Active Trojan-Proxy.Win32.Fackemo.v - Can't Remove

jw0475 · 2009/09/02

[Active] Trojan-Proxy.Win32.Fackemo.v - Can't Remove

The crappy anti-virus software that my ISP provides continues to say that this Trojan-Proxy.Win32.Fackemo.v virus has been found. This occurs every time I boot up and log onto the computer. Also, it does not appear to be in the quarantine either. Any suggestions?

I ran the DDS...DDS and Attach logs are posted below.

Thanks.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Joe at 20:30:02.88 on Wed 09/02/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2037.782 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Verizon Internet Security Suite Anti-Spyware *enabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Joe\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe "
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

============= SERVICES / DRIVERS ===============

R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-22 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\verizon\verizon internet security suite\safeconnect\bin\SanaAgent.exe [2008-11-14 4937752]
R3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-22 910600]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2009-8-25 175184]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_vista\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_vista\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\verizon\verizon internet security suite\safeconnect\driver\platform_vista\SafeConnectShim.sys [2008-11-14 29248]

=============== Created Last 30 ================

2009-08-31 18:49 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-31 18:39 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-08-31 18:38 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-08-31 17:40 106,605 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-08-31 17:40 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-08-31 17:40 11,776 a------- c:\windows\system32\msshooks.dll
2009-08-31 17:40 34,816 a------- c:\windows\system32\msscb.dll
2009-08-30 16:40 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-29 22:39 <DIR> --d----- c:\users\joe\Office Genuine Advantage
2009-08-27 14:54 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-08-25 23:03 2,048 a------- c:\windows\system32\tzres.dll
2009-08-25 23:00 72,704 a------- c:\windows\system32\admparse.dll
2009-08-25 18:09 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 18:09 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-25 03:00 <DIR> --d----- c:\program files\MSXML 4.0
2009-08-24 22:27 1,541,120 a------- c:\windows\system32\onex.dll
2009-08-24 22:27 2,623,488 a------- c:\windows\system32\SLsvc.exe
2009-08-24 22:25 978,432 a------- c:\windows\system32\drmv2clt.dll
2009-08-24 22:24 876,032 a------- c:\windows\system32\wer.dll
2009-08-24 22:23 756,736 a------- c:\windows\system32\azroles.dll
2009-08-24 22:22 413,184 a------- c:\windows\system32\imkr80.ime
2009-08-24 22:21 485,376 a------- c:\windows\system32\mspaint.exe
2009-08-24 22:20 443,904 a------- c:\windows\system32\wiashext.dll
2009-08-24 22:19 56,320 a------- c:\windows\system32\vga256.dll
2009-08-24 21:50 376 a------- c:\windows\ODBC.INI
2009-08-24 21:50 28,040 a------- c:\windows\system32\mdimon.dll
2009-08-24 21:43 <DIR> --d----- c:\program files\common files\L&H
2009-08-24 21:42 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-08-24 21:36 <DIR> --d----- c:\windows\PCHEALTH
2009-08-23 17:17 <DIR> --d----- c:\programdata\Maxtor
2009-08-23 17:17 <DIR> --d----- c:\program files\Maxtor
2009-08-23 17:17 <DIR> --d----- c:\progra~2\Maxtor
2009-08-23 17:15 <DIR> --d----- c:\windows\Downloaded Installations
2009-08-23 12:19 <DIR> --d----- c:\programdata\Adobe
2009-08-23 12:17 <DIR> --d----- c:\programdata\Google
2009-08-23 12:16 <DIR> --d----- c:\programdata\NOS
2009-08-23 12:11 110,396 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-08-23 12:10 8,026,400 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-08-23 12:09 36 a------- c:\windows\system32\????????????????????4???????????????????????
2009-08-23 12:07 53,192 a------- c:\windows\system32\drivers\rp_skt32.sys
2009-08-23 12:06 48,384 a------- c:\windows\system32\drivers\rp_pkt32.sys
2009-08-23 12:06 71,184 a------- c:\windows\system32\drivers\DefragFS.sys
2009-08-23 12:06 <DIR> --d----- c:\programdata\Raxco
2009-08-23 12:06 <DIR> --d----- c:\program files\Raxco
2009-08-23 11:13 <DIR> --d----- c:\users\joe\appdata\roaming\Verizon
2009-08-23 11:13 <DIR> --d----- c:\programdata\Verizon
2009-08-23 11:13 <DIR> --d----- c:\program files\Verizon
2009-08-23 11:13 <DIR> --d----- c:\progra~2\Verizon
2009-08-23 11:12 269,312 a------- c:\windows\system32\es.dll
2009-08-23 01:56 <DIR> --d----- c:\windows\Panther
2009-08-23 01:34 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-08-23 01:34 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-08-23 01:34 272,896 a------- c:\windows\system32\polstore.dll
2009-08-23 01:34 61,440 a------- c:\windows\system32\winipsec.dll
2009-08-23 01:32 1,820 a------- c:\windows\system32\rasctrnm.h
2009-08-23 01:31 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-08-23 01:31 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-08-23 01:31 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-08-23 01:29 428,544 a------- c:\windows\system32\EncDec.dll
2009-08-23 01:29 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-08-23 01:29 293,376 a------- c:\windows\system32\psisdecd.dll
2009-08-23 01:29 217,088 a------- c:\windows\system32\psisrndr.ax
2009-08-23 01:29 80,896 a------- c:\windows\system32\MSNP.ax
2009-08-23 01:29 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2009-08-23 01:29 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-08-23 01:26 12,880 a------- c:\windows\system32\wbem\wlan.mof
2009-08-23 01:23 2,033,152 a------- c:\windows\system32\win32k.sys
2009-08-23 01:21 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-23 01:21 156,672 a------- c:\windows\system32\t2embed.dll
2009-08-23 01:21 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-23 01:21 34,304 a------- c:\windows\system32\atmlib.dll
2009-08-23 01:21 23,552 a------- c:\windows\system32\lpk.dll
2009-08-23 01:21 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-23 01:16 376,832 a------- c:\windows\system32\winhttp.dll
2009-08-23 01:14 71,680 a------- c:\windows\system32\atl.dll
2009-08-23 01:12 296,960 a------- c:\windows\system32\gdi32.dll
2009-08-23 01:09 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-08-23 01:07 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-08-23 01:07 38,912 a------- c:\windows\system32\xolehlp.dll
