Jump to content

RGRG

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Miekie, Need your help getting rid of Trojan.Metajuan virus. I downloaded combofix and run the program. Here's the log. ComboFix 09-08-27.02 - Karma Rabten 08/27/2009 21:56.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494.240 [GMT -4:00] Running from: c:\documents and settings\Karma Rabten\Desktop\aComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\46963d.msi c:\windows\system32\drivers\ndisrd.sys c:\windows\system32\drivers\UACxubrftalnk.sys c:\windows\system32\ndisapi.dll c:\windows\system32\UACbymbpxtmpj.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACmxexyaxnvp.dat c:\windows\system32\UACpiqwhpymbq.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_UACd.sys -------\Legacy_NDISRD -------\Service_NDISRD ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 ))))))))))))))))))))))))))))))) . 2009-08-28 01:35 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-28 01:35 . 2009-08-28 01:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-28 01:35 . 2009-08-28 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-28 01:35 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-26 03:29 . 2009-08-28 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-26 03:17 . 2009-08-26 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-15 18:33 . 2009-08-15 18:33 -------- d-----w- c:\program files\Common Files\Uninstall 2009-08-15 18:33 . 2009-08-26 03:53 -------- d-----w- c:\program files\PersonalAV 2009-08-11 23:47 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-26 04:07 . 2009-03-07 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-26 03:23 . 2009-03-07 20:48 -------- d-----w- c:\program files\Symantec AntiVirus 2009-08-05 09:01 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-15 18:43 . 2009-02-17 05:55 -------- d-----w- c:\documents and settings\Karma Rabten\Application Data\Apple Computer 2009-07-14 03:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-06-26 16:50 . 2001-08-23 12:00 666624 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:50 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll 2009-06-25 08:25 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2001-08-23 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2001-08-23 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2001-08-23 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2001-08-23 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2001-08-23 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2001-08-23 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2001-08-23 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2009-02-14 05:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2001-08-23 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2001-08-23 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-25 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-25 118784] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-10-16 1368064] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-10-16 1191936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\Karma Rabten\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/22/2009 10:51 AM 55152] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360] . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Karma Rabten\Application Data\Mozilla\Firefox\Profiles\1b82mer2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-27 22:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\system32\netprovcredman.dll - - - - - - - > 'explorer.exe'(3836) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-28 22:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-28 02:05 Pre-Run: 23,843,942,400 bytes free Post-Run: 24,188,776,448 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 143 --- E O F --- 2009-08-19 06:06 Would greatly appreciate your help. Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.