infectedcomputer Posted August 2, 2010 ID:294107 Share Posted August 2, 2010 Hi,My antivirus (MSE) has detected a virus named TrojanDowloader:Win32/Unruy. I removed the virus, it asked me to reboot the computer so i did then it came back. please help.i followed the instructions herehttp://forums.malwarebytes.org/index.php?showtopic=9573DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 18:55:48.37 on Sun 08/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351.87 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\program files\pcsgvmbqezmzr\jdqguja.exeC:\program files\pcsgvmbqezmzr\jdqguja.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\User\Desktop\dds.scr============== Pseudo HJT Report ===============uSearch Page = ${URL_SEARCHPAGE}uSearch Bar = hxxp://www.google.comuStart Page = hxxp://www.google.commDefault_Page_URL = hxxp://in.yahoo.commSearch Page = ${URL_SEARCHPAGE}mStart Page = ${URL_STARTPAGE}mSearch Bar = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: H - No FilemWinlogon: SfcDisable=-99 (0xffffff9d)BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No FileBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTOuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jduRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jdmRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jdmRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [soundMan] SOUNDMAN.EXEmRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNCmRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,NuPolicies-explorer: NoResolveTrack = 1 (0x1)uPolicies-explorer: NoSMMyPictures = 1 (0x1)uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)mPolicies-system: DisableCAD = 1 (0x1)dPolicies-explorer: NoSMHelp = 1 (0x1)dPolicies-explorer: NoResolveTrack = 1 (0x1)dPolicies-explorer: NoSMMyPictures = 1 (0x1)dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlTrusted Zone: kuaiche.com\softwareDPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/stg_drm.ocxDPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271369202235DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.solidaxision.com/setup/solidstateion.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocxDPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} - hxxp://images.friendster.com/201003A-017/js/aurigma/FriendsterImageUploader.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL============= SERVICES / DRIVERS ===============R0 ndisex;ndisex;c:\windows\system32\drivers\ndisex.sys [2010-3-17 18432]R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-1-24 53248]R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2010-1-23 21144]R1 atapint;atapint;c:\windows\system32\drivers\atapint.sys [2010-3-17 18944]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]S1 asyncm2k;asyncm2k;c:\windows\system32\drivers\asyncm2k.sys --> c:\windows\system32\drivers\asyncm2k.sys [?]S2 KAVSafe;KAVSafe;\??\c:\windows\system32\drivers\kavsafe.sys --> c:\windows\system32\drivers\KAVSafe.sys [?]S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2010-1-24 714240]S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]=============== Created Last 30 ================2010-08-05 08:11:52 0 d-----w- c:\program files\Paint.NET2010-08-05 06:19:54 0 d--h--r- C:\AHCache2010-08-01 21:53:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-01 21:53:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-01 21:53:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-01 17:48:24 0 ----a-w- c:\documents and settings\user\defogger_reenable2010-08-01 17:30:24 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat2010-08-01 01:20:31 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes2010-08-01 00:17:21 0 d-----w- c:\program files\SUPERAntiSpyware2010-07-31 23:54:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-07-31 23:27:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-07-31 23:26:32 0 d-----w- c:\program files\Pando Networks2010-07-31 23:26:32 0 d-----w- c:\program files\Monopoly City2010-07-31 23:26:32 0 d-----w- c:\program files\Fizzy2010-07-31 23:26:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files2010-07-31 23:26:27 0 d-----w- c:\windows\Virtual