Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I need help with a potential Trojan Infestation!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I need help with a potential Trojan Infestation!

Unread postby RasKhalif » July 4th, 2012, 5:16 pm

My son's laptop was just provided with internet recently through a wireless router. recently he started getting Norton pop ups saying Trojan.Gen.2 has been blocked . Then another comes up saying Trojan.Zeroaccess.B has been blcoked and AVG says Trojan horse patched_c_LYT mu\ltiple threat detection. When I havedoen multiple scans it says no friles infected but I keep getting these pop ups regfularly indicating to me from past experience something might be going on in the background. My DDS logs are below Please HELP!!!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272
Run by user at 17:05:53 on 2012-07-04
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3571.778 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\aestsrv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Security Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\SFT\GuardedID\GIDD.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\xfin_portal\CIDGlobalLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://start.funmoods.com/?f=1&a=fmtoby ... =948823281
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - c:\progra~1\funmoods\1.5.23.22\bh\escort.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\programdata\white sky, inc\id vault\iebho1.1.613.0\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\6.2.1.5\coIEPlg.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - c:\progra~1\funmoods\1.5.23.22\escorTlbr.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SPMTray] "c:\program files\pc speed maximizer\SPMTray.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://lvmailsvr01.lawrenceville.org/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{07B91313-C929-4676-8BDD-221B449D9779} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CB23B13E-5380-4273-B5E2-5D5F8214A04E} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-31 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-31 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-31 108552]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-18 821920]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-6-5 132744]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2012-6-2 25232]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20120703.002\IDSvix86.sys [2012-7-3 382624]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-7-25 32808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-9 106656]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-9-25 3666432]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-7-25 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-7-25 280096]
S3 atrsdfw;atrsdfw;c:\windows\system32\drivers\atrsdfw.sys [2009-8-3 9728]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-25 224384]
.
=============== Created Last 30 ================
.
2012-07-04 11:15:53 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-27 21:29:24 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-27 21:29:15 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-27 21:29:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-27 21:29:12 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-06 17:46:31 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-06 17:46:30 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-06-06 17:46:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-06-06 17:46:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-06 17:46:30 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-06-06 17:46:30 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-06-06 07:42:24 -------- d-----w- c:\program files\Windows Portable Devices
2012-06-06 07:20:26 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-06-06 07:20:26 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-06-06 07:20:26 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-06-06 07:19:36 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-06 07:19:35 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-06 07:19:35 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-06 07:19:35 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-06 07:19:35 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-06 07:19:35 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-06 07:19:35 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-06-06 07:13:56 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-06 07:13:56 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-06-06 07:13:56 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-06 07:13:56 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-05 23:10:26 -------- d-----w- c:\users\user\appdata\local\antiphishing-vmninternethelper1_1dn
2012-06-05 23:10:09 -------- d-----w- c:\program files\Yontoo
2012-06-05 23:10:06 -------- d-----w- c:\programdata\Tarma Installer
2012-06-05 23:08:29 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-06-05 23:08:20 -------- d-----w- c:\users\user\appdata\local\CrashDumps
2012-06-05 23:07:45 -------- d-----w- c:\users\user\appdata\local\Vid-Saver
2012-06-05 23:07:43 -------- d-----w- c:\program files\Vid-Saver
2012-06-05 23:07:30 -------- d-----w- c:\programdata\blekko toolbars
2012-06-05 21:25:02 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-06-05 21:25:02 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-06-05 21:25:02 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-05 21:25:02 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-05 21:25:01 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-06-05 21:25:01 189952 ----a-w- c:\windows\system32\winmm.dll
2012-06-05 21:23:57 66560 ----a-w- c:\windows\system32\packager.dll
2012-06-05 21:22:53 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-06-05 21:15:56 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-06-05 16:12:09 -------- d-----w- c:\windows\system32\eu-ES
2012-06-05 16:12:09 -------- d-----w- c:\windows\system32\ca-ES
2012-06-05 16:12:06 -------- d-----w- c:\windows\system32\vi-VN
2012-06-05 05:01:16 905336 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symefa.sys
2012-06-05 05:01:16 345208 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys
2012-06-05 05:01:16 318584 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys
2012-06-05 05:01:15 574072 ----a-w- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys
2012-06-05 05:01:15 340088 ----a-r- c:\windows\system32\drivers\n360\0602010.005\symds.sys
2012-06-05 05:01:15 32888 ----a-w- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys
2012-06-05 05:01:14 149624 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ironx86.sys
2012-06-05 05:01:14 132744 ----a-r- c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys
2012-06-05 05:01:00 4782 ----a-w- c:\windows\system32\drivers\n360\0602010.005\symvtcer.dat
2012-06-05 05:01:00 -------- d-----w- c:\windows\system32\drivers\n360\0602010.005
.
==================== Find3M ====================
.
2012-06-11 21:36:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-11 21:36:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-03 01:07:05 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll win32k.sys win32k.sys
c:\windows\system32\drivers\iastor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x81E86936] -> \Device\Harddisk0\DR0[0x867F1AC8]
3 CLASSPNP[0x8BDB18B3] -> ntkrnlpa!IofCallDriver[0x81E86936] -> \Device\Ide\IAAStorageDevice-1[0x8572B028]
kernel: MBR read successfully
_asm { JMP 0x1c; }
user != kernel MBR !!!
.
============= FINISH: 17:07:14.92 ===============
Last edited by RasKhalif on July 4th, 2012, 5:23 pm, edited 1 time in total.
RasKhalif
Regular Member
 
