Jump to content

LWT

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, I am sorry but I did not follow your instruction to use the combofix I do not have a recovery cd and the risk is too big, I only have 1 com and I can't afford another. I tried solving it in another way by using flash disinfector, as the virus isn't deleted yet I set the recycle bin properties to permanent delete the file and not sent to the recycle bin. After that, I deleted the oreans32.sys from the system by using cmd. Next I manuall go to my harddisk to delete both the backupuser.exe and _backupuser.exe from c:/program files\common files\microsoft shared\msinfo. I am not sure if the virus is removed yet as after I use the flash disinfector the autorun function is disabled in my com. The backupuser did not appear again but it could be because there is no autorun in the com. How do I make sure that its completely gone? After deleting backupuser.exe and _backupuser.exe from c:/program files\common files\microsoft shared\msinfo I used HijackThis to scan: O23 - Service: Windows_XP - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\backupuser.exe (file missing) Is the above file an important file to the windows system? What does it do?
  2. My portable harddisk is also infected so do I use combofix with the harddisk plug in or out? How do I make sure that I have completely turn off the anti-virus, anti-malware and firewall?
  3. Hi new here, could you tell me many posts I need to to able to unlock certain function like 50 to edit, how many to do other thing and so on.
  4. LWT

    Edit Question

    Hi how do you delete the post
  5. Hi sorry for the late reply below are all the logs: Malwarebytes' Anti-Malware 1.38 Database version: 2348 Windows 5.1.2600 Service Pack 3 7/1/2009 9:05:40 PM mbam-log-2009-07-01 (21-05-40).txt Scan type: Quick Scan Objects scanned: 90537 Time elapsed: 9 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:09:56 PM, on 7/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\Windows\system32\HpSrvUI.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\svchost.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ASUS\Remote Control\Remote Master.exe C:\WINDOWS\ALCXMNTR.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\program files\internet explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qsg8.hpwis.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [remotecontrol] C:\Program Files\ASUS\Remote Control\Remote Master.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [singTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9} O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176009270640 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176009249203 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...277/mcfscan.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Windows_XP - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\backupuser.exe -- End of file - 8945 bytes -------------------------------------------------------- DDS (Ver_09-06-26.01) - NTFSx86 Run by Owner at 21:10:57.51 on Wed 07/01/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.51 [GMT 8:00] AV: avast! antivirus 4.8.1335 [VPS 090630-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\windows\system\hpsysdrv.exe C:\Windows\system32\HpSrvUI.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\HP\KBD\KBD.EXE "C:\WINDOWS\system32\svchost.exe" c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "C:\WINDOWS\system32\svchost.exe" C:\Program Files\ASUS\Remote Control\Remote Master.exe C:\WINDOWS\ALCXMNTR.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\program files\internet explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://qsg8.hpwis.com/ BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe" mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [hp Silent Service] c:\windows\system32\HpSrvUI.exe mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [ATIModeChange] Ati2mdxx.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [remotecontrol] c:\program files\asus\remote control\Remote Master.exe mRun: [PS2] c:\windows\system32\ps2.exe mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [singTel_McciTrayApp] c:\program files\singtel\McciTrayApp.exe mRun: [speedTouch USB Diagnostics] "c:\program files\alcatel\speedtouch usb\Dragdiag.exe" /icon mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\owner\startm~1\programs\startup\imatio~1.lnk - c:\program files\imation\ImationFlashDetect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176009270640 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176009249203 DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5277/mcfscan.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-22 114768] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-7-1 33824] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-22 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-5-22 138680] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-5-22 254040] R3 PhTVTune;ASUS TV7134 WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2003-4-23 26848] S2 Windows_XP;Windows_XP;c:\program files\common files\microsoft shared\msinfo\backupuser.exe [2009-7-1 1919488] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-5-22 352920] S3 dump_wmimmc;dump_wmimmc;c:\windows\system32\drivers\dump_wmimmc.sys [2008-6-14 141612] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-19 10976] S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-5-8 131072] S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-5-8 79104] S3 npkycryp;npkycryp;\??\c:\program files\gravity\ro\npkycryp.sys --> c:\program files\gravity\ro\npkycryp.sys [?] S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?] S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-12-19 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2008-12-19 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2008-12-19 109992] S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2008-12-19 103976] S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2008-12-19 100008] =============== Created Last 30 ================ 2009-07-01 21:08 <DIR> --d----- c:\program files\Trend Micro 2009-07-01 15:07 33,824 a------- c:\windows\system32\drivers\oreans32.sys 2009-06-30 22:18 <DIR> --d----- c:\program files\Circle Develpement 2009-06-28 18:30 <DIR> --d----- c:\program files\AhnLab 2009-06-27 19:03 <DIR> --d----- c:\documents and settings\owner\Tracing 2009-06-27 18:56 <DIR> --d----- c:\program files\Microsoft 2009-06-27 18:55 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-06-27 18:46 <DIR> --d----- c:\program files\common files\Windows Live 2009-06-26 20:41 <DIR> --d----- c:\program files\WIZET 2009-06-09 20:29 <DIR> --d----- c:\program files\AuditionSEA 2009-06-08 15:49 0 a------- c:\windows\system32\msexcr.ini ==================== Find3M ==================== 