Jump to content

jeshram

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jeshram
    Did both steps. Messed up second one. I didn't un-checked remove found threats. is that bad? Here's the log. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=beb752d12000d146a6f231cab7f87f64 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-11 06:28:32 # local_time=2009-06-11 01:28:32 (-0500, SA Pacific Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 37 100 100 73972187500 # scanned=14719 # found=27 # cleaned=27 # scan_time=311 C:\Qoobox\Quarantine\C\dih6ke.bat.vir Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP2\A0001054.bat a variant of Win32/Pacex.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP2\A0001055.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP3\A0001067.bat a variant of Win32/Pacex.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP3\A0001068.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP3\A0001111.dll a variant of Win32/Pacex.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP3\A0001115.bat a variant of Win32/Pacex.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP3\A0001116.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP3\A0001124.exe a variant of Win32/Pacex.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP4\A0001220.bat Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP4\A0001221.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP4\A0001239.dll a variant of Win32/Pacex.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP4\A0001242.bat Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP4\A0001243.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP5\A0001255.bat Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP5\A0001256.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP6\A0001272.bat Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP6\A0001273.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP6\A0005391.dll Win32/PSW.OnLineGames.NMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP6\A0005392.bat Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP6\A0005393.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP7\A0005407.bat Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP7\A0005408.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP7\A0005605.dll Win32/PSW.OnLineGames.NMP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP8\A0005698.bat Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP8\A0005699.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\System Volume Information\_restore{82617F14-025D-491B-9F8C-B7178F7E0AF4}\RP8\A0005896.bat Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 esets_scanner_update returned -1 esets_gle=53251 # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=beb752d12000d146a6f231cab7f87f64 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-11 08:50:19 # local_time=2009-06-11 03:50:19 (-0500, SA Pacific Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 37 100 100 159045781250 # scanned=78608 # found=1 # cleaned=0 # scan_time=8458 D:\Bittorrents\FXhome VisionLab Studio Pro 10 FULL+key+232 FX-Presets.rar probably a variant of Win32/Injector.LR trojan 00000000000000000000000000000000 Let me know what U find. Thanks.
  2. jeshram
    Ok, did everything u asked me to. It seems to have worked like a charm. My "test" to see if i was still infected, was to open windows explorer and open up one of my hard drives. Immediately the vundo would pop up, and the results of the scan with malwarebytes showed different results every time. Nothing showed up this time!!. Im posting the results anyway so U can look at them and let me know if everythings ok. Thanks!!!!! mbam log: Malwarebytes' Anti-Malware 1.37 Database version: 2258 Windows 5.1.2600 Service Pack 3 6/11/2009 12:18:59 AM mbam-log-2009-06-11 (00-18-59).txt Scan type: Quick Scan Objects scanned: 73149 Time elapsed: 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) comboFix log: ComboFix 09-06-09.06 - Jeshram 06/11/2009 0:11.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2660 [GMT -5:00] Running from: c:\documents and settings\Jeshram\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Jeshram\Desktop\CFscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\ahnfgss0.dll" "c:\windows\system32\ahnsbsb.exe" "c:\windows\system32\ahnxsds0.dll" . ((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 ))))))))))))))))))))))))))))))) . 2009-06-11 04:58 . 2009-06-11 04:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-11 04:25 . 