Families2010-07-31 23:26:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Cached Installations2010-07-31 23:26:25 0 d-----w- c:\docume~1\user\applic~1\SpinTop2010-07-31 23:26:22 0 d-----w- c:\windows\Diner Dash Flo Through Time2010-07-31 22:24:20 0 d-----w- c:\windows\system32\XPSViewer2010-07-31 20:08:52 0 d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com2010-07-31 19:32:43 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-07-31 19:32:42 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-07-30 22:19:38 0 d-----w- c:\windows\uninstall2010-07-30 19:05:56 0 d-----w- c:\windows\system32\wbem\Repository2010-07-29 19:08:51 679936 ----a-w- c:\windows\system32\D3DX81ab.dll2010-07-29 19:08:51 1970176 ----a-w- c:\windows\system32\d3dx9.dll2010-07-29 19:08:31 0 d-----w- c:\program files\Cheat Engine2010-07-27 22:59:24 0 d-----w- c:\program files\Virtual Families2010-07-27 20:58:41 224 ----a-w- c:\windows\system32\9B13A86D.plf2010-07-27 04:12:18 0 d-----w- c:\docume~1\user\applic~1\Pogo2010-07-27 04:12:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Pogo2010-07-23 20:46:27 25 ----a-w- c:\windows\popcinfot.dat2010-07-23 06:09:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia2010-07-23 06:08:26 19 ----a-w- c:\windows\popcinfo.dat2010-07-22 16:54:07 0 d-----w- C:\Desktop2010-07-22 16:08:09 642 ----a-w- c:\windows\system32\runkgb.lnk2010-07-21 19:49:39 787 ----a-w- c:\windows\system\akstart.lnk2010-07-17 21:07:52 0 d-----w- c:\docume~1\user\applic~1\fizzy2010-07-16 21:15:26 0 d-----w- c:\docume~1\user\applic~1\uTorrent2010-07-14 02:58:07 0 d-----w- c:\program files\common files\Futuremark Shared2010-07-07 19:46:38 16832 ----a-w- c:\windows\system32\amcompat.tlb2010-07-07 19:46:37 23392 ----a-w- c:\windows\system32\nscompat.tlb==================== Find3M ====================2010-08-01 22:28:45 9845 -c--a-w- c:\windows\system32\msw2n1o0e.dll2010-07-23 06:07:40 737280 -c--a-w- c:\windows\iun6002.exe2010-07-17 19:46:07 30912 -c-ha-w- c:\windows\system32\mlfcache.dat2010-06-28 19:30:41 15728 ----a-w- c:\windows\system32\drivers\bootsafe.sys2010-06-28 19:30:32 24472 ----a-w- c:\windows\system32\drivers\bc.sys2010-06-13 01:52:09 1770 ----a-w- c:\windows\system32\secushr.dat2010-06-01 17:37:48 221568 -c----w- c:\windows\system32\MpSigStub.exe2010-05-20 22:40:10 20 -c--a-w- c:\docume~1\user\applic~1\qvjsge.dat2010-05-11 01:51:41 286720 -c----w- c:\windows\Setup1.exe2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe============= FINISH: 18:57:15.74 ===============attach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted August 2, 2010 Staff ID:294391 Share Posted August 2, 2010 Hello and welcome to Malwarebytes.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
infectedcomputer Posted August 4, 2010 Author ID:295113 Share Posted August 4, 2010 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4386Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187028/3/2010 7:12:22 PMmbam-log-2010-08-03 (19-12-22).txtScan type: Quick scanObjects scanned: 141359Time elapsed: 32 minute(s), 59 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\System volume information\Microsoft\services.exe (Trojan.Cycler) -> Delete on reboot.C:\System volume information\Microsoft\smss.exe (Trojan.Cycler) -> Delete on reboot. Link to post Share on other sites More sharing options...
infectedcomputer Posted August 4, 2010 Author ID:295125 Share Posted August 4, 2010 DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 19:34:36.08 on Tue 08/03/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351.60 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\program files\pcsgvmbqezmzr\jdqguja.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\program files\pcsgvmbqezmzr\jdqguja.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\User\Desktop\dds.scr============== Pseudo HJT Report ===============uSearch Page = ${URL_SEARCHPAGE}uSearch Bar = hxxp://www.google.comuStart Page = hxxp://www.google.commDefault_Page_URL = hxxp://in.yahoo.commSearch Page = ${URL_SEARCHPAGE}mStart Page = ${URL_STARTPAGE}mSearch Bar = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: H - No FilemWinlogon: SfcDisable=-99 (0xffffff9d)BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No FileBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTOuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jduRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jdmRun: [35712] c:\program files\pcsgvmbqezmzr\jdqguja.exe jdmRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [soundMan] SOUNDMAN.EXEmRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNCmRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptdRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,NuPolicies-explorer: NoResolveTrack = 1 (0x1)uPolicies-explorer: NoSMMyPictures = 1 (0x1)uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)mPolicies-system: DisableCAD = 1 (0x1)dPolicies-explorer: NoSMHelp = 1 (0x1)dPolicies-explorer: NoResolveTrack = 1 (0x1)dPolicies-explorer: NoSMMyPictures = 1 (0x1)dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlTrusted Zone: kuaiche.com\softwareDPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/stg_drm.ocxDPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271369202235DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.solidaxision.com/setup/solidstateion.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocxDPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} - hxxp://images.friendster.com/201003A-017/js/aurigma/FriendsterImageUploader.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL============= SERVICES / DRIVERS ===============R0 ndisex;ndisex;c:\windows\system32\drivers\ndisex.sys [2010-3-17 18432]R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-1-24 53248]R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2010-1-23 21144]R1 atapint;atapint;c:\windows\system32\drivers\atapint.sys [2010-3-17 18944]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]S1 asyncm2k;asyncm2k;c:\windows\system32\drivers\asyncm2k.sys --> c:\windows\system32\drivers\asyncm2k.sys [?]S2 KAVSafe;KAVSafe;\??\c:\windows\system32\drivers\kavsafe.sys --> c:\windows\system32\drivers\KAVSafe.sys [?]S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2010-1-24 714240]S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]=============== Created Last 30 ================2010-08-05 08:11:52 0 d-----w- c:\program files\Paint.NET2010-08-05 06:19:54 0 d--h--r- C:\AHCache2010-08-04 02:12:36 54016 ----a-w- c:\windows\system32\drivers\lnmv.sys2010-08-03 02:25:16 8462336 ------w- c:\windows\system32\dllcache\shell32.dll2010-08-01 21:53:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-01 21:53:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-01 21:53:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-01 17:48:24 0 ----a-w- c:\documents and settings\user\defogger_reenable2010-08-01 17:30:24 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat2010-08-01 01:20:31 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes2010-08-01 00:17:21 0 d-----w- c:\program files\SUPERAntiSpyware2010-07-31 23:54:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-07-31 23:27:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-07-31 23:26:32 0 d-----w- c:\program files\Pando Networks2010-07-31 23:26:32 0 d-----w- c:\program files\Monopoly City2010-07-31 23:26:32 0 d-----w- c:\program files\Fizzy2010-07-31 23:26:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files2010-07-31 23:26:27 0 d-----w- c:\windows\Virtual Families2010-07-31 23:26:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Cached Installations2010-07-31 23:26:25 0 d-----w- c:\docume~1\user\applic~1\SpinTop2010-07-31 23:26:22 0 d-----w- c:\windows\Diner Dash Flo Through Time2010-07-31 22:24:20 0 d-----w- c:\windows\system32\XPSViewer2010-07-31 20:08:52 0 d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com2010-07-31 19:32:43 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-07-31 19:32:42 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-07-30 22:19:38 0 d-----w- c:\windows\uninstall2010-07-30 19:05:56 0 d-----w- c:\windows\system32\wbem\Repository2010-07-29 19:08:31 0 d-----w- c:\program files\Cheat Engine2010-07-27 22:59:24 0 d-----w- c:\program files\Virtual Families2010-07-27 20:58:41 224 ----a-w- c:\windows\system32\9B13A86D.plf2010-07-27 04:12:18 0 d-----w- c:\docume~1\user\applic~1\Pogo2010-07-27 04:12:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Pogo2010-07-23 20:46:27 25 ----a-w- c:\windows\popcinfot.dat2010-07-23 06:09:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia2010-07-23 06:08:26 19 ----a-w- c:\windows\popcinfo.dat2010-07-22 16:54:07 0 d-----w- C:\Desktop2010-07-22 16:08:09 642 ----a-w- c:\windows\system32\runkgb.lnk2010-07-21 19:49:39 787 ----a-w- c:\windows\system\akstart.lnk2010-07-17 21:07:52 0 d-----w- c:\docume~1\user\applic~1\fizzy2010-07-16 21:15:26 0 d-----w- c:\docume~1\user\applic~1\uTorrent2010-07-14 02:58:07 0 d-----w- c:\program files\common files\Futuremark Shared2010-07-07 19:46:38 16832 ----a-w- c:\windows\system32\amcompat.tlb2010-07-07 19:46:37 23392 ----a-w- c:\windows\system32\nscompat.tlb==================== Find3M ====================2010-08-03 20:09:15 2589 -c--a-w- c:\windows\system32\comcat.dll2010-07-23 06:07:40 737280 -c--a-w- c:\windows\iun6002.exe2010-07-17 19:46:07 30912 -c-ha-w- c:\windows\system32\mlfcache.dat2010-06-28 19:30:41 15728 ----a-w- c:\windows\system32\drivers\bootsafe.sys2010-06-28 19:30:32 24472 ----a-w- c:\windows\system32\drivers\bc.sys2010-06-13 01:52:09 1770 ----a-w- c:\windows\system32\secushr.dat2010-06-01 17:37:48 221568 -c----w- c:\windows\system32\MpSigStub.exe2010-05-20 22:40:10 20 -c--a-w- c:\docume~1\user\applic~1\qvjsge.dat2010-05-11 01:51:41 286720 -c----w- c:\windows\Setup1.exe============= FINISH: 19:36:14.66 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted August 4, 2010 Staff ID:295249 Share Posted August 4, 2010 Hi,Did you see my instructions for running ComboFix? Link to post Share on other sites More sharing options...
infectedcomputer Posted August 4, 2010 Author ID:295498 Share Posted August 4, 2010 Hi,Im still working on it Link to post Share on other sites More sharing options...
infectedcomputer Posted August 4, 2010 Author ID:295552 Share Posted August 4, 2010 ComboFix 10-08-04.02 - User 08/04/2010 12:43:32.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351.84 [GMT -7:00]Running from: c:\documents and settings\User\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnkc:\documents and settings\User\Application Data\BITSc:\documents and settings\User\Application Data\BITS\BITS.inic:\documents and settings\User\Application Data\BITS\DHTTable.datc:\documents and settings\User\Application Data\BITS\ProxyList.inic:\documents and settings\User\Application Data\BITS\Torrent\20100612182309.torrentc:\documents and settings\User\Application Data\BITS\Torrent\20100612182309.torrent.filelistc:\documents and settings\User\Application Data\BITS\Torrent\20100612182317.torrentc:\documents and settings\User\Application Data\BITS\Torrent\20100612182317.torrent.filelistc:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrentc:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrent.~tmpc:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrent.bitsc:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrent.filelistc:\documents and settings\User\Application Data\BITS\Torrent\20100612182318.torrent.statisticc:\documents and settings\User\Application Data\BITS\Torrent\20100612182549.torrentc:\documents and settings\User\Application Data\BITS\Torrent\20100612182549.torrent.filelistc:\documents and settings\User\Application Data\BITS\Torrent\20100612182611.torrentc:\documents and settings\User\Application Data\BITS\Torrent\20100612182611.torrent.filelistc:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrentc:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.~tmpc:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.bitsc:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.filelistc:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.hybridlistc:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.seedsc:\documents and settings\User\Application Data\BITS\Torrent\20100612182612.torrent.statisticc:\documents and settings\User\Application Data\BITS\Torrent\20100612184027.torrentc:\documents and settings\User\Application Data\BITS\Torrent\20100612184027.torrent.filelistc:\documents and settings\User\Application Data\FlashGetBHOc:\documents and settings\User\Application Data\FlashGetBHO\FlashGetBHO3.dllc:\documents and settings\User\Application Data\FlashGetBHO\FlashGetHook.dllc:\documents and settings\User\Application Data\FlashGetBHO\GetAllUrl.htmc:\documents and settings\User\Application Data\FlashGetBHO\GetUrl.htmc:\program files\FlashGet Networkc:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_03.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_107x7322222.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_1309444450.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_33665566.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5-04400194A.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5_4504_1.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_a44.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_a66999.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_km.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\client_OL-2.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1276393331.zipc:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gifc:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txtc:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpgc:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gifc:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bakc:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.dbc:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.inic:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.datc:\program files\FlashGet Network\FlashGet 3\dat\torrent\1641610_[isoHunt] Naruto Ultimate Ninja Heroes USA.cso.torrentc:\program files\FlashGet Network\FlashGet 3\dat\torrent\1815450_PSP_Naruto_Shippuden_Ultimate_Ninja_Heroes_3__JAP__PSP__WwW_GamesTorr.torrentc:\program files\FlashGet Network\FlashGet 3\P2PCfg.inic:\program files\FlashGet Network\FlashGet 3\perf.inic:\program files\FlashGet Network\FlashGet 3\pstat.datc:\program files\FlashGet Network\FlashGet 3\pup.datc:\system volume information\Microsoftc:\system volume information\Microsoft\services.exec:\system volume information\Microsoft\smss.exec:\windows\system32\del.batc:\windows\system32\msconfig.exec:\windows\system32\secushr.datc:\windows\system32\secustat.dat.\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected.((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 ))))))))))))))))))))))))))))))).2010-08-05 08:11 . 2010-07-31 23:24 -------- d-----w- c:\program files\Paint.NET2010-08-05 08:11 . 2010-08-04 04:37 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Paint.NET2010-08-05 06:26 . 2010-08-05 06:26 -------- d-----w- c:\program files\Reference Assemblies2010-08-05 06:19 . 2010-08-05 06:19 -------- d-----r- C:\AHCache2010-08-03 02:25 . 2010-07-27 06:30 8462336 ------w- c:\windows\system32\dllcache\shell32.dll2010-08-01 21:53 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-01 21:53 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-01 21:53 . 2010-08-01 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-01 01:20 . 2010-08-01 01:20 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes2010-08-01 00:18 . 2010-08-01 00:18 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll2010-08-01 00:18 . 2010-08-01 00:18 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll2010-08-01 00:17 . 2010-08-01 00:17 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL2010-08-01 00:17 . 2010-08-01 00:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com2010-08-01 00:17 . 2010-08-01 00:17 -------- d-----w- c:\program files\SUPERAntiSpyware2010-07-31 23:54 . 2010-07-31 23:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2010-07-31 23:54 . 2010-07-31 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-07-31 23:38 . 2010-07-31 23:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Paint.NET2010-07-31 23:27 . 2010-07-31 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\program files\Pando Networks2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\program files\Monopoly City2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\program files\Fizzy2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PMB Files2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\windows\Virtual Families2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\User\Application Data\SpinTop2010-07-31 23:26 . 2010-07-31 23:26 -------- d-----w- c:\windows\Diner Dash Flo Through Time2010-07-31 23:22 . 2010-07-31 23:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2010-07-31 22:24 . 2010-07-31 23:27 -------- d-----w- c:\windows\system32\XPSViewer2010-07-31 22:24 . 2010-07-31 22:24 -------- d-----w- c:\program files\MSBuild2010-07-31 20:11 . 2010-07-31 20:11 63488 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll2010-07-31 20:11 . 2010-07-31 20:11 52224 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll2010-07-31 20:11 . 2010-07-31 20:11 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL2010-07-31 20:08 . 2010-07-31 20:08 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com2010-07-31 19:34 . 2010-07-31 23:27 -------- d-----w- c:\program files\Common Files\Java2010-07-31 19:32 . 2010-07-31 19:31 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-07-30 22:19 . 2010-08-03 20:09 -------- d-----w- c:\windows\uninstall2010-07-30 19:05 . 2010-07-30 19:05 -------- d-----w- c:\windows\system32\wbem\Repository2010-07-29 19:08 . 2010-08-03 20:13 -------- d-----w- c:\program files\Cheat Engine2010-07-28 04:49 . 2010-07-28 04:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2010-07-28 04:48 . 2010-07-28 04:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE2010-07-27 22:59 . 2010-07-31 23:26 -------- d-----w- c:\program files\Virtual Families2010-07-27 04:12 . 2010-07-27 04:12 -------- d-----w- c:\documents and settings\User\Application Data\Pogo2010-07-27 04:12 . 2010-07-27 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Pogo2010-07-23 20:46 . 2010-07-23 22:24 25 ----a-w- c:\windows\popcinfot.dat2010-07-23 18:00 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst2010-07-23 18:00 . 2010-07-24 03:01 -------- d-----w- c:\documents and settings\User\Application Data\PlayFirst2010-07-23 06:09 . 2010-07-31 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia2010-07-23 06:08 . 2010-07-23 20:31 19 ----a-w- c:\windows\popcinfo.dat2010-07-22 16:54 . 2010-07-31 23:26 -------- d-----w- C:\Desktop2010-07-17 21:07 . 2010-07-17 21:07 -------- d-----w- c:\documents and settings\User\Application Data\fizzy2010-07-16 21:15 . 2010-08-01 17:44 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent2010-07-14 02:58 . 2010-07-14 02:58 -------- d-----w- c:\program files\Common Files\Futuremark Shared2010-07-14 02:58 . 2010-07-14 02:58 -------- d--h--w- c:\program files\InstallShield Installation Information.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-04 19:36 . 2010-03-03 18:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-08-03 20:09 . 2001-08-23 11:00 2589 -c--a-w- c:\windows\system32\comcat.dll2010-08-01 01:21 . 2010-01-24 05:34 29632 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-31 23:38 . 2010-01-24 19:15 29632 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-07-31 23:26 . 2010-03-13 03:12 -------- d-----w- c:\program files\IObit2010-07-23 06:07 . 2010-04-18 05:03 737280 -c--a-w- c:\windows\iun6002.exe2010-07-17 19:46 . 2010-02-27 00:20 30912 -c-ha-w- c:\windows\system32\mlfcache.dat2010-07-15 22:00 . 2010-04-15 05:48 -------- d-----w- c:\program files\LimeWire2010-07-15 21:59 . 2010-04-15 05:52 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire2010-07-15 05:04 . 2010-01-24 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help2010-07-14 04:55 . 2010-05-02 19:53 -------- d-----w- c:\program files\Yahoo!2010-07-09 16:09 . 2010-02-24 04:05 -------- d-----w- c:\program files\Google2010-07-07 19:41 . 2010-05-19 06:16 -------- d-----w- c:\program files\epson2010-07-07 19:38 . 2010-04-18 04:34 -------- d-----w- c:\program files\Windows Media Connect 22010-07-07 19:22 . 2010-04-15 20:56 -------- d-----w- c:\documents and settings\User\Application Data\DivX2010-07-07 19:14 . 2010-02-23 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON2010-07-05 00:32 . 2010-04-01 21:13 -------- d-----w- c:\program files\Common Files\Adobe2010-06-30 18:20 . 2010-03-18 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX2010-06-30 05:35 . 