Jump to content

Persistent and unsual System32 virus?


ohdear
 Share

Recommended Posts

Hello, I have aquired a strange and mysterious and annoying virus. I'm well mastered at getting rid of them usually, but this one is persistent and I need some help. I will be running the DDS as soon as I can and uploading the results here, but for now I'll just explain what's going.

First off, it has hidden my desktop and all my documents and applications so my screen is just blank except for the recycling bin and it won't let me onto the internet. Severel error messages appear all at once titled "Delayed Write Fail" and saying: Failed to save all components for the file \\system32\\0004fec. The file is corrupted or unreadable. This error may be caused by a PC hardware problem.

The virus is very clever if it's trying to tell me something is wrong with my hardware. Another box pops open that asks me if I want to cancel and reboot or sacn and fix. But it is not at all like the pretentious "buy my computer scan" viruses like opencloud and such. It looks more like an error message.

All my files are still there because I opened in safemode, plugged in a usb and then just went back in the folder until I reached My Computer. I ran Malware Bytes Anti-Malware twice. Below is the log for the second scan, but even after I removed the selected the error messages from before are still showing and all my files and my desktop are still hidden.

Please, please help me. The timing for this unfortunate virus is most inconvenient. I'll upload the DDS as soon as I can, but in the meantime my Malware Bytes Anti-Malware log is below.

Thank you ever so much.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.10.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: DELL-E06358862F [administrator]

13/02/2012 15:56:36

mbam-log-2012-02-13 (15-56-36).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206098

Time elapsed: 43 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 7

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Okay, so I used Roguekiller and that got rid of the error messages and brought back my desktop and some of my files. However, when I click on My Documents, My Pictures, My Music or anything like that it appears that the folder is empty. I know them to be hidden somehow, because I can still open my recent documents in Openoffice and I can still listen to my music in my Itunes. So, I just need to find out what is hiding my documents and delete it. Below I have my DDS and Attach, I also have a more current Malware Bytes Anti-Malware log if needed:

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Run by Owner at 19:44:20 on 2012-02-13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.360 [GMT 0:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\WSED\WSED.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\PersistenceThread.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [WSED] c:\program files\wsed\WSED.exe

mRun: [<NO NAME>]

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {FC1CEE43-039F-451A-9A5A-31D87D032853} - hxxp://netman.gold.ac.uk/client/tools/xc_loader_activex.ocx

TCP: DhcpNameServer = 158.223.0.200 158.223.0.201

TCP: Interfaces\{D59E085D-0870-4E3E-9F73-740B24AF4FA8} : DhcpNameServer = 158.223.0.200 158.223.0.201

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igdlogin - igdlogin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\jucvw6j4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2012-1-25 14248]

R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2012-1-25 5088896]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2012-1-25 110080]

R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2012-1-25 134144]

R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2012-1-25 133632]

R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2012-1-25 272256]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-1-25 162816]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-26 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-1-25 1684736]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-26 136176]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

.

=============== Created Last 30 ================

.

2012-02-13 18:21:28 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-13 14:38:48 448000 ---ha-w- c:\documents and settings\all users\application data\LuXIxkvMDmum.exe

2012-02-09 19:52:44 -------- d--h--w- c:\documents and settings\owner\application data\OpenOffice.org

2012-02-09 17:47:03 -------- d--h--w- c:\program files\OpenOffice.org 3

2012-02-09 17:46:36 73728 ---ha-w- c:\windows\system32\javacpl.cpl

2012-02-09 17:46:36 472808 ---ha-w- c:\windows\system32\deployJava1.dll

2012-01-27 00:08:11 -------- d--h--w- c:\documents and settings\owner\local settings\application data\Apple Computer

2012-01-27 00:07:46 26600 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-01-27 00:07:46 107368 ---ha-w- c:\windows\system32\GEARAspi.dll

2012-01-27 00:06:15 -------- d-----w- c:\program files\iPod

2012-01-27 00:06:03 -------- d--h--w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-01-27 00:06:02 -------- d-----w- c:\program files\iTunes

2012-01-27 00:05:10 -------- d--h--w- c:\documents and settings\owner\local settings\application data\Apple

2012-01-27 00:04:43 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-01-27 00:04:43 42496 ---ha-w- c:\windows\system32\drivers\usbaapl.sys

2012-01-27 00:04:06 -------- d-----w- c:\program files\Bonjour

2012-01-26 21:12:36 -------- d--h--w- c:\documents and settings\owner\application data\Malwarebytes

2012-01-26 21:12:16 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes

2012-01-26 21:12:14 20464 ---ha-w- c:\windows\system32\drivers\mbam.sys

2012-01-26 21:12:14 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware

2012-01-26 21:02:00 -------- d--h--w- c:\documents and settings\owner\local settings\application data\Temp

2012-01-26 20:56:54 -------- d--h--w- c:\documents and settings\owner\local settings\application data\Google

2012-01-26 20:56:44 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-26 20:34:39 -------- d--h--w- c:\program files\MSECache

2012-01-26 20:18:12 -------- d--h--r- c:\program files\Skype

2012-01-25 20:06:31 -------- d-----w- c:\windows\ie8updates

2012-01-25 19:49:43 -------- d-----w- c:\windows\system32\XPSViewer

2012-01-25 19:49:06 89088 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2012-01-25 19:48:55 89088 -c-h--w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2012-01-25 19:48:55 597504 -c-h--w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2012-01-25 19:48:55 597504 ---h--w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2012-01-25 19:48:55 117760 ------w- c:\windows\system32\prntvpt.dll

2012-01-25 19:48:54 575488 -c-h--w- c:\windows\system32\dllcache\xpsshhdr.dll

2012-01-25 19:48:54 575488 ------w- c:\windows\system32\xpsshhdr.dll

2012-01-25 19:48:54 1676288 -c-h--w- c:\windows\system32\dllcache\xpssvcs.dll

2012-01-25 19:48:54 1676288 ------w- c:\windows\system32\xpssvcs.dll

2012-01-25 19:48:54 -------- d-----w- C:\f3c4013db1ece3670958daa6

2012-01-25 19:42:55 -------- d--h--w- c:\documents and settings\owner\local settings\application data\Identities

2012-01-25 19:42:52 -------- d--h--w- c:\documents and settings\owner\application data\Windows Desktop Search

2012-01-25 19:42:16 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-01-25 19:42:16 -------- d--h--w- c:\program files\Windows Desktop Search

2012-01-25 19:41:54 98304 -c-h--w- c:\windows\system32\dllcache\nlhtml.dll

2012-01-25 19:41:54 29696 -c-h--w- c:\windows\system32\dllcache\mimefilt.dll

2012-01-25 19:41:54 192000 -c-h--w- c:\windows\system32\dllcache\offfilt.dll

2012-01-25 19:41:06 -------- d--h--w- c:\program files\Windows Media Connect 2

2012-01-25 19:39:32 -------- d--h--w- c:\windows\system32\LogFiles

2012-01-25 19:36:51 -------- d-----w- c:\windows\system32\URTTemp

2012-01-25 19:34:01 602112 -c-h--w- c:\windows\system32\dllcache\msfeeds.dll

2012-01-25 19:34:01 55296 -c-h--w- c:\windows\system32\dllcache\msfeedsbs.dll

2012-01-25 19:34:00 743424 -c-h--w- c:\windows\system32\dllcache\iedvtool.dll

2012-01-25 19:33:59 247808 -c-h--w- c:\windows\system32\dllcache\ieproxy.dll

2012-01-25 19:33:59 2000384 -c-h--w- c:\windows\system32\dllcache\iertutil.dll

2012-01-25 19:33:59 12800 -c-h--w- c:\windows\system32\dllcache\xpshims.dll

2012-01-25 19:33:54 11081728 -c-h--w- c:\windows\system32\dllcache\ieframe.dll

2012-01-25 19:31:28 6144 -c-h--w- c:\windows\system32\dllcache\iecompat.dll

2012-01-25 19:31:03 456320 -c-h--w- c:\windows\system32\dllcache\mrxsmb.sys

2012-01-25 19:30:56 139656 -c-h--w- c:\windows\system32\dllcache\rdpwd.sys

2012-01-25 19:30:50 10496 -c-h--w- c:\windows\system32\dllcache\ndistapi.sys

2012-01-25 19:29:59 105472 -c-h--w- c:\windows\system32\dllcache\mup.sys

2012-01-25 19:26:47 40960 -c-h--w- c:\windows\system32\dllcache\ndproxy.sys

2012-01-25 19:26:30 45568 -c-h--w- c:\windows\system32\dllcache\wab.exe

2012-01-25 19:26:08 590848 -c-h--w- c:\windows\system32\dllcache\rpcrt4.dll

2012-01-25 19:25:47 978944 -c-h--w- c:\windows\system32\dllcache\mfc42.dll

2012-01-25 19:25:47 953856 -c-h--w- c:\windows\system32\dllcache\mfc40u.dll

2012-01-25 19:25:12 617472 -c-h--w- c:\windows\system32\dllcache\comctl32.dll

2012-01-25 19:24:10 3558912 -c-h--w- c:\windows\system32\dllcache\moviemk.exe

2012-01-25 19:23:37 744448 -c-h--w- c:\windows\system32\dllcache\helpsvc.exe

2012-01-25 19:22:41 293376 ---h--w- c:\windows\system32\browserchoice.exe

2012-01-25 19:19:46 81920 -c-h--w- c:\windows\system32\dllcache\fontsub.dll

2012-01-25 19:19:46 119808 -c-h--w- c:\windows\system32\dllcache\t2embed.dll

2012-01-25 19:19:21 471552 -c-h--w- c:\windows\system32\dllcache\aclayers.dll

2012-01-25 19:18:02 1172480 -c-h--w- c:\windows\system32\dllcache\msxml3.dll

2012-01-25 19:16:07 153088 -c-h--w- c:\windows\system32\dllcache\triedit.dll

2012-01-25 19:06:22 337408 -c-h--w- c:\windows\system32\dllcache\netapi32.dll

2012-01-25 19:06:14 331776 -c-h--w- c:\windows\system32\dllcache\msadce.dll

2012-01-25 19:04:57 272128 -c-h--w- c:\windows\system32\dllcache\bthport.sys

2012-01-25 19:04:52 203136 -c-h--w- c:\windows\system32\dllcache\rmcast.sys

2012-01-25 19:01:11 -------- d-----w- c:\windows\system32\PreInstall

2012-01-25 19:01:09 -------- d--h--w- c:\windows\$hf_mig$

2012-01-25 18:57:12 -------- d-sh--w- c:\documents and settings\owner\IECompatCache

2012-01-25 18:57:04 -------- d-sh--w- c:\documents and settings\owner\PrivacIE

2012-01-25 18:56:11 -------- d-----w- c:\windows\system32\SoftwareDistribution

2012-01-25 18:52:14 -------- d-sh--w- c:\documents and settings\owner\IETldCache

2012-01-25 18:48:06 -------- dc-h--w- c:\windows\ie8

2012-01-25 18:21:59 -------- d-----w- c:\windows\system32\scripting

2012-01-25 18:21:59 -------- d-----w- c:\windows\l2schemas

2012-01-25 18:21:58 -------- d--h--w- c:\windows\system32\en

2012-01-25 18:21:58 -------- d--h--w- c:\windows\system32\bits

2012-01-25 18:19:53 -------- d-----w- c:\windows\ServicePackFiles

2012-01-25 18:19:41 294912 ---h--w- c:\program files\windows media player\dlimport.exe

2012-01-25 18:19:35 294912 -c-h--w- c:\windows\system32\dllcache\dlimport.exe

2012-01-25 18:15:24 19569 ----a-w- c:\windows\002602_.tmp

2012-01-25 18:12:19 -------- d-----w- c:\windows\EHome

2012-01-25 17:31:45 110080 ---ha-w- c:\windows\system32\drivers\IntcHdmi.sys

2012-01-25 17:31:43 920088 ---ha-w- c:\windows\system32\igxpun.exe

2012-01-25 17:31:43 319456 ---ha-w- c:\windows\system32\difxapi.dll

2012-01-25 17:22:21 -------- d--h--w- c:\windows\system32\Lang

2012-01-25 17:05:43 94208 ----a-w- c:\windows\CtDrvIns.exe

2012-01-25 17:05:43 53358 ----a-w- c:\windows\system32\OA012Pin.dll

2012-01-25 17:05:43 53358 ----a-w- c:\windows\OA012Cfg.exe

2012-01-25 17:05:43 28770 ----a-w- c:\windows\system32\OA012Pin.crl

2012-01-25 17:05:43 272256 ---ha-w- c:\windows\system32\drivers\OA012Vid.sys

2012-01-25 17:05:43 24667 ----a-w- c:\windows\system32\OA012Srv.exe

2012-01-25 17:05:43 24576 ----a-w- c:\windows\OA012Mon.exe

2012-01-25 17:05:43 134144 ---ha-w- c:\windows\system32\drivers\OA012Afx.sys

2012-01-25 17:05:43 133632 ---ha-w- c:\windows\system32\drivers\OA012Ufd.sys

2012-01-25 16:57:35 577536 ---ha-w- c:\windows\system32\EMSC.DLL

2012-01-25 16:57:34 14248 ---ha-w- c:\windows\system32\drivers\EMSC.sys

2012-01-25 16:57:32 -------- d--h--w- c:\documents and settings\all users\application data\XP32

2012-01-25 16:57:32 -------- d--h--w- c:\documents and settings\all users\application data\Win764

2012-01-25 16:57:32 -------- d--h--w- c:\documents and settings\all users\application data\Win732

2012-01-25 16:57:32 -------- d--h--w- c:\documents and settings\all users\application data\Vista64

2012-01-25 16:57:32 -------- d--h--w- c:\documents and settings\all users\application data\Vista32

2012-01-25 16:57:05 -------- d--h--w- c:\program files\WSED

2012-01-25 16:54:26 -------- d--h--w- c:\program files\Synaptics

2012-01-25 16:54:14 208304 ---ha-w- c:\windows\system32\drivers\SynTP.sys

2012-01-25 16:54:14 206120 ----a-w- c:\windows\system32\SynCtrl.dll

2012-01-25 16:54:14 169256 ----a-w- c:\windows\system32\SynCOM.dll

2012-01-25 16:54:14 161064 ----a-w- c:\windows\system32\SynTPAPI.dll

2012-01-25 16:54:14 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2012-01-25 16:54:02 6272 ---ha-w- c:\windows\system32\drivers\splitter.sys

2012-01-25 16:53:59 83072 ---ha-w- c:\windows\system32\drivers\wdmaud.sys

2012-01-25 16:53:57 52864 ---ha-w- c:\windows\system32\drivers\dmusic.sys

2012-01-25 16:53:48 56576 ---ha-w- c:\windows\system32\drivers\swmidi.sys

2012-01-25 16:53:46 142592 ---ha-w- c:\windows\system32\drivers\aec.sys

2012-01-25 16:53:45 172416 ---ha-w- c:\windows\system32\drivers\kmixer.sys

2012-01-25 16:53:43 2944 ---ha-w- c:\windows\system32\drivers\drmkaud.sys

2012-01-25 16:53:41 60800 ---ha-w- c:\windows\system32\drivers\sysaudio.sys

2012-01-25 16:50:21 -------- d-----w- c:\windows\system32\RTCOM

2012-01-25 16:50:15 60160 ---ha-w- c:\windows\system32\drivers\drmk.sys

2012-01-25 16:45:59 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll

2012-01-25 16:45:59 266240 ----a-w- c:\windows\system32\RtsUStor.dll

2012-01-25 16:45:59 162816 ---ha-w- c:\windows\system32\drivers\RtsUStor.sys

2012-01-25 16:44:30 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2012-01-25 16:44:30 234392 ---ha-w- c:\windows\system32\drivers\Rtenicxp.sys

2012-01-25 16:44:29 -------- d--h--w- c:\program files\Realtek

2012-01-25 16:41:54 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2012-01-25 16:41:38 -------- d-----w- C:\2607fc3a3d0f25617b1a7a0bc99463

2012-01-25 16:41:10 -------- d-----w- c:\program files\Function Keys

2012-01-25 16:32:40 -------- d-----w- c:\windows\system32\ReinstallBackups

2012-01-25 16:32:37 53248 ---ha-w- c:\windows\system32\CSVer.dll

2012-01-25 16:32:14 -------- d-----w- C:\Intel

2012-01-25 16:31:46 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll

2012-01-25 16:31:46 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll

2012-01-25 16:31:46 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe

2012-01-25 16:31:46 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2012-01-25 16:31:46 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll

2012-01-25 16:31:46 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll

2012-01-25 16:31:45 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll

2012-01-25 16:31:45 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll

2012-01-25 16:27:59 12160 -c-ha-w- c:\windows\system32\dllcache\mouhid.sys

2012-01-25 16:27:59 12160 ---ha-w- c:\windows\system32\drivers\mouhid.sys

2012-01-25 16:27:52 10368 -c-ha-w- c:\windows\system32\dllcache\hidusb.sys

2012-01-25 16:27:52 10368 ---ha-w- c:\windows\system32\drivers\hidusb.sys

.

==================== Find3M ====================

.

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll

.

============= FINISH: 19:45:43.64 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 25/01/2012 14:17:16

System Uptime: 13/02/2012 19:42:08 (0 hours ago)

.

Motherboard: Dell Inc. | | 0R990K

Processor: Intel® Atom CPU Z520 @ 1.33GHz | U3E1 | 1329/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 111.287 GiB free.

D: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 25/01/2012 15:14:11 - System Checkpoint

RP2: 25/01/2012 16:37:38 - Installed Function Keys

RP3: 25/01/2012 18:15:29 - Installed Windows XP Service Pack 3.

RP4: 25/01/2012 18:48:59 - Installed Windows Internet Explorer 8.

RP5: 25/01/2012 19:00:26 - Software Distribution Service 3.0

RP6: 25/01/2012 19:36:39 - Software Distribution Service 3.0

RP7: 26/01/2012 20:34:51 - Installed Compatibility Pack for the 2007 Office system

RP8: 26/01/2012 22:55:54 - Software Distribution Service 3.0

RP9: 27/01/2012 00:05:43 - Installed iTunes

RP10: 27/01/2012 00:51:36 - Software Distribution Service 3.0

RP11: 27/01/2012 11:55:13 - Software Distribution Service 3.0

RP12: 28/01/2012 03:00:19 - Software Distribution Service 3.0

RP13: 29/01/2012 22:37:46 - System Checkpoint

RP14: 31/01/2012 01:45:10 - System Checkpoint

RP15: 01/02/2012 13:04:41 - System Checkpoint

RP16: 02/02/2012 13:13:10 - System Checkpoint

RP17: 03/02/2012 14:42:51 - System Checkpoint

RP18: 04/02/2012 19:54:07 - System Checkpoint

RP19: 05/02/2012 20:00:37 - System Checkpoint

RP20: 07/02/2012 00:33:59 - System Checkpoint

RP21: 08/02/2012 13:15:46 - System Checkpoint

RP22: 09/02/2012 14:01:49 - System Checkpoint

RP23: 09/02/2012 17:45:04 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP24: 09/02/2012 17:46:15 - Installed Java 6 Update 22

RP25: 09/02/2012 17:46:58 - Installed OpenOffice.org 3.3

RP26: 10/02/2012 20:36:10 - System Checkpoint

RP27: 11/02/2012 20:42:39 - System Checkpoint

RP28: 12/02/2012 22:47:32 - System Checkpoint

RP29: 13/02/2012 15:49:53 - Restore Operation

RP30: 13/02/2012 15:52:00 - Restore Operation

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Compatibility Pack for the 2007 Office system

Dell Touchpad

Dell Wireless WLAN Card Utility

EMSC

Function Keys

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976002-v5)

Integrated Webcam Driver (1.05.01.0820)

Intel® Graphics Media Accelerator 500

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java 6 Update 22

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 10.0 (x86 en-GB)

OpenOffice.org 3.3

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Skype Click to Call

Skype™ 5.5

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB2.0 Card Reader Software

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

WSED

.

==== Event Viewer Messages From Past Week ========

.

13/02/2012 19:37:42, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

13/02/2012 15:52:01, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

07/02/2012 12:44:14, error: System Error [1003] - Error code 000000f7, parameter1 fffefefe, parameter2 0000bb40, parameter3 ffff44bf, parameter4 00000000.

06/02/2012 18:42:36, error: Dhcp [1002] - The IP address lease 10.170.163.62 for the Network Card with network address 002170FA1864 has been denied by the DHCP server 10.162.0.3 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Let me know if that solved your problem.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.