2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-08 21:37 767,328 a------- c:\windows\system32\kdfinj.dll 2009-05-07 23:32 345,600 a------- c:\windows\system32\localspl.dll 2009-04-29 12:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-29 12:55 78,336 a------- c:\windows\system32\ieencode.dll 2009-04-17 20:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 22:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-02-03 17:30 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020320090204\index.dat ============= FINISH: 21:11:49.35 =============== -------------------------------------------------------------------------------------- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 4/8/2007 12:02:31 PM System Uptime: 7/1/2009 8:26:54 PM (1 hours ago) Motherboard: ASUSTeK Computer INC. | | Cobra Processor: Intel® Pentium® 4 CPU 2.66GHz | CPU 1 | 2666/133mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 71 GiB total, 17.403 GiB free. D: is FIXED (FAT32) - 5 GiB total, 0.372 GiB free. E: is CDROM () F: is CDROM () G: is FIXED (FAT32) - 149 GiB total, 10.296 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Adobe Acrobat 5.0 Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Help Center 1.0 Adobe Illustrator CS2 Adobe Photoshop CS2 Adobe Stock Photos 1.0 Adobe SVG Viewer 3.0 AhnLab Online Security AnthemRO ArcSoft PhotoStudio 4 ATI Control Panel ATI Display Driver AuditionSEA avast! Antivirus BitTorrent BJ Printer Canon MP Navigator 3.1 Canon MP140 series Canon Utilities Easy-LayoutPrint Canon Utilities Easy-PhotoPrint Choice Guard Combined Community Codec Pack 2007-02-22 Compaq Connections Critical Update for Windows Media Player 11 (KB959772) DivX Content Uploader DNA easy Internet sign-up eMule HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) HP Deskjet printer preloaded drivers hp instant support HP Memories Disc HP Multifunction products preloaded drivers HP Photo and Imaging 1.2 - Photosmart Cameras HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photosmart printers preloaded drivers HP Scanjet scanner preloaded drivers HpSdpAppCoreApp Intel® Extreme Graphics Driver InterVideo WinDVD Player KBD Malwarebytes' Anti-Malware MapleStory Mega Manager Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Money Microsoft Money System Pack Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Standard Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works 7.0 Mozilla Firefox (3.0.10) MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) NJStar Japanese WP NVIDIA Windows 2000/XP Display Drivers PC-Doctor for Windows PS2 Python 2.2 combined Win32 extensions Python 2.2.1 Real Alternative 1.9.0 RecordNow Remote Control S3Display S3Gamma2 S3Info2 S3Overlay ScanSoft OmniPage SE 4 Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Segoe UI Shockwave ShowBiz DVD Simple Installer - Multilanguage Version Sonic Update Manager SpeedTouch USB SpeedTouch USB Software Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) VideoLAN VLC media player 0.8.6d WebFldrs XP WebIQ Technology Engine Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver ==== Event Viewer Messages From Past Week ======== 7/1/2009 9:45:03 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86455 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|121.6.109.188:123->207.46.232.182:123) is working properly. 7/1/2009 9:30:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows_XP service to connect. 7/1/2009 8:28:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nv_agp SISAGP viaagp1 7/1/2009 1:57:25 AM, error: System Error [1003] - Error code 000000ca, parameter1 00000001, parameter2 ff270538, parameter3 ff270030, parameter4 00000000. 6/29/2009 5:45:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect. 6/29/2009 5:45:01 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/29/2009 5:39:51 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D. 6/28/2009 5:04:05 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP. 6/28/2009 4:43:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect. 6/28/2009 4:43:36 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/26/2009 8:54:37 AM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s). 6/24/2009 9:19:48 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86442 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|116.15.132.228:123->207.46.197.32:123) is working properly. ==== End Of File =========================== This are the logs I get malwarebyte didn't sense it but everytime I delete the file 'backupuser.exe' it will appear again. Please help. Thanks in advance.
  6. Hi, I think I posted wrongly, I am not suppose to post in 'HijackThisLogs' as I do not know what this backupuser will do to my com if connected to the internet, I am currently using another com at my work place to ask this question so I am unable to post the log and I do not know how to close the post. If I install Avira AntiVir Personal while my avast and malwarebytes still installed will it affect avira from fully detecting the virus or malware? Thanks.
  7. Hi new here, I think my com is infected by backupuser.exe, but the file is classified as a application. That file did not appear until yesterday and I haven install anything recently. I tried deleting it from my C, D and portable harddisk, the file from my C and D drive is gone but not in my portable harddisk I am assuming that the virus will appear everytime a removeable drive do autorun. As my local drives doesn't autorun therefore it did not appear again. Its still in my com but I don't know where the roof file is. I use avast and malwarebytes to scan but they both didn't detect it. I have a autorun.inf folder in my local and portable drive to prevent virus to create and place a autorun.inf file in my com....is that the reason why avast and malwarebytes can't detect it. As I do not know what this backupuser will do to my com if connected to the internet, I am currently using another com at my work place to ask this question so I am unable to post the log. Please help. Thanks in advance.
  8. Hi new here, I think my com is infected by backupuser.exe, but the file is classified as a application. That file did not appear until yesterday and I haven install anything recently. I tried deleting it from my C, D and portable harddisk, the file from my C and D drive is gone but not in my portable harddisk I am assuming that the virus will appear everytime a removeable drive do autorun. As my local drives doesn't autorun therefore it did not appear again. Its still in my com but I don't know where the roof file is. I use avast and malwarebytes to scan but they both didn't detect it. I have a autorun.inf folder in my local and portable drive to prevent virus to create and place a autorun.inf file in my com....is that the reason why avast and malwarebytes can't detect it. Please help. Thanks in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.