2009-06-11 04:24 404225 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe 2009-06-11 04:25 . 2009-06-11 04:24 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll 2009-06-11 04:25 . 2009-04-09 15:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll 2009-06-11 04:25 . 2009-02-27 16:59 8961 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll 2009-06-11 04:25 . 2009-02-24 18:16 117505 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll 2009-06-11 04:25 . 2009-02-13 21:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll 2009-06-11 04:25 . 2008-12-05 16:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll 2009-06-11 04:21 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-11 04:21 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-11 04:21 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-11 04:21 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-11 04:21 . 2009-06-11 04:21 -------- d-----w- c:\program files\Avira 2009-06-11 04:21 . 2009-06-11 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-10 15:48 . 2009-06-10 15:48 -------- d-----w- c:\program files\Trend Micro 2009-06-10 15:44 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-06-10 15:38 . 2009-06-10 15:38 -------- d-----w- c:\program files\Panda Security 2009-06-10 15:34 . 2009-06-10 15:34 -------- d--h--w- c:\windows\PIF 2009-06-10 15:25 . 2009-06-10 15:25 -------- d-----w- c:\documents and settings\Jeshram\Application Data\Malwarebytes 2009-06-10 15:25 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-10 15:25 . 2009-06-10 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-10 15:25 . 2009-06-10 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-10 15:25 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-10 15:23 . 2009-06-10 15:23 -------- d-----w- c:\program files\CCleaner 2009-06-10 15:18 . 2009-06-10 15:18 -------- d-----w- c:\program files\uTorrent 2009-06-10 15:17 . 2009-06-10 15:33 -------- d-----w- c:\documents and settings\Jeshram\Application Data\uTorrent 2009-06-10 15:04 . 2009-06-10 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-10 15:04 . 2009-06-10 15:05 -------- d-----w- c:\program files\SpywareBlaster 2009-06-10 15:04 . 2005-08-26 00:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2009-06-10 14:59 . 2009-06-10 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-10 14:59 . 2009-06-10 14:59 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-10 14:57 . 2009-06-10 14:57 -------- d-sh--w- c:\documents and settings\Jeshram\IETldCache 2009-06-10 14:47 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-06-10 14:46 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-06-10 14:46 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-06-10 14:45 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-06-10 14:45 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-06-10 14:45 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-06-10 14:45 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-06-10 14:45 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-06-10 14:45 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-06-10 14:36 . 2009-06-10 14:36 -------- d-----w- c:\windows\system32\scripting 2009-06-10 14:36 . 2009-06-10 14:36 -------- d-----w- c:\windows\l2schemas 2009-06-10 14:36 . 2009-06-10 14:36 -------- d-----w- c:\windows\system32\en 2009-06-10 14:36 . 2009-06-10 14:36 -------- d-----w- c:\windows\system32\bits 2009-06-10 14:35 . 2009-06-10 14:35 -------- d-----w- c:\windows\ServicePackFiles 2009-06-10 14:22 . 2009-01-07 23:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-06-10 14:19 . 2009-06-10 14:19 -------- d-s---w- c:\documents and settings\Jeshram\UserData 2009-06-10 14:18 . 2009-06-10 14:18 12328 ----a-w- c:\documents and settings\Jeshram\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-10 14:17 . 2009-06-10 14:17 8 ----a-w- c:\windows\system32\nvModes.dat 2009-06-10 14:17 . 2009-06-10 14:17 -------- d-----w- c:\program files\AGEIA Technologies 2009-06-10 14:17 . 2009-06-10 14:17 -------- d-----w- c:\windows\system32\AGEIA 2009-06-10 14:17 . 2009-06-10 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-06-10 14:16 . 2009-06-10 14:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-10 14:15 . 2009-06-10 14:15 -------- d-----w- c:\windows\nview 2009-06-10 14:15 . 2009-02-18 19:44 453152 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-10 14:15 . 2009-06-10 14:15 -------- d-----w- C:\NVIDIA 2009-06-10 13:59 . 2009-06-10 13:59 -------- d-----w- C:\NV612372.TMP 2009-06-10 13:59 . 2009-06-10 13:59 -------- d-----w- C:\NV1688880.TMP 2009-06-10 13:59 . 2009-02-17 04:17 453152 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-10 13:57 . 2006-03-09 19:25 143872 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys 2009-06-10 13:57 . 2006-03-09 19:25 143872 ----a-r- c:\windows\system32\drivers\b57xp32.sys 2009-06-10 13:57 . 2009-06-10 13:57 -------- d-----w- c:\program files\Broadcom 2009-06-10 13:56 . 2009-06-10 13:56 -------- d-----w- c:\windows\system32\vmm32 2009-06-10 13:56 . 2009-06-10 13:56 -------- d-----w- c:\program files\Dell 2009-06-10 13:56 . 2009-06-10 13:58 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-10 13:30 . 2009-06-10 13:30 -------- d-s---w- c:\windows\system32\Microsoft 2009-06-10 13:30 . 2009-06-11 04:58 -------- d-sh--w- c:\documents and settings\LocalService 2009-06-10 13:30 . 2009-06-11 04:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-10 14:38 . 2009-06-10 05:49 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-10 14:32 . 2009-06-10 14:32 0 ----a-w- c:\windows\nsreg.dat 2009-06-10 05:50 . 2009-06-10 05:50 -------- d-----w- c:\program files\microsoft frontpage 2009-06-10 05:48 . 2009-06-10 05:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:46 . 2009-04-29 04:46 81920 ------w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-11_01.47.24 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2009-06-11 02:05 . 2009-06-11 02:05 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-06-11 04:21 . 2009-06-11 04:25 28520 c:\windows\system32\drivers\ssmdrv.sys + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/10/2009 10:44 AM 28544] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/10/2009 11:21 PM 108289] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ FF - ProfilePath - c:\documents and settings\Jeshram\Application Data\Mozilla\Firefox\Profiles\v0axp5ov.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-11 00:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3260) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\nvsvc32.exe . ************************************************************************** . Completion time: 2009-06-11 0:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-11 05:14 ComboFix2.txt 2009-06-11 04:15 ComboFix3.txt 2009-06-11 04:09 ComboFix4.txt 2009-06-11 04:07 ComboFix5.txt 2009-06-11 05:11 Pre-Run: 308,564,815,872 bytes free Post-Run: 308,554,264,576 bytes free 180 DDS log: DDS (Ver_09-05-14.01) - NTFSx86 Run by Jeshram at 0:16:19.70 on Thu 06/11/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2696 [GMT -5:00] AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Jeshram\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jeshram\applic~1\mozilla\firefox\profiles\v0axp5ov.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-10 28544] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-10 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-10 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-10 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-10 55640] =============== Created Last 30 ================ 2009-06-11 00:10 <DIR> --ds---- C:\ComboFix 2009-06-10 23:21 55,640 a------- c:\windows\system32\drivers\avgntflt.sys 2009-06-10 23:21 <DIR> --d----- c:\program files\Avira 2009-06-10 23:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2009-06-10 20:44 <DIR> a-dshr-- C:\cmdcons 2009-06-10 20:44 161,792 a------- c:\windows\SWREG.exe 2009-06-10 20:44 155,136 a------- c:\windows\PEV.exe 2009-06-10 20:44 98,816 a------- c:\windows\sed.exe 2009-06-10 10:48 <DIR> --d----- c:\program files\Trend Micro 2009-06-10 10:44 28,544 a------- c:\windows\system32\drivers\pavboot.sys 2009-06-10 10:38 <DIR> --d----- c:\program files\Panda Security 2009-06-10 10:34 <DIR> --d-h--- c:\windows\PIF 2009-06-10 10:25 <DIR> --d----- c:\docume~1\jeshram\applic~1\Malwarebytes 2009-06-10 10:25 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-10 10:25 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-10 10:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-06-10 10:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-10 10:23 <DIR> --d----- c:\program files\CCleaner 2009-06-10 10:18 <DIR> --d----- c:\program files\uTorrent 2009-06-10 10:17 <DIR> --d----- c:\docume~1\jeshram\applic~1\uTorrent 2009-06-10 10:04 118,784 a------- c:\windows\system32\MSSTDFMT.DLL 2009-06-10 10:04 <DIR> --d----- c:\program files\SpywareBlaster 2009-06-10 09:59 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-06-10 09:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-06-10 09:57 <DIR> --dsh--- c:\documents and settings\jeshram\IETldCache 2009-06-10 09:55 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-06-10 09:55 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-06-10 09:55 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-10 09:55 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-10 09:55 <DIR> --d----- c:\windows\ie8updates 2009-06-10 09:55 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-06-10 09:54 <DIR> -cd-h--- c:\windows\ie8 2009-06-10 09:47 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe 2009-06-10 09:46 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-06-10 09:46 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-06-10 09:45 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll 2009-06-10 09:45 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-06-10 09:45 331,776 -c------ c:\windows\system32\dllcache\msadce.dll 2009-06-10 09:45 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-06-10 09:45 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-06-10 09:45 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-06-10 09:36 <DIR> --d----- c:\windows\system32\scripting 2009-06-10 09:36 <DIR> --d----- c:\windows\system32\en 2009-06-10 09:36 <DIR> --d----- c:\windows\system32\bits 2009-06-10 09:36 <DIR> --d----- c:\windows\l2schemas 2009-06-10 09:35 <DIR> --d----- c:\windows\ServicePackFiles 2009-06-10 09:35 <DIR> --d----- c:\windows\network diagnostic 2009-06-10 09:34 <DIR> --d----- c:\windows\system32\ReinstallBackups 2009-06-10 09:22 26,144 a------- c:\windows\system32\spupdsvc.exe 2009-06-10 09:22 <DIR> --d----- c:\windows\system32\PreInstall 2009-06-10 09:19 <DIR> --ds---- c:\documents and settings\jeshram\UserData 2009-06-10 09:17 8 a------- c:\windows\system32\nvModes.dat 2009-06-10 09:17 <DIR> --d----- c:\windows\system32\AGEIA 2009-06-10 09:16 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-06-10 09:15 212,641 a------- c:\windows\system32\nvapps.xml 2009-06-10 09:15 453,152 a------- c:\windows\system32\nvudisp.exe 2009-06-10 09:15 19,021 a------- c:\windows\system32\nvdisp.nvu 2009-06-10 09:15 <DIR> --d----- c:\windows\nview 2009-06-10 09:15 <DIR> --d----- C:\NVIDIA 2009-06-10 08:59 <DIR> --d----- C:\NV612372.TMP 2009-06-10 08:59 <DIR> --d----- C:\NV1688880.TMP 2009-06-10 08:59 453,152 a------- c:\windows\system32\NVUNINST.EXE 2009-06-10 08:58 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-06-10 08:57 143,872 ac------ c:\windows\system32\dllcache\b57xp32.sys 2009-06-10 08:57 143,872 a----r-- c:\windows\system32\drivers\b57xp32.sys 2009-06-10 08:57 <DIR> --d----- c:\program files\Broadcom 2009-06-10 08:56 <DIR> --d----- c:\windows\system32\vmm32 2009-06-10 08:56 <DIR> --d----- c:\program files\Dell 2009-06-10 08:31 <DIR> --d----- c:\documents and settings\Jeshram 2009-06-10 08:30 <DIR> --ds---- c:\windows\system32\Microsoft 2009-06-10 00:52 8,192 a------- c:\windows\REGLOCS.OLD 2009-06-10 00:50 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll 2009-06-10 00:49 <DIR> --dsh--- c:\documents and settings\all users\DRM 2009-06-10 00:49 <DIR> --d-h--- c:\program files\WindowsUpdate 2009-06-10 00:49 <DIR> --d----- c:\program files\common files\MSSoap 2009-06-10 00:48 <DIR> --d----- c:\program files\Online Services 2009-06-10 00:48 <DIR> --d----- c:\program files\Messenger 2009-06-10 00:48 <DIR> --d----- c:\program files\MSN Gaming Zone 2009-06-10 00:47 <DIR> --d----- c:\program files\Windows NT 2009-06-09 19:13 <DIR> --d----- c:\program files\common files\ODBC 2009-06-09 19:13 <DIR> --d----- c:\program files\common files\SpeechEngines 2009-06-09 19:13 <DIR> --d--r-- c:\documents and settings\all users\Documents ==================== Find3M ==================== 2009-06-10 09:38 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-06-10 00:48 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll 2009-04-28 23:46 81,920 -------- c:\windows\system32\ieencode.dll 2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll ============= FINISH: 0:16:33.00 =============== and Attach log: says specifically to zip it and post it so i did. Thanks again. Waiting for Ur response. Attach.zip Attach.zip
  3. jeshram