Posts: 46
Joined: July 15th, 2009, 11:28 am
Advertisement
Register to Remove

Re: I need help with a potential Trojan Infestation!

Unread postby RasKhalif » July 4th, 2012, 5:18 pm

Te\he Attached DDs Notepad is Below:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 7/25/2009 10:49:00 AM
System Uptime: 7/4/2012 7:06:54 AM (10 hours ago)
.
Motherboard: Dell Inc. | | 0P759R
Processor: Intel(R) Core(TM)2 Duo CPU T9550 @ 2.66GHz | Microprocessor | 2668/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 190.761 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.135 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82567LM Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_02331028&REV_03\3&2ACF1E9&0&C8
Manufacturer: Intel
Name: Intel(R) 82567LM Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_02331028&REV_03\3&2ACF1E9&0&C8
Service: e1yexpress
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
All Day Battery Life Configuration
Ambient Light Sensor
Anti-phishing Domain Advisor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 8.5
Belkin Setup and Router Monitor
BioAPI Framework
biolsp patch
Bonjour
Broadcom USH Host Components
Choice Guard
CleanUp!
Compatibility Pack for the 2007 Office system
Constant Guard Protection Suite
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Getting Started Guide
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
GeoGebra 4
Google Chrome
Google Drive
Google Update Helper
GuardedID
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.06.03.0309)
Intel(R) Network Connections 13.0.42.0
Intel(R) PRO Alerting Agent
Intel(R) PROSet/Wireless WiFi API
Intel(R) PROSet/Wireless WiFi Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 13
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
NTRU TCG Software Stack
NVIDIA Drivers
PowerDVD DX
Preboot Manager
Private Information Manager
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Secure Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Wizards
SO32MMWrapper
Sonic CinePlayer Decoder Pack
Trusted Drive Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vid-Saver
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
XFINITY Toolbar
Yontoo 1.10.02
.
==== End Of File ===========================
RasKhalif
Regular Member
 
Posts: 46
Joined: July 15th, 2009, 11:28 am

Re: I need help with a potential Trojan Infestation!

Unread postby deltalima » July 4th, 2012, 5:33 pm

Bumping or Replying to Your Own Topic

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why you should not reply to or try to bump your topic.
Please submit a new log and wait for a helper to reply. Thank you for your understanding.

This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 385 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware