Jump to content

Small office got HAMMERED yesterday. Trojan.Agent, Trojan.Backdoor, etc


Recommended Posts

A real malware fest. :/ I have about 8 computers that I was forced to run ComboFix (safemode), TDSS Killer (safemode), MBAM, SUPERAntiSpyware, and BitDefender on (2 of them still have AVG, just switched over a couple days ago. I believe the original infection is some kind of worm base on how fast it spread around the office, but I haven't seen any in the logs yet. I have the office back up to a basic working state, went after the PCs that I thought might have been the source first, but have 3 left that are turned off until I can safely focus on them. They are all Windows XP SP3 and I need help cleaning every single one of them, and they all seem to have unique trojan infections, including one that is reporting over 1,000 password protected files that BitDefender can't scan.

I am including the DDS logs for that machine. Your help is most appreciated

This machine had PUP.Dealio.TB and Adware.Hotbar detected by Malwarebytes as the first recognition of a problem. Let me know if you need more information other than the DDS logs posted here

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by Trever at 8:55:07 on 2012-12-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.440 [GMT -8:00]

.

AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: Bitdefender Firewall *Enabled*

.

============== Running Processes ================

.

C:\Program Files\Bitdefender\Bitdefender Small Business Security\vsserv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Bitdefender\Bitdefender Small Business Security\updatesrv.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Bitdefender\Bitdefender Small Business Security\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Bitdefender\Bitdefender Small Business Security\downloader.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: <No Name>: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [DW6] <no file>

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [bdagent] c:\program files\bitdefender\bitdefender small business security\bdagent.exe

mRun: [sunJavaUpdateSched] c:\program files\java\jre7\bin\jusched.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - <orphaned>

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355308694015

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://streampc.dyndns.org/MLWebCacheCleaner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} - hxxps://streampc.dyndns.org/NGVPNTunnel.cab

TCP: Interfaces\{E8050BE9-D7F6-4D69-A4B5-B6F5F44AA9B9} : NameServer = 68.94.156.1,68.94.156.2

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-12-10 622616]

R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2012-12-10 161312]

R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2012-12-10 72704]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender small business security\updatesrv.exe [2012-12-10 55544]

R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-12-10 481464]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2012-12-10 116248]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-12 22856]

R3 NGSSLDrv;VPN Tunnel NGSSLDrv Adapter;c:\windows\system32\drivers\NGSSLDrv.sys [2007-12-19 17632]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-12 399432]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-12 676936]

S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-12-10 66392]

S3 DIRECTIO;DIRECTIO;c:\program files\performancetest\DirectIo32.sys [2012-12-7 22120]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-12-12 16:53:19 -------- d-----w- c:\documents and settings\trever\application data\SUPERAntiSpyware.com

2012-12-12 09:21:16 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-12-12 09:21:16 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2012-12-12 08:32:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 08:32:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-12 06:33:32 -------- d-sha-r- C:\cmdcons

2012-12-11 17:03:12 -------- d-----w- c:\documents and settings\trever\application data\Malwarebytes

2012-12-11 17:02:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-12-11 03:31:13 242504 ----a-w- c:\windows\system32\drivers\avchv.sys

2012-12-11 02:55:13 -------- d-----w- c:\documents and settings\all users\application data\BDLogging

2012-12-11 02:55:00 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys

2012-12-11 02:54:45 116248 ----a-w- c:\windows\system32\drivers\bdfndisf.sys

2012-12-11 02:54:08 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys

2012-12-11 02:54:08 511328 ----a-w- c:\windows\capicom.dll

2012-12-11 02:53:54 481464 ----a-w- c:\windows\system32\drivers\avckf.sys

2012-12-11 02:53:52 622616 ----a-w- c:\windows\system32\drivers\avc3.sys

2012-12-11 02:30:40 -------- d-----w- c:\documents and settings\trever\application data\Bitdefender

2012-12-11 02:30:37 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender

2012-12-11 02:26:10 -------- d-----w- c:\documents and settings\trever\application data\QuickScan

2012-12-11 02:24:36 343456 ----a-w- c:\windows\system32\drivers\trufos.sys

2012-12-11 02:24:36 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys

2012-12-11 02:24:36 -------- d-----w- c:\program files\Bitdefender

2012-12-11 01:52:19 -------- d-----w- c:\program files\common files\Bitdefender

2012-12-07 23:08:22 -------- d-----w- c:\documents and settings\trever\local settings\application data\PassMark

2012-12-07 23:07:51 -------- d-----w- c:\documents and settings\all users\application data\Passmark

2012-12-07 23:07:44 -------- d-----w- c:\program files\PerformanceTest

2012-12-06 22:04:22 -------- d-----w- c:\program files\Citrix

2012-12-04 18:04:00 -------- d-----w- c:\documents and settings\trever\application data\webex

2012-12-04 17:59:01 -------- d-----w- c:\documents and settings\trever\local settings\application data\Sun

2012-12-04 17:57:02 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-04 17:56:29 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2012-12-12 07:26:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 07:26:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-04 17:55:48 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-12-04 17:55:46 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

.

============= FINISH: 8:56:33.81 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/29/2006 9:51:03 AM

System Uptime: 12/12/2012 4:30:51 AM (4 hours ago)

.

Motherboard: Dell Inc. | | 0HJ054

Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 145 GiB total, 108.165 GiB free.

D: is CDROM ()

R: is NetworkDisk (UDF) - 0 GiB total, 0 GiB free.

Z: is NetworkDisk (NTFS) - 2081 GiB total, 1028.36 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Acrobat 7.0 Professional

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Creative Suite 2

Adobe Flash Player 11 ActiveX

Adobe GoLive CS2

Adobe Help Center 1.0

Adobe Illustrator CS2

Adobe InDesign CS2

Adobe Photoshop CS2

Adobe Reader XI

Adobe Stock Photos 1.0

Adobe SVG Viewer 3.0

Adobe Version Cue CS2

Amazon MP3 Downloader 1.0.3

Apple Application Support

Apple Software Update

ATI Control Panel

ATI Display Driver

Bitdefender Small Business Security

Compatibility Pack for the 2007 Office system

Corel Photo Album 6

Critical Update for Windows Media Player 11 (KB959772)

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Support Center

Dell System Restore

DellSupport

Digital Content Portal

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.3.0.1009

High Definition Audio Driver Package - KB835221

Hotfix 2055 for SQL Server 2000 ENU (KB960082)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ICS Viewer 6.0

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

Java 7 Update 9

Java Auto Updater

Learn2 Player (Uninstall Only)

Macromedia Flash Player

Malwarebytes Anti-Malware version 1.65.1.1000

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Basic Edition 2003

Microsoft Office File Validation Add-In

Microsoft Office Small Business Accounting 2006

Microsoft Office Small Business Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Musicmatch for Windows Media Player

Musicmatch® Jukebox

NCSS - PASS

ParcelQuest 4.1

PerformanceTest v8.0

Picasa 3

Qualxserve Service Agreement

QuickBooks Simple Start Special Edition

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Roxio Update Manager

SBA

Search Assist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SHARP MX/DX Series PCL/PS Printer Driver

Sibelius Scorch (ActiveX Only)

SketchUp 8

Sonic Activation Module

SoulSeek Client 156c

SpeechRedist

Spybot - Search & Destroy 1.4

Suite Specific

SUPERAntiSpyware

The Weather Channel Desktop 6

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

WebEx

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix - KB895316

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows XP Service Pack 3

Zimbra Desktop

.

==== Event Viewer Messages From Past Week ========

.

12/11/2012 11:54:43 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

12/11/2012 11:54:09 PM, error: Service Control Manager [7034] - The Adobe Version Cue CS2 service terminated unexpectedly. It has done this 1 time(s).

12/11/2012 11:09:56 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

12/11/2012 11:09:56 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/11/2012 10:28:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdselfpr BDVEDISK Fips gzflt intelppm trufos

12/11/2012 10:27:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

12/11/2012 10:27:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

Link to post
Share on other sites

Hi,

Download Security Check to your desktop.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe to run the program
  • A black window will appear. Follow the instructions on the screen
  • A notepad document should open automatically called checkup.txt

Download AdwCleaner to your desktop.

  • Close all open programs and internet browsers
  • Double click on AdwCleaner.exe to run the tool
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

If you still have Combofix, please delete it. We will download a new version.

You might want to print print out or copy these instructions into notepad.

Please download Comboxfix from one of these links and save it to your desktop.

Before running Combofix, please turn off any security software you have running. If you need help with this, please read this here.

Combofix may need to reboot your computer more than once to do its job; this is normal.

1. Close any open browsers and any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe and follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please paste the following:

  • Security Check log
  • AdwCleaner log
  • Combofix log

Link to post
Share on other sites

thank you for the reply. i was in a very serious situation and had to do something fast because it was spreading out of control around my office. at the advice of a local computer tech, i ran combox fix and tdsskiller in safemode on all the pcs, then followed it up by malewarebytes and superantispyware scans in regular mode. i was very careful to keep computers from becoming instantly re-infected by whichever ones were spreading trojans on the network, and the situation is back to manageable. none of the pcs had any trouble or errors running combofix. should i re-post a new DDS file for this machine, or start a new post? I'll need a couple days to reply as it is now the weekend and worked about 70 hours this week already! :D

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.