|
Re: NTOSKRNL Hook Trojan...I Need Help!
Here is the DDS. Sorry what was the eset scan log?
DDS (Ver_09-05-14.01) - NTFSx86
Run by Chris at 22:42:41.95 on 22/06/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.658 [GMT -6:00]
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Chris\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242743298859
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-19 210216]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-19 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-19 144704]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-6-22 66048]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-19 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-19 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-19 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-19 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-19 606736]
=============== Created Last 30 ================
2009-06-22 21:12 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-06-22 20:55 161,792 a------- c:\windows\SWREG.exe
2009-06-22 20:55 155,136 a------- c:\windows\PEV.exe
2009-06-22 20:55 98,816 a------- c:\windows\sed.exe
2009-06-22 20:55 <DIR> --ds---- C:\cfix
2009-06-14 00:07 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-14 00:07 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-14 00:07 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-14 00:07 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-11 14:39 815,104 a------- c:\windows\system32\xvidcore.dll
2009-06-11 14:39 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-06-11 14:39 77,824 a------- c:\windows\system32\xvid.ax
2009-06-11 14:39 <DIR> --d----- c:\program files\Xvid
2009-06-11 01:06 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-11 01:06 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 01:06 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-11 01:06 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-10 00:12 <DIR> --d----- c:\program files\iPod
2009-06-10 00:12 <DIR> --d----- c:\program files\iTunes
2009-06-09 18:00 <DIR> --d----- c:\docume~1\chris\applic~1\avidemux
2009-06-09 17:45 <DIR> --d----- c:\docume~1\chris\applic~1\AVS4YOU
2009-06-09 17:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-06-09 17:18 <DIR> --d----- c:\program files\common files\AVSMedia
2009-06-09 17:16 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-06-09 17:16 974,848 a------- c:\windows\system32\mfc70.dll
2009-06-09 17:16 487,424 a------- c:\windows\system32\msvcp70.dll
2009-06-09 17:16 344,064 a------- c:\windows\system32\msvcr70.dll
2009-06-09 17:16 24,576 a------- c:\windows\system32\msxml3a.dll
2009-06-09 17:16 <DIR> --d----- c:\program files\AVS4YOU
2009-06-09 00:32 <DIR> --d----- c:\program files\BitLord
2009-06-06 20:48 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-04 17:12 3,249 a------- c:\windows\system32\wbem\Outlook_01c9e569f944b088.mof
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
==================== Find3M ====================
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-24 01:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-18 22:08 5 a------- c:\windows\system32\drivers\DELL_XPS_MXC061 .MRK
2009-05-18 22:08 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_MXC061 .MRK
2009-05-18 21:19 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-12 23:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll
============= FINISH: 22:42:50.18 ===============
|