Jump to content

Trojan.Dropper

meactut

By meactut
in Resolved Malware Removal Logs

 Share

Recommended Posts

meactut

meactut

Posted
Posted

Malwarebytes finds the following file on my my computer but can't seem to get rid of it. I get a message saying I need to reboot to delete it, when I run the scan again, it is still there.

Files Infected:

C:\preboot\rr\Migration\bin\p2pc.dll (Trojan.Dropper) -> Delete on reboot.

Any suggestions on removal? My previous advice was to Combofix or reformat, but those both seem pretty extreme.

Some in the previous post ask me to zip the file, but I could not find it. I looked through the directory and through search, so I included Trend Micro hijackThis logs, and the Malwarebytes log.

Hopefully someone has some idea of out to get rid of this thing.

Thanks,

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:32:55 PM, on 11/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec AntiVirus\VPTray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\ThinkPad\ConnectUtilities\ACMainGUI.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java

Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept