Just 1kb trojan downloader...

[MeDIeVaL]

MS One Live Safety Scanner pick up a trojan downloader inside system32. Scan it with avast! and SUPERAntiSpyware and result negative. But when scanned at VirusTotal 11 from 32 pick it as virus. So guys, check this out... (http : // www dot geocities dot com / solutem / virus dot zip). 1 more thing, how can I put suspected file into chest even if avast! don't recoqnize it as virus?

[MeDIeVaL]

This is another one but 400kb in size. avast! just let it pass through the scanned... (http : // www dot geocities dot com / solutem / m2n1 dot zip).

[DavidR]

Open the chest, click the User Files, Add and navigate to the suspect file and add it. This doesn't remove it from the original location you will have to do that.

Once in the chest email it to avast.

[MeDIeVaL]

My ComboFix log...

ComboFix 07-08-17.2 - "Owner" 2007-09-19 20:41:44.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.72 [GMT 8:00]
 * Created a new restore point


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\NPF


(((((((((((((((((((((((((   Files Created from 2007-08-19 to 2007-09-19  )))))))))))))))))))))))))))))))


2007-09-19 20:41   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-09-19 17:55   76,560   --a------   C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-19 17:54   <DIR>   d--------   C:\DOCUME~1\Owner\.housecall6.6
2007-09-19 16:47   81,768   --a------   C:\WINDOWS\system32\xinput1_3.dll
2007-09-19 16:47   444,776   --a------   C:\WINDOWS\system32\d3dx10_35.dll
2007-09-19 16:47   443,752   --a------   C:\WINDOWS\system32\d3dx10_34.dll
2007-09-19 16:47   3,727,720   --a------   C:\WINDOWS\system32\d3dx9_35.dll
2007-09-19 16:47   3,497,832   --a------   C:\WINDOWS\system32\d3dx9_34.dll
2007-09-19 16:47   267,112   --a------   C:\WINDOWS\system32\xactengine2_9.dll
2007-09-19 16:47   266,088   --a------   C:\WINDOWS\system32\xactengine2_8.dll
2007-09-19 16:47   18,280   --a------   C:\WINDOWS\system32\x3daudio1_2.dll
2007-09-19 16:47   1,358,192   --a------   C:\WINDOWS\system32\D3DCompiler_35.dll
2007-09-19 16:47   1,124,720   --a------   C:\WINDOWS\system32\D3DCompiler_34.dll
2007-09-19 16:46   62,744   --a------   C:\WINDOWS\system32\xinput1_2.dll
2007-09-19 16:46   443,752   --a------   C:\WINDOWS\system32\d3dx10_33.dll
2007-09-19 16:46   3,495,784   --a------   C:\WINDOWS\system32\d3dx9_33.dll
2007-09-19 16:46   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2007-09-19 16:46   261,480   --a------   C:\WINDOWS\system32\xactengine2_7.dll
2007-09-19 16:46   255,848   --a------   C:\WINDOWS\system32\xactengine2_6.dll
2007-09-19 16:46   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2007-09-19 16:46   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2007-09-19 16:46   236,824   --a------   C:\WINDOWS\system32\xactengine2_3.dll
2007-09-19 16:46   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2007-09-19 16:46   2,297,552   --a------   C:\WINDOWS\system32\d3dx9_26.dll
2007-09-19 16:46   15,128   --a------   C:\WINDOWS\system32\x3daudio1_1.dll
2007-09-19 16:46   1,123,696   --a------   C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-19 16:36   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 16:34   <DIR>   d--------   C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 16:20   <DIR>   d--------   C:\Program Files\Windows Live Safety Center
2007-09-19 13:14   401,720   --a------   C:\Program Files\HiJackThis.exe
2007-09-19 11:52   <DIR>   d--------   C:\Program Files\Process Explorer
2007-09-19 11:50   <DIR>   d--------   C:\Program Files\Windows Defender
2007-09-19 11:35   <DIR>   d--------   C:\DOCUME~1\Owner\APPLIC~1\DMCache
2007-09-19 10:31   <DIR>   d--------   C:\Program Files\MTV Networks
2007-09-19 10:20   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-19 10:19   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-09-19 10:19   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-09-19 10:12   <DIR>   d--------   C:\WINDOWS\Prefetch
2007-09-19 07:57   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2007-09-19 07:29   <DIR>   d--------   C:\WINDOWS\provisioning
