronization-{9CCB7EAC-D03B-4223-A612-5CBD4348EB19} . job" - C:\Windows\system32\msfeedssync . exe . ************************************************** ************************ catchme 0 . 3 . 1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2008-04-11 11:15:54 Windows 6 . 0 . 6000 NTFS scanning hidden processes . . . scanning hidden autostart entries . . . scanning hidden files . . . scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-04-11 11:16:27 ComboFix-quarantined-files . txt 2008-04-10 23:16:24 The system cannot find message text for message number 0x2379 in the message file for Application . The system cannot find message text for message number 0x2379 in the message file for Application . . 2008-04-09 11:13:02 --- E O F --- |
ACKS (11537) | ||
| 657833 | 2008-04-11 01:08:00 | Ok.Thats good.All looks normal now.All the malware has gone so you should be fine now..... This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted text below and click OK. ComboFix /u |
Pancake (6359) | ||
| 657834 | 2008-04-11 01:32:00 | Ok.Thats good.All looks normal now.All the malware has gone so you should be fine now..... This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted text below and click OK. :punk Thanx so mucccchhhhh for all your help guys yous are a life safer :crying . |
ACKS (11537) | ||
| 657835 | 2008-04-11 01:36:00 | No probs..glad to help | Pancake (6359) | ||
| 1 2 | |||||