    Ok, used combofix as instructed and everything went fine. Heres combofix's log: ComboFix 09-06-09.06 - Jeshram 06/10/2009 20:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2746 [GMT -5:00] Running from: c:\documents and settings\Jeshram\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\dih6ke.bat C:\g.com D:\Autorun.inf D:\dih6ke.bat D:\g.com E:\Autorun.inf E:\dih6ke.bat E:\g.com F:\Autorun.inf F:\dih6ke.bat F:\g.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVPsys ((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 ))))))))))))))))))))))))))))))) . 2009-06-11 01:39 . 2009-06-11 01:47 103424 --sh--r- c:\windows\system32\ahnfgss0.dll 2009-06-11 01:39 . 2009-06-10 16:11 164377 --sh--r- c:\windows\system32\ahnsbsb.exe 2009-06-10 15:48 . 2009-06-10 15:48 -------- d-----w- c:\program files\Trend Micro 2009-06-10 15:44 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-06-10 15:38 . 2009-06-10 15:38 -------- d-----w- c:\program files\Panda Security 2009-06-10 15:34 . 2009-06-10 15:34 -------- d--h--w- c:\windows\PIF 2009-06-10 15:25 . 2009-06-10 15:25 -------- d-----w- c:\documents and settings\Jeshram\Application Data\Malwarebytes 2009-06-10 15:25 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-10 15:25 . 2009-06-10 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-10 15:25 . 2009-06-10 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-10 15:25 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-10 15:23 . 2009-06-10 15:23 -------- d-----w- c:\program files\CCleaner 2009-06-10 15:18 . 2009-06-10 15:18 -------- d-----w- c:\program files\uTorrent 2009-06-10 15:17 . 2009-06-10 15:33 -------- d-----w- c:\documents and settings\Jeshram\Application Data\uTorrent 2009-06-10 15:04 . 2009-06-10 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-10 15:04 . 2009-06-10 15:05 -------- d-----w- c:\program files\SpywareBlaster 2009-06-10 15:04 . 2005-08-26 00:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2009-06-10 14:59 . 2009-06-10 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-10 14:59 . 2009-06-10 14:59 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-10 14:57 . 2009-06-10 14:57 -------- d-sh--w- c:\documents and settings\Jeshram\IETldCache 2009-06-10 14:47 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-06-10 14:46 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-06-10 14:46 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-06-10 14:45 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-06-10 14:45 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-06-10 14:45 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-06-10 14:45 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-06-10 14:45 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-06-10 14:45 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-06-10 14:36 . 2009-06-10 14:36 -------- d-----w- c:\windows\system32\scripting 2009-06-10 14:36 . 2009-06-10 14:36 -------- d-----w- c:\windows\l2schemas 2009-06-10 14:36 . 2009-06-10 14:36 -------- d-----w- c:\windows\system32\en 2009-06-10 14:36 . 2009-06-10 14:36 -------- d-----w- c:\windows\system32\bits 2009-06-10 14:35 . 2009-06-10 14:35 -------- d-----w- c:\windows\ServicePackFiles 2009-06-10 14:22 . 2009-01-07 23:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-06-10 14:19 . 2009-06-10 14:19 -------- d-s---w- c:\documents and settings\Jeshram\UserData 2009-06-10 14:18 . 2009-06-10 14:18 12328 ----a-w- c:\documents and settings\Jeshram\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-10 14:17 . 2009-06-10 14:17 8 ----a-w- c:\windows\system32\nvModes.dat 2009-06-10 14:17 . 2009-06-10 14:17 -------- d-----w- c:\program files\AGEIA Technologies 2009-06-10 14:17 . 2009-06-10 14:17 -------- d-----w- c:\windows\system32\AGEIA 2009-06-10 14:17 . 2009-06-10 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-06-10 14:16 . 2009-06-10 14:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-10 14:15 . 2009-06-10 14:15 -------- d-----w- c:\windows\nview 2009-06-10 14:15 . 2009-02-18 19:44 453152 ----a-w- c:\windows\system32\nvudisp.exe 2009-06-10 14:15 . 2009-06-10 14:15 -------- d-----w- C:\NVIDIA 2009-06-10 13:59 . 2009-06-10 13:59 -------- d-----w- C:\NV612372.TMP 2009-06-10 13:59 . 2009-06-10 13:59 -------- d-----w- C:\NV1688880.TMP 2009-06-10 13:59 . 2009-02-17 04:17 453152 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-06-10 13:57 . 2006-03-09 19:25 143872 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys 2009-06-10 13:57 . 2006-03-09 19:25 143872 ----a-r- c:\windows\system32\drivers\b57xp32.sys 2009-06-10 13:57 . 2009-06-10 13:57 -------- d-----w- c:\program files\Broadcom 2009-06-10 13:56 . 2009-06-10 13:56 -------- d-----w- c:\windows\system32\vmm32 2009-06-10 13:56 . 