2007-09-19 07:29   <DIR>   d--------   C:\WINDOWS\peernet
2007-09-19 07:27   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2007-09-19 07:22   <DIR>   d--------   C:\WINDOWS\EHome
2007-09-19 06:54   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
2007-09-19 06:53   6,144   -ra------   C:\WINDOWS\system32\kbdtuq.dll
2007-09-19 06:53   6,144   -ra------   C:\WINDOWS\system32\kbdtuf.dll
2007-09-19 06:53   57,472   --a------   C:\WINDOWS\system32\drivers\redbook.sys
2007-09-19 06:53   5,632   -ra------   C:\WINDOWS\system32\kbdmon.dll
2007-09-19 06:53   5,632   -ra------   C:\WINDOWS\system32\kbdkyr.dll
2007-09-19 06:53   5,632   -ra------   C:\WINDOWS\system32\kbdazel.dll
2007-09-19 06:53   5,504   --a------   C:\WINDOWS\system32\drivers\intelide.sys
2007-09-19 06:53   <DIR>   dr-------   C:\Program Files
2007-09-19 06:53   <DIR>   d--------   C:\Program Files\Common Files\SpeechEngines
2007-09-19 06:53   <DIR>   d--------   C:\Program Files\Common Files\ODBC
2007-09-19 06:52   9,936   --a------   C:\WINDOWS\system\LZEXPAND.DLL
2007-09-19 06:52   9,008   --a------   C:\WINDOWS\system\VER.DLL
2007-09-19 06:52   85,020   --a------   C:\WINDOWS\system32\dgsetup.dll
2007-09-19 06:52   82,944   --a------   C:\WINDOWS\system\OLECLI.DLL
2007-09-19 06:52   8,704   --a------   C:\WINDOWS\system32\batt.dll
2007-09-19 06:52   8,192   -ra------   C:\WINDOWS\system32\kbdhept.dll
2007-09-19 06:52   74,752   --a------   C:\WINDOWS\system32\storprop.dll
2007-09-19 06:52   7,168   -ra------   C:\WINDOWS\system32\kbdcz.dll
2007-09-19 06:52   69,584   --a------   C:\WINDOWS\system\AVICAP.DLL
2007-09-19 06:52   69,120   --a------   C:\WINDOWS\notepad.exe
2007-09-19 06:52   68,768   --a------   C:\WINDOWS\system\mmsystem.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\kbdycl.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\kbdsl1.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\kbdsl.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\kbdpl.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\kbdhu.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\kbdhela3.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\kbdcz2.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\kbdcz1.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\kbdcr.dll
2007-09-19 06:52   6,656   -ra------   C:\WINDOWS\system32\KBDAL.DLL
2007-09-19 06:52   6,144   -ra------   C:\WINDOWS\system32\kbdlv1.dll
2007-09-19 06:52   6,144   -ra------   C:\WINDOWS\system32\kbdlv.dll
2007-09-19 06:52   6,144   -ra------   C:\WINDOWS\system32\kbdhela2.dll
2007-09-19 06:52   6,144   -ra------   C:\WINDOWS\system32\kbdgkl.dll
2007-09-19 06:52   6,144   -ra------   C:\WINDOWS\system32\kbdest.dll
2007-09-19 06:52   5,632   -ra------   C:\WINDOWS\system32\kbdro.dll
2007-09-19 06:52   5,632   -ra------   C:\WINDOWS\system32\kbdpl1.dll
2007-09-19 06:52   5,632   -ra------   C:\WINDOWS\system32\kbdlt1.dll
2007-09-19 06:52   5,632   -ra------   C:\WINDOWS\system32\kbdlt.dll
2007-09-19 06:52   5,632   -ra------   C:\WINDOWS\system32\kbdhu1.dll
2007-09-19 06:52   5,632   -ra------   C:\WINDOWS\system32\kbdhe319.dll
2007-09-19 06:52   5,632   -ra------   C:\WINDOWS\system32\kbdhe220.dll
2007-09-19 06:52   5,632   -ra------   C:\WINDOWS\system32\kbdhe.dll
2007-09-19 06:52   5,120   --a------   C:\WINDOWS\system\SHELL.DLL
2007-09-19 06:52   32,816   --a------   C:\WINDOWS\system\COMMDLG.DLL
2007-09-19 06:52   24,661   --a------   C:\WINDOWS\system32\spxcoins.dll
2007-09-19 06:52   24,064   --a------   C:\WINDOWS\system\OLESVR.DLL
2007-09-19 06:52   19,200   --a------   C:\WINDOWS\system\TAPI.DLL
2007-09-19 06:52   176,157   --a------   C:\WINDOWS\system32\dgrpsetu.dll
2007-09-19 06:52   15,360   --a------   C:\WINDOWS\TASKMAN.EXE
2007-09-19 06:52   13,312   --a------   C:\WINDOWS\system32\irclass.dll
2007-09-19 06:52   126,912   --a------   C:\WINDOWS\system\MSVIDEO.DLL
2007-09-19 06:52   11,264   --a------   C:\WINDOWS\system32\drivers\irenum.sys
2007-09-19 06:52   109,456   --a------   C:\WINDOWS\system\AVIFILE.DLL
2007-09-19 06:52   103,424   --a------   C:\WINDOWS\system32\EqnClass.Dll

