I gotta a Win32:Rootkit-gen [Rtk] and a Trojan - Page 2 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware > HijackThis Logs (finished)
Click Here to Login
 
 
Thread Tools Display Modes
 
Old 10-29-2009, 04:22 PM   #11 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

My Microsoft update tells me there is a sec update for MS XML Core Serv. I want to make sure this is legit before I DL it. Thanks
__________________

WasTech is offline  
Old 10-29-2009, 07:24 PM   #12 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Well the log looks good.
__________________

__________________
Osiris is offline  
Old 10-29-2009, 07:27 PM   #13 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

So what do you think, is it clear? And is this MS thing above legit?
WasTech is offline  
Old 10-29-2009, 07:31 PM   #14 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Yes its legit. You can run combofix and then malwarebytes one more time and see if they come up clean
__________________
Osiris is offline  
Old 10-30-2009, 03:57 PM   #15 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

ComboFix 09-10-28.08 - Ed 10/30/2009 16:35.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1661 [GMT -4:00]
Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091030-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 05:43 . 2009-10-30 05:43 -------- d-----w- c:\program files\MSXML 4.0
2009-10-28 23:48 . 2009-10-28 23:49 -------- d-----w- c:\documents and settings\Ed\Application Data\MOBILedit
2009-10-28 23:48 . 2009-10-28 23:48 -------- d-----w- c:\program files\MOBILedit!
2009-10-28 23:10 . 2009-10-28 23:11 -------- d-----w- C:\Motorola
2009-10-28 19:40 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-10-28 19:39 . 2009-09-15 18:38 23936 ----a-w- c:\windows\system32\drivers\motmodem.sys
2009-10-28 19:39 . 2008-03-27 21:49 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-28 19:39 . 2009-10-28 19:39 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-28 19:39 . 2009-10-28 19:39 -------- d-----w- c:\program files\Motorola
2009-10-28 19:39 . 2009-10-28 19:39 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-10-28 19:18 . 2009-10-28 19:26 24192 ----a-w- c:\documents and settings\Ed\usbsermptxp.sys
2009-10-28 19:18 . 2009-10-28 19:26 22768 ----a-w- c:\documents and settings\Ed\usbsermpt.sys
2009-10-28 19:18 . 2009-10-28 19:18 22768 ----a-w- c:\windows\system32\drivers\usbsermpt.sys
2009-10-23 01:50 . 2009-10-23 01:50 -------- d-----w- c:\program files\GFI
2009-10-23 00:33 . 2009-10-23 00:33 -------- d-----w- C:\My Backup files
2009-10-21 23:31 . 2009-10-21 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-10-21 19:15 . 2009-10-22 20:29 -------- d-----w- C:\Converted Audio Files
2009-10-21 00:39 . 2009-10-21 00:39 -------- d-----w- C:\My Music
2009-10-12 18:02 . 2009-10-16 06:22 -------- d--h--w- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-29 00:04 . 2008-08-29 06:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-28 23:16 . 2008-06-21 05:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 20:45 . 2008-07-09 05:45 -------- d-----w- c:\program files\Trojan Remover
2009-10-28 20:33 . 2008-06-24 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 19:40 . 2009-10-28 19:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_0 1007.Wdf
2009-10-28 19:40 . 2009-10-28 19:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-10-28 19:23 . 2009-10-28 19:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_0 1005.Wdf
2009-10-28 19:23 . 2009-10-28 19:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-09-30 19:59 . 2008-10-22 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-30 17:09 . 2008-10-22 01:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-30 06:14 . 2009-09-30 05:58 -------- d-----w- c:\documents and settings\Ed\Application Data\InfraRecorder
2009-09-29 21:56 . 2008-06-21 03:17 22976 ----a-w- c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 05:37 . 2003-03-31 14:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-06-21 03:10 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-18 02:27 . 2009-09-18 02:25 -------- d-----w- c:\program files\Textbook Edition
2009-09-18 02:24 . 2009-09-18 02:24 -------- d-----w- c:\program files\Chilton's Repair Discs
2009-09-13 23:29 . 2009-09-13 23:29 -------- d-----w- c:\documents and settings\Ed\Application Data\Apple Computer
2009-09-12 17:34 . 2009-09-12 17:34 -------- d-----w- c:\documents and settings\Ed\Application Data\FFSJ
2009-09-12 17:28 . 2009-09-12 17:28 4198 ----a-w- c:\windows\unins000.dat
2009-09-12 17:28 . 2009-09-12 17:28 794906 ----a-w- c:\windows\unins000.exe
2009-09-11 23:02 . 2008-06-24 17:55 -------- d-----w- c:\program files\Java
2009-09-11 22:35 . 2008-06-30 19:57 -------- d-----w- c:\program files\Common Files\Real
2009-09-11 22:35 . 2009-09-11 22:35 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-11 14:18 . 2003-03-31 14:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2008-08-29 20:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-06-24 18:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-03-31 14:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2003-03-31 14:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2009-05-26 22:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-05-26 22:51 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-05-26 22:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-05-26 22:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-26 22:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-05-26 22:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-26 22:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-05-26 22:51 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-05-26 22:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2003-03-31 14:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2003-03-31 14:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-29_00.33.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 20:45 . 2008-09-30 20:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-10-30 20:00 . 2009-10-30 20:00 16384 c:\windows\temp\Perflib_Perfdata_594.dat
+ 2009-10-30 05:43 . 2009-10-30 05:43 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-10-30 05:43 . 2009-10-30 05:43 432640 c:\windows\Installer\1d238ed.msi
+ 2008-09-30 20:42 . 2008-09-30 20:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 20:43 . 2008-09-30 20:43 1286152 c:\windows\system32\msxml4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MicroSys-CheckAjour"="d:\program files\Micro-Sys Software\Ajour\ChkAjour.exe" [2004-10-30 482816]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SansaDispatch"="c:\documents and settings\Ed\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-05 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-11 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/26/2009 06:51 PM 114768]
R1 stltrack;stltrack;c:\windows\system32\drivers\STLT RACK.SYS [2/17/2009 07:04 PM 13536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [5/26/2009 06:51 PM 20560]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [10/22/2009 09:50 PM 440616]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [10/22/2009 09:50 PM 1410856]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectServi ce.exe [10/28/2009 03:39 PM 91392]
S3 epcfw2k;SCM Parallel Port CF Driver;c:\windows\system32\drivers\epcfw2k.sys [6/20/2008 06:25 PM 144896]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Ed\Application Data\Mozilla\Firefox\Profiles\8vfob6bd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\co mponents\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-30 16:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\swearware\backup\winso ck2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(376)
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-30 16:39
ComboFix-quarantined-files.txt 2009-10-30 20:39
ComboFix2.txt 2009-10-29 00:35
ComboFix3.txt 2008-08-30 18:02
ComboFix4.txt 2008-06-24 17:37

Pre-Run: 110,108,049,408 bytes free
Post-Run: 110,074,507,264 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 404BD8BDEA3FA634022E1D85184CB982
WasTech is offline  
Old 10-30-2009, 03:58 PM   #16 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/30/2009 04:44:21 PM
mbam-log-2009-10-30 (16-44-21).txt

Scan type: Quick Scan
Objects scanned: 103685
Time elapsed: 1 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
WasTech is offline  
Old 10-30-2009, 05:24 PM   #17 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

I'd say you are good to go
__________________
Osiris is offline  
Old 10-30-2009, 08:29 PM   #18 (permalink)
True Techie
 
Join Date: Oct 2006
Posts: 221
Default Re: I gotta a Win32:Rootkit-gen [Rtk] and a Trojan

Thank you very much!
__________________

WasTech is offline  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
some type of worm or something? randyjcrouse Viruses, Spyware and Malware 18 09-25-2009 03:08 PM
Trojan taps Google Groups as command network Osiris Viruses, Spyware and Malware 0 09-14-2009 07:19 AM
Security researchers lift the lid on Torpig banking Trojan Osiris Viruses, Spyware and Malware 0 10-31-2008 02:19 PM
Database Trojan infests pro-Tibet websites Osiris Viruses, Spyware and Malware 0 04-14-2008 07:44 AM
Webmail-creating Trojan targets Gmail Osiris Viruses, Spyware and Malware 0 08-15-2007 11:28 AM


Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 06:51 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.