2009-08-23 01:05 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-23 01:04 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-23 01:04 136,192 a------- c:\windows\system32\aaclient.dll
2009-08-23 01:04 53,248 a------- c:\windows\system32\tsgqec.dll
2009-08-23 01:02 1,695,744 a------- c:\windows\system32\gameux.dll
2009-08-23 01:01 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-08-23 00:59 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-08-23 00:59 2,048 a------- c:\windows\system32\msxml3r.dll
2009-08-23 00:49 636,928 a------- c:\windows\system32\localspl.dll
2009-08-23 00:47 123,904 a------- c:\windows\system32\msvfw32.dll
2009-08-23 00:47 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-23 00:47 82,944 a------- c:\windows\system32\mciavi32.dll
2009-08-23 00:47 65,024 a------- c:\windows\system32\avicap32.dll
2009-08-23 00:47 31,232 a------- c:\windows\system32\msvidc32.dll
2009-08-23 00:47 12,800 a------- c:\windows\system32\msrle32.dll
2009-08-23 00:42 2,927,104 a------- c:\windows\explorer.exe
2009-08-23 00:40 15,872 a------- c:\windows\system32\hcrstco.dll
2009-08-23 00:40 8,704 a------- c:\windows\system32\hccoin.dll
2009-08-23 00:38 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-23 00:37 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-23 00:37 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-23 00:37 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-23 00:37 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-23 00:37 72,704 a------- c:\windows\system32\secur32.dll
2009-08-23 00:37 13,780 a------- c:\windows\system32\wbem\lsasrv.mof
2009-08-23 00:37 9,728 a------- c:\windows\system32\lsass.exe
2009-08-23 00:37 270,848 a------- c:\windows\system32\schannel.dll
2009-08-23 00:33 5,654,528 a------- c:\windows\system32\NlsLexicons000f.dll
2009-08-23 00:29 6,656 a------- c:\windows\system32\kbd106n.dll
2009-08-23 00:29 988,216 a------- c:\windows\system32\winload.exe
2009-08-23 00:29 927,288 a------- c:\windows\system32\winresume.exe
2009-08-23 00:29 378,368 a------- c:\windows\system32\srcore.dll
2009-08-23 00:29 318,464 a------- c:\windows\system32\rstrui.exe
2009-08-23 00:29 40,960 a------- c:\windows\system32\srclient.dll
2009-08-23 00:29 14,848 a------- c:\windows\system32\srdelayed.exe
2009-08-23 00:29 615,992 a------- c:\windows\system32\ci.dll
2009-08-23 00:29 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-08-23 00:29 19,000 a------- c:\windows\system32\kd1394.dll
2009-08-23 00:26 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-23 00:26 551,424 a------- c:\windows\system32\rpcss.dll
2009-08-23 00:26 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-08-23 00:26 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-08-23 00:26 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-08-23 00:26 615,424 a------- c:\windows\system32\wbem\fastprox.dll
2009-08-23 00:26 499,200 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-08-23 00:26 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-08-23 00:26 129,024 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-08-23 00:26 54,784 a------- c:\windows\system32\iasads.dll
2009-08-23 00:26 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-08-23 00:26 17,408 a------- c:\windows\system32\iashost.exe
2009-08-23 00:25 183,296 a------- c:\windows\system32\sdohlp.dll
2009-08-23 00:25 98,304 a------- c:\windows\system32\iasrecst.dll
2009-08-23 00:21 24,064 a------- c:\windows\system32\amxread.dll
2009-08-23 00:21 13,824 a------- c:\windows\system32\apilogen.dll
2009-08-23 00:18 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-08-23 00:18 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-08-23 00:18 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-08-23 00:13 443,392 a------- c:\windows\system32\win32spl.dll
2009-08-23 00:13 37,888 a------- c:\windows\system32\printcom.dll
2009-08-23 00:12 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-08-23 00:12 14,848 a------- c:\windows\system32\wshrm.dll
2009-08-23 00:11 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-23 00:11 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-23 00:11 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-23 00:11 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-23 00:11 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-23 00:11 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-23 00:11 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-23 00:08 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-08-23 00:04 <DIR> --dsh--- c:\windows\Installer
2009-08-23 00:02 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-23 00:02 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-23 00:02 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-08-23 00:02 11,264 a------- c:\windows\system32\icardres.dll
2009-08-23 00:02 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-23 00:02 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-23 00:02 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-08-23 00:02 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-08-22 23:47 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-08-22 23:47 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-08-22 23:47 19,857,408 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-08-22 23:45 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-22 23:45 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-22 23:45 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-22 23:45 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-22 23:45 83,968 a------- c:\windows\system32\mscories.dll
2009-08-22 23:27 2,868,736 a------- c:\windows\system32\mf.dll
2009-08-22 23:27 98,816 a------- c:\windows\system32\mfps.dll
2009-08-22 23:27 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-08-22 23:27 24,576 a------- c:\windows\system32\mfpmp.exe
2009-08-22 23:27 2,048 a------- c:\windows\system32\mferror.dll
2009-08-22 23:27 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-08-22 23:27 94,720 a------- c:\windows\system32\logagent.exe
2009-08-22 23:26 738,304 a------- c:\windows\system32\inetcomm.dll
2009-08-22 23:26 84,480 a------- c:\windows\system32\INETRES.dll
2009-08-22 23:26 1,645,568 a------- c:\windows\system32\connect.dll
2009-08-22 23:25 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-08-22 23:25 1,314,816 a------- c:\windows\system32\quartz.dll
2009-08-22 23:24 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-08-22 23:24 2,048 a------- c:\windows\system32\msxml6r.dll
2009-08-22 22:24 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-08-22 22:23 83,456 a------- c:\windows\system32\wudriver.dll
2009-08-22 22:22 162,064 a------- c:\windows\system32\wuwebv.dll
2009-08-22 22:22 31,232 a------- c:\windows\system32\wuapp.exe
2009-08-22 22:20 <DIR> --d----- c:\users\Joe

==================== Find3M ====================

2009-08-30 00:06 174 a--sh--- c:\program files\desktop.ini
2009-08-30 00:02 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-30 00:02 86,016 a------- c:\windows\inf\infstor.dat
2009-08-30 00:02 51,200 a------- c:\windows\inf\infpub.dat
2009-08-29 23:53 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-29 23:23 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-08-29 23:23 82,432 a------- c:\windows\system32\axaltocm.dll
2009-08-23 01:02 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-08-23 01:02 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-08-23 00:33 4,616,192 a------- c:\windows\system32\NlsLexicons0414.dll
2009-08-23 00:21 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-05 08:34 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-06-05 08:33 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-06-05 08:33 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-06-05 08:33 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:31:13.19 ===============

Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/23/2009 1:11:48 AM
System Uptime: 9/2/2009 8:10:42 PM (0 hours ago)

Motherboard: Gateway | |
Processor: Intel(R) Core(TM)2 CPU T5200 @ 1.60GHz | uFCPGA2 | 1600/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 105.635 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.957 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_0366107B&REV_00\4&315A142C&0&4AF0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_0366107B&REV_00\4&315A142C&0&4AF0
Service:

==== System Restore Points ===================

RP21: 8/29/2009 11:01:33 PM - Windows Vista Service Pack 1
RP22: 8/31/2009 5:37:33 PM - Windows Update
RP23: 8/31/2009 5:44:16 PM - Windows Update

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Maxtor Manager
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
MSXML 4.0 SP2 (KB954430)
OGA Notifier 2.0.0048.0
PerfectDisk 2008
Picasa 3
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS PerfectDiskStub
RPS PopupBlocker
RPS RpsCore
RPS SafeConnect
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Verizon Internet Security Suite
Verizon Servicepoint 1.5.24

==== Event Viewer Messages From Past Week ========

8/30/2009 12:06:38 AM, Error: Microsoft-Windows-Eventlog [30] - The event logging service encountered an error (5) while enabling publisher {DBE9B383-7CF3-4331-91CC-A3CB16A3B538} to channel Microsoft-Windows-Winlogon/Operational. This doesn't affect operation of the channel, but does affect the ability for the publisher to raise events to the channel. One common reason for this error is that Provider is using ETW Provider Security and has not granted enable permissions to the Eventlog service identity.
8/29/2009 6:34:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
8/29/2009 10:40:17 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user KJ_Laptop\Joe SID (S-1-5-21-2477883787-1295249580-2238097465-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================

broni · 2009/09/02

I suggest, you start with uninstalling Verizon garbage, and install one of these:

- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

When done, run full scan.

When done with the scan...

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Active Trojan-Proxy.Win32.Fackemo.v - Can't Remove

jw0475 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Trojan-Proxy.Win32.Fackemo.v - Can't Remove

jw0475 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches