Jump to content

Recommended Posts

First contracted Security 2012 a week ago, ran various programs recommended by this site in a scattershot fashion. For now, there are no direct pop-ups from the virus but I'm sure there is remnants of it on my computer. Cannot connect to the internet to update Malware or for Combo's recovery thing. Here are the two logs. Appreciate any help given.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26

Run by memory at 14:00:32 on 2011-11-30

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2747 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dell\PowerNap\PowerNap.Service.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

C:\Program Files\softOSD\softOSD.exe

C:\WINDOWS\system32\softLCP.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Dell\PowerNap\PowerNap.exe

C:\Program Files\Dell\PowerNap\PowerNapWatcher.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://comcast.net/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [WinSys2] c:\windows\system32\winsys2.exe

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\powernap.lnk - c:\windows\installer\{68259209-c71d-44c7-900e-20bc0f7e0bf1}\_A45711B63B8E1DD683E50A.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\powern~1.lnk - c:\windows\installer\{68259209-c71d-44c7-900e-20bc0f7e0bf1}\_8C3690E649AC58E83BCA00.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{60661532-72E7-4B28-A6EB-EFDA01CBE521} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{6C4F8ECC-BD6E-4662-9DF4-B1CAE3C77359} : DhcpNameServer = 192.168.0.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\memory\application data\mozilla\firefox\profiles\wuvwhf46.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 4

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-5-3 12112]

R2 dell_power_nap_service;Dell Power Nap Service;c:\program files\dell\powernap\PowerNap.Service.exe [2009-3-5 11776]

R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-3-15 61440]

R2 softOSD;softOSD;c:\program files\softosd\softOSD.exe [2009-2-21 281144]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-4 874240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-7 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-7 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-30 18:44:32 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9b467eb-12a1-46fa-945e-c3bba182d464}\offreg.dll

2011-11-30 18:31:47 98816 ----a-w- c:\windows\sed.exe

2011-11-30 18:31:47 518144 ----a-w- c:\windows\SWREG.exe

2011-11-30 18:31:47 256000 ----a-w- c:\windows\PEV.exe

2011-11-30 18:31:47 208896 ----a-w- c:\windows\MBR.exe

2011-11-19 02:46:11 -------- d-----w- c:\documents and settings\memory\application data\p7fEL9gTZjCkVzN

2011-11-19 02:46:11 -------- d-----w- c:\documents and settings\memory\application data\DP0ycA1iv3n4m6W

2011-11-18 01:45:32 -------- d-----w- c:\documents and settings\memory\application data\IVrlONtxA

2011-11-18 01:45:32 -------- d-----w- c:\documents and settings\memory\application data\isWJ7dEL8TqYw

2011-11-16 20:44:41 -------- d-----w- c:\documents and settings\memory\application data\XqhYXwkUVlBx0c1

2011-11-16 20:44:41 -------- d-----w- c:\documents and settings\memory\application data\K9hTXqjUClBzN

2011-11-16 18:31:12 -------- d-----w- c:\documents and settings\memory\application data\evS2ibF3pGaJdK

2011-11-16 18:31:11 -------- d-----w- c:\documents and settings\memory\application data\oA1ivD2on4m5W7E

2011-11-16 16:01:35 -------- d-----w- c:\documents and settings\memory\application data\nRZ9hYXwk

2011-11-16 16:01:35 -------- d-----w- c:\documents and settings\memory\application data\dVelOBtxPySiDoG

2011-11-16 06:19:53 -------- d-----w- c:\documents and settings\memory\application data\s0uvS2obFpGsJdK

2011-11-16 06:19:53 -------- d-----w- c:\documents and settings\memory\application data\nQH6sWK7f

2011-11-16 06:12:15 -------- d-----w- c:\documents and settings\memory\application data\WBBttzP0y

2011-11-16 06:12:15 -------- d-----w- c:\documents and settings\memory\application data\V8ffRRZ9hYXwUVl

2011-11-16 06:12:04 -------- d-----w- c:\documents and settings\memory\application data\QqjjYYCekIV

2011-11-16 06:12:00 -------- d-----w- c:\documents and settings\memory\application data\nBBBrzOON

2011-11-15 15:13:04 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9b467eb-12a1-46fa-945e-c3bba182d464}\mpengine.dll

2011-11-14 17:53:03 -------- d-----w- c:\documents and settings\memory\application data\foobar2000

2011-11-14 17:19:23 -------- d-----w- c:\program files\foobar2000

2011-11-11 18:34:20 152848 ----a-w- c:\windows\system32\COMDLG32.OCX

2011-11-11 18:34:20 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2011-11-11 18:34:03 -------- d-----w- c:\program files\Webcam Video Capture

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll

2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-09-05 13:56:21 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-09-05 12:35:09 369664 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 14:00:39.57 ===============

Bump, any advice at all?

attach.rar

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.