Results 1 to 1 of 1

Thread: !! Need help pelase i cant do much!!

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Posts
    3

    Default !! Need help pelase i cant do much!!

    Im currently on safe mode which is allowing me to get on to the internet and stuff but i keep getting this trojon horse which is bad!!!!\


    ----------------------------------------------------------------------------





    ComboFix 09-01-31.01 - Sal 2009-02-01 1:50:54.5 - NTFSx86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1746 [GMT -8:00]
    Running from: c:\documents and settings\Sal\Desktop\Secret Folder\Software Repairs\ComboFix.exe
    AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Sal\Application Data\Google\ptnmsnn.dll
    c:\documents and settings\Sal\Application Data\Google\vgwsn871850.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
    .

    2009-02-01 00:45 . 2009-02-01 00:45 <DIR> d-------- c:\program files\ATTToolbar
    2009-02-01 00:45 . 2009-02-01 00:45 <DIR> d-------- c:\documents and settings\Sal\Application Data\Motive
    2009-01-30 13:19 . 2009-02-01 00:45 <DIR> d-------- c:\documents and settings\Sal\Application Data\ATTToolbar
    2009-01-30 13:19 . 2009-02-01 01:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATTToolbar
    2009-01-30 13:12 . 2009-02-01 00:45 <DIR> d-------- c:\program files\Common Files\Motive
    2009-01-30 13:12 . 2009-02-01 00:45 <DIR> d-------- c:\program files\ATT-HSI
    2009-01-30 13:11 . 2009-01-30 13:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Motive
    2009-01-19 20:04 . 2009-01-19 20:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-19 20:04 . 2009-01-19 20:04 4,096 --a------ c:\windows\d3dx.dat
    2009-01-18 22:58 . 2009-01-18 23:53 <DIR> d-------- c:\windows\system32\Adobe
    2009-01-11 10:01 . 2009-01-11 10:01 410,984 --a------ c:\windows\system32\deploytk.dll
    2009-01-05 21:16 . 2009-01-05 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
    2009-01-03 18:28 . 2009-01-03 20:14 <DIR> d-------- c:\windows\system32\NtmsData
    2009-01-03 14:18 . 2009-01-05 13:31 <DIR> d-------- c:\program files\Norton Ghost
    2009-01-03 14:05 . 2009-01-03 14:05 26 --a------ c:\windows\ExplorerXP.INI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-01 16:00 --------- d-----w c:\documents and settings\Sal\Application Data\AVG7
    2009-02-01 09:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-01 09:33 --------- d-----w c:\program files\Steam
    2009-02-01 09:31 --------- d-----w c:\program files\Windows Live Safety Center
    2009-02-01 08:45 --------- d-----w c:\documents and settings\Sal\Application Data\Apple Computer
    2009-02-01 08:45 --------- d-----w c:\documents and settings\Sal\Application Data\AIMPro
    2009-02-01 08:45 --------- d-----w c:\documents and settings\Sal\Application Data\acccore
    2009-02-01 08:17 --------- d-----w c:\documents and settings\Sal\Application Data\BitTorrent
    2009-01-22 01:12 --------- d-----w c:\documents and settings\Majed\Application Data\AVG7
    2009-01-19 06:08 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
    2009-01-15 20:58 --------- d-----w c:\program files\World of Warcraft
    2009-01-14 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-11 18:01 --------- d-----w c:\program files\Java
    2009-01-06 05:06 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
    2009-01-05 06:29 --------- d-----w c:\program files\PokerStars
    2009-01-03 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2009-01-03 22:09 --------- d-----w c:\documents and settings\Sal\Application Data\mIRC
    2009-01-03 22:08 --------- d-----w c:\program files\mIRC
    2008-12-30 06:00 --------- d-----w c:\program files\Enigma Software Group
    2008-12-30 05:21 --------- d-----w c:\program files\ExplorerXP
    2008-12-30 05:02 --------- d-----w c:\documents and settings\Sal\Application Data\U3
    2008-12-29 07:58 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-12-29 07:38 --------- d-----w c:\program files\Spyware Doctor
    2008-12-29 07:27 --------- d-----w c:\documents and settings\Sal\Application Data\Lavasoft
    2008-12-29 06:50 --------- d-----w c:\documents and settings\LocalService\Application Data\Webroot
    2008-12-29 06:10 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-12-25 21:11 --------- d-----w c:\program files\Incomplete
    2008-12-25 03:14 --------- d-----w c:\program files\LimeWire
    2008-12-25 01:33 --------- d-----w c:\documents and settings\Sal\Application Data\LimeWire
    2008-12-14 23:43 --------- d-----w c:\documents and settings\Majed\Application Data\InterVideo