[MeDIeVaL]

2nd part of ComboFix log...

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-19 20:38   4172   --a------   C:\Program Files\hijackthis.log
2007-09-19 07:31   3488   --a------   C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-09-19 07:30   9492   --a------   C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-30 19:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:18   207736   --a------   C:\WINDOWS\system32\muweb.dll
2007-06-26 14:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-19 21:31   282112   --a------   C:\WINDOWS\system32\gdi32.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="-C:\WINDOWS\System32\igfxtray.exe" []
"HotKeysCmds"="-C:\WINDOWS\System32\hkcmd.exe" []
"%FP%TM Net fts.exe"="-C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe" []
"PCMService"="-C:\Program Files\Dell\Media Experience\PCMService.exe" []
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-09-06 18:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS


Contents of the 'Scheduled Tasks' folder
2007-09-18 16:18:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-19 11:12:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 20:44:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-19 20:46:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-19 20:46

   --- E O F ---

------------------------------------------------------------------------------------------------

Got my Task Manager, Registry Editor and Folder Option back to my system but Logout button still missing. So please help me to get it back...

[MeDIeVaL]

Please a'one... need help fast. Anyone who knows how to get back my missing power off button please help me... I can't find an answer anywhere...

[Lisandro]

Please a'one... need help fast. Anyone who knows how to get back my missing power off button please help me... I can't find an answer anywhere...

Sorry MeDIeVal... I can't guess a solution and I'm not an expert on cleaning. Hope someone with more knowledge come here to help.

[DavidR]

Please a'one... need help fast. Anyone who knows how to get back my missing power off button please help me... I can't find an answer anywhere...

You don't say which power off button, some keyboards, etc. have them also.

Personally I don't know but I'm sure my friend google might, http://www.google.com/search?q=Power+off+button+doesn%27t+work.

[essexboy]

If you could explain the problem I might be able to help.  At the moment I can see that you have explorer not to shut down

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=1 (0x1)

[MeDIeVaL]

If you could explain the problem I might be able to help.  At the moment I can see that you have explorer not to shut down

Yeah, I can't shutdown normally. The power off button just missing then what I can do just switch off the plug to shut down my machine but now the problem solve. Got help from s'where else a'way thanx guys for the concern... 

[DavidR]

It would be nice to conclude the Topic with the 'solution' ?

[MeDIeVaL]

Sorry DavidR, my friend just give me instruction through irc by edit some registry keys so it's hard for me to remember which one should I edit. I'm afraid I'll give you all the wrong keys then thing will become worst. I'll copy the instruction next time if I've got the same prob... 

[DavidR]

Thanks for the update, perhaps this is what essexboy was pointing at.