Solved Trojan found, help~!

Status
Not open for further replies.
Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Start scan button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View log.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
QuickScan Beta 32-bit v0.9.9.51
-------------------------------
Scan date: Wed Nov 17 22:56:47 2010
Machine ID: 5467B4C0

C:\Program Files (x86)\Skype\\Phone\Skype.exe - could not be accessed


No infection found.
-------------------



Processes
---------
ButtonMonitor 3868 C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
Creative Multimedia Driver 3924 C:\Windows\CNYHKey.exe
CyberLink MediaLibray Service 3960 C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
Google Chrome 312 C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 524 C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2976 C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3116 C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3884 C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4408 C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5100 C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5160 C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5308 C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
Google Desktop 4008 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
GoogleToolbarNotifier 3508 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Hotkey Driver 4256 C:\Windows\ModLEDKey.exe
iTunes 3588 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 4036 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 4080 C:\Windows\SysWOW64\conime.exe
Windows Live Communications Platform 3956 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
Windows Live Messenger 3536 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


Network activity
----------------
Process chrome.exe (524) connected on port 443 (HTTP over SSL) --> 74.125.155.95
Process chrome.exe (524) connected on port 443 (HTTP over SSL) --> 184.85.85.186
Process chrome.exe (524) connected on port 443 (HTTP over SSL) --> 74.125.155.132
Process msnmsgr.exe (3536) connected on port 1863 (MSN) --> 64.4.44.42
Process msnmsgr.exe (3536) connected on port 58845 --> 125.60.240.201
Process msnmsgr.exe (3536) connected on port 60224 --> 67.166.84.117
Process msnmsgr.exe (3536) connected on port 45003 --> 173.73.178.104



Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
ButtonMonitor C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Creative Multimedia Driver C:\Windows\CNYHKey.exe
CyberLink MediaLibray Service C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
Google Desktop C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
Google Desktop c:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
Google Update C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe
GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LchDrvKey.exe C:\Windows\LchDrvKey.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\WMPNSCFG.exe
Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe
Microsoft® Windows® Operating System c:\windows\system32\browseui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
Rainmeter C:\Program Files\Rainmeter\Rainmeter.exe
Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.51_0\npqscan.dll
BitDefender QuickScan C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.51_0\npqslauncher.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
flashget FlashgetXpi C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\n2pj7jf4.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
Google Update C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
Google Update C:\Users\Chris\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
Java Deployment Toolkit 6.0.220.4 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U22 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U22 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
LogMeIn Rescue Applet Downloader C:\Windows\Downloaded Program Files\RescueDlBroker.exe
LogMeIn Rescue Applet Downloader C:\Windows\Downloaded Program Files\RescueDownloader.dll
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll
Microsoft Office WRC Control C:\Windows\Downloaded Program Files\wrc32.ocx
Microsoft® Windows Live Login Helper c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll


Missing files
-------------
File not found: C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"FlashGet 3"


Scan
----


No file uploaded.

Scan finished - communication took 7 sec
Total traffic - 0.04 MB sent, 635.59 KB recvd
Scanned 612 files and modules - 17 seconds

==============================================================================
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 76251405 bytes
->Temporary Internet Files folder emptied: 48485752 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 48081366 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Home
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49722 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 165.00 mb


[EMPTYFLASH]

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Home
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 11172010_230005

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


And my computer is running smoothly now, thanks Broni. So it was a trojan? And what is a defrag?
 
So it was a trojan?
Click to expand...
Well, if Trend called it that way, most likely, it was.

And what is a defrag?
Start>All Programs>Accessories>System Tools>Disk Defragmenter

Good luck and stay safe :)
 
Status
Not open for further replies.

Similar threads

dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni
L
HP Class Action Lawsuit in 2023
Replies
0
Views
277
lsmartin
L
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
252
Nelson28
N

Latest posts

Back