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-08 08:13 --------- d-----w c:\documents and settings\Sal\Application Data\SmartDraw
    2008-12-08 07:47 --------- d-----w c:\program files\SmartDraw 2009
    2008-12-01 22:52 --------- d-----w c:\program files\HP
    2008-11-20 00:22 202,648 ----a-w c:\windows\system32\PnkBstrB.exe
    2007-11-28 00:47 22,328 ----a-w c:\documents and settings\Sal\Application Data\PnkBstrK.sys
    2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
    2008-09-08 05:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2009-02-01_ 0.52.40.64 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2000-08-31 16:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
    + 2000-08-31 16:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
    - 2000-08-31 16:00:00 161,792 ----a-w c:\windows\SWREG.exe
    + 2000-08-31 16:00:00 286,720 ----a-w c:\windows\SWREG.exe
    - 2009-02-01 08:45:43 664,200 ----a-w c:\windows\system32\Restore\rstrlog.dat
    + 2009-02-01 09:31:39 409,104 ----a-w c:\windows\system32\Restore\rstrlog.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "Steam"="c:\program files\steam\steam.exe" [2008-10-16 1410296]
    "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-19 36864]
    "36X Raid Configurer"="c:\windows\System32\xRaidSetup.exe" [2007-03-21 1953792]
    "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-16 590848]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
    "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
    "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-26 219136]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2008-11-19 987136]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-11-19 81920]
    Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2003-10-09 1622016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=zebaeo.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\pinballx12889@aol.com\\counter-strike\\hl.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe"=
    "c:\\Program Files\\HLSW\\hlsw.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Steam\\steamapps\\pinballx12889@aol.com\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
    "c:\\Program Files\\HLTV Tool by Marach\\HLTV Tool.exe"=
    "c:\\Program Files\\Steam\\steam.exe"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\ijji\\ENGLISH\\u_gbound.exe"=
    "c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
    "c:\\Program Files\\Steam\\steamapps\\pinballx12889@aol.com\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Packet Tracer 5.0\\bin\\PacketTracer5.exe"=
    "c:\\Program Files\\Steam\\steamapps\\pinballx12889@aol.com\\dedicated server\\hlds.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
    "%windir%\\system32\\drivers\\svchost.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-19 99376]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
    S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
    S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-11-25 176128]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-28 356920]
    S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
    S4 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
    S4 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-12-29 2368]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09940c7d-9d40-11dc-a9f9-001d60e4f157}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3001ce7f-9bee-11dc-8714-001d60e4f157}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cabe929d-d62c-11dd-b98e-001d60e4f157}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-02-01 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-11 06:29]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-realtehs - c:\documents and settings\Sal\Application Data\Google\vgwsn871850.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.att.net
    mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Sal\Application Data\Mozilla\Firefox\Profiles\zizfnoc8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-01 01:53:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-02-01 1:54:46
    ComboFix-quarantined-files.txt 2009-02-01 09:54:45
    ComboFix2.txt 2009-02-01 08:53:47
    ComboFix3.txt 2009-01-03 22:41:36

    Pre-Run: 155,068,465,152 bytes free
    Post-Run: 155,085,422,592 bytes free

    208 --- E O F --- 2009-01-14 18:31:40


    Do NOT run 'fixes' before helpers have analyzed HJT log
    Last edited by Blade81; 2009-02-05 at 11:39. Reason: Link added

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •