Thread: NTOSKRNL Hook Trojan...I Need Help!
View Single Post
Old 06-20-2009, 04:04 PM   #1 (permalink)
simps18
Registered User
 
Join Date: Jun 2009
Posts: 6
OS: xp


NTOSKRNL Hook Trojan...I Need Help!
Hi,
I have done a virus scan and it has detected and "removed" NTOSKRNL hook. But when I rescan it is still there. I have also tried getting rid of it in safe mode... no good.
I would LOVE some help

THANKS!!


DDS:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Chris at 15:34:40.09 on 20/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.370 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242743298859
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.148,85.255.112.108
TCP: {1C37DBCB-0709-4AF3-B0B8-38B99CA89692} = 85.255.112.148,85.255.112.108
TCP: {222A1764-BB8F-419E-9CFD-4A624CC390DD} = 85.255.112.148,85.255.112.108
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-19 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-19 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-19 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-19 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-19 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-19 34216]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-19 40552]

=============== Created Last 30 ================

2009-06-14 00:07 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-14 00:07 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-14 00:07 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-14 00:07 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-11 14:40 <DIR> --d----- c:\program files\VideoTools
2009-06-11 14:39 815,104 a------- c:\windows\system32\xvidcore.dll
2009-06-11 14:39 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-11 14:39 77,824 a------- c:\windows\system32\xvid.ax
2009-06-11 14:39 <DIR> --d----- c:\program files\Xvid
2009-06-11 01:06 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-11 01:06 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:06 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 01:06 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-10 00:12 <DIR> --d----- c:\program files\iPod
2009-06-10 00:12 <DIR> --d----- c:\program files\iTunes
2009-06-09 18:00 <DIR> --d----- c:\docume~1\chris\applic~1\avidemux
2009-06-09 17:45 <DIR> --d----- c:\docume~1\chris\applic~1\AVS4YOU
2009-06-09 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-06-09 17:18 <DIR> --d----- c:\program files\common files\AVSMedia
2009-06-09 17:16 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-06-09 17:16 974,848 a------- c:\windows\system32\mfc70.dll
2009-06-09 17:16 487,424 a------- c:\windows\system32\msvcp70.dll
2009-06-09 17:16 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-09 17:16 24,576 a------- c:\windows\system32\msxml3a.dll
2009-06-09 17:16 <DIR> --d----- c:\program files\AVS4YOU
2009-06-09 00:32 <DIR> --d----- c:\program files\BitLord
2009-06-06 20:48 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-04 17:12 3,249 a------- c:\windows\system32\wbem\Outlook_01c9e569f944b088.mof
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-24 01:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-18 22:08 5 a------- c:\windows\system32\drivers\DELL_XPS_MXC061 .MRK
2009-05-18 22:08 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_MXC061 .MRK
2009-05-18 21:19 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-12 23:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 15:34:59.42 ===============
Attached Files
File Type: zip ark.zip (3.9 KB, 2 views)
simps18 is offline   Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here