2009-06-10 13:56 -------- d-----w- c:\program files\Dell 2009-06-10 13:56 . 2009-06-10 13:58 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-10 13:30 . 2009-06-10 13:30 -------- d-s---w- c:\windows\system32\Microsoft 2009-06-10 13:30 . 2009-06-10 13:30 -------- d-sh--w- c:\documents and settings\LocalService 2009-06-10 13:30 . 2009-06-10 13:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-10 14:38 . 2009-06-10 05:49 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-10 14:32 . 2009-06-10 14:32 0 ----a-w- c:\windows\nsreg.dat 2009-06-10 05:50 . 2009-06-10 05:50 -------- d-----w- c:\program files\microsoft frontpage 2009-06-10 05:48 . 2009-06-10 05:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:46 . 2009-04-29 04:46 81920 ------w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF4DA69B-E1D6-469A-855B-6445294857D4}] 2008-04-14 00:12 81920 ----a-w- c:\windows\system32\ahnxsds0.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ahnsoft"="c:\windows\system32\ahnsbsb.exe" [2009-06-10 164377] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/10/2009 10:44 AM 28544] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ FF - ProfilePath - c:\documents and settings\Jeshram\Application Data\Mozilla\Firefox\Profiles\v0axp5ov.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-10 20:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2728) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\rundll32.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-06-11 20:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-11 01:48 Pre-Run: 309,322,358,784 bytes free Post-Run: 309,272,924,160 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 158 and here's hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:51:26 PM, on 6/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEHlprObj Class - {AF4DA69B-E1D6-469A-855B-6445294857D4} - C:\WINDOWS\system32\ahnxsds0.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ahnsoft] C:\WINDOWS\system32\ahnsbsb.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2677 bytes
  4. jeshram
    Will do so as soon as i get home! Thanks!
  5. jeshram
    I am using a legit copy of XP. I do have a router but i'm the only computer connected. I reinstalled XP, and the connected to the internet to dld all the updates and stuff. I'll try the /mbr as soon as i get home from work, and i'll let u know. Thank You very much.
  6. jeshram
    Just installed windows. I have three other hard drives which i just cannot format. Vundo keeps showing up! Right now i have installed: Malwarebytes, spybot, spywareblaster and hijack this. This is my malwarebytes logfile BEFORE cleaning (it cleans but every time i open windows explorer the files just reappear) Malwarebytes' Anti-Malware 1.37 Database version: 2258 Windows 5.1.2600 Service Pack 3 6/10/2009 10:54:28 AM mbam-log-2009-06-10 (10-54-24).txt Scan type: Quick Scan Objects scanned: 72968 Time elapsed: 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 6 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\ahnfgss0.dll (Spyware.OnlineGames) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af4da69b-e1d6-469a-855b-6445294857d4} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{af4da69b-e1d6-469a-855b-6445294857d4} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Spyware.OnlineGames) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{af4da692-e1d6-469a-855b-6445294857d4} (Spyware.OnlineGames) -> No action taken. HKEY_CLASSES_ROOT\Interface\{af4da69c-e1d6-469a-855b-6445294857d4} (Spyware.OnlineGames) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af4da69b-e1d6-469a-855b-6445294857d4} (Spyware.OnlineGames) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ahnsoft (Spyware.OnlineGames) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ahnxsds0.dll (Trojan.Vundo.H) -> No action taken. c:\WINDOWS\system32\ahnfgss0.dll (Spyware.OnlineGames) -> No action taken. C:\WINDOWS\system32\ahnsbsb.exe (Spyware.OnlineGames) -> No action taken. and this is my hijackthis log file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:54:41 AM, on 6/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\dmremote.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEHlprObj Class - {AF4DA69B-E1D6-469A-855B-6445294857D4} - C:\WINDOWS\system32\ahnxsds0.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ahnsoft] C:\WINDOWS\system32\ahnsbsb.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2749 bytes please please help !!!!!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.