2010-06-28 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\kingsoft2010-06-29 23:41 . 2010-06-28 03:05 -------- d-----w- c:\program files\Maxthon22010-06-29 23:36 . 2010-06-28 03:06 -------- d-----w- c:\documents and settings\User\Application Data\MxBoost2010-06-29 05:58 . 2010-06-29 05:58 29632 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-06-29 05:58 . 2010-01-24 19:13 -------- d-----w- c:\program files\Microsoft Security Essentials2010-06-28 19:30 . 2010-06-28 19:45 15728 ----a-w- c:\windows\system32\drivers\bootsafe.sys2010-06-28 19:30 . 2010-06-28 19:45 24472 ----a-w- c:\windows\system32\drivers\bc.sys2010-06-27 01:49 . 2010-06-27 01:49 -------- d-----w- c:\documents and settings\User\Application Data\RadioBar2010-06-24 04:19 . 2010-06-24 04:19 -------- d-----w- c:\program files\Conduit2010-06-13 01:12 . 2010-06-13 01:12 -------- d-----w- c:\documents and settings\User\Application Data\FlashGet2010-06-11 02:44 . 2010-03-25 01:13 29632 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-06-11 02:44 . 2010-06-11 02:44 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer2010-06-08 02:15 . 2010-02-24 03:07 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer2010-06-07 06:10 . 2010-06-07 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-06-07 06:07 . 2010-02-24 02:56 -------- d-----w- c:\program files\Common Files\Apple2010-06-07 05:58 . 2010-06-07 05:56 -------- d-----w- c:\program files\QuickTime2010-06-07 05:56 . 2010-02-24 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer2010-06-07 05:50 . 2010-06-07 05:50 -------- d-----w- c:\program files\Apple Software Update2010-06-07 05:43 . 2010-06-07 05:43 -------- d-----w- c:\program files\Bonjour2010-06-01 17:37 . 2010-01-24 19:16 221568 -c----w- c:\windows\system32\MpSigStub.exe2010-05-20 22:40 . 2010-05-20 22:39 20 -c--a-w- c:\documents and settings\User\Application Data\qvjsge.dat2010-05-11 01:51 . 2010-02-28 21:40 286720 -c----w- c:\windows\Setup1.exe.------- Sigcheck -------[-] 2009-12-14 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sysc:\windows\System32\wscntfy.exe ... is missing !!c:\windows\System32\regsvc.dll ... is missing !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-04-23 1668920]"ralom"="c:\program files\pcsgvmbqezmzr\jdqguja.exe" [2006-01-09 2184844][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]"ralom"="c:\program files\pcsgvmbqezmzr\jdqguja.exe" [2006-01-09 2184844]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"_nltide_3"="advpack.dll" [2009-03-08 128512][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableCAD"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"NoResolveTrack"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service"[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Hibernate mode.lnk]path=c:\documents and settings\User\Start Menu\Programs\Startup\Hibernate mode.lnkbackup=c:\windows\pss\Hibernate mode.lnkStartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcutHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheckHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControlHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swgHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2010-06-09 08:06 976832 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2010-04-12 22:46 1135912 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2010-07-09 17:40 136176 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]2004-08-04 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]2004-08-04 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Desktop\\Mydocuments\\Babin\\Mpk.exe"="c:\\Desktop\\Mydocuments\\Babin\\MpkView.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R0 ndisex;ndisex;c:\windows\system32\drivers\ndisex.sys [3/17/2010 12:20 PM 18432]R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [1/24/2010 3:12 PM 53248]R1 atapint;atapint;c:\windows\system32\drivers\atapint.sys [3/17/2010 12:20 PM 18944]S1 asyncm2k;asyncm2k;c:\windows\system32\drivers\asyncm2k.sys --> c:\windows\system32\drivers\asyncm2k.sys [?]S2 KAVSafe;KAVSafe;\??\c:\windows\system32\Drivers\KAVSafe.sys --> c:\windows\system32\Drivers\KAVSafe.sys [?]S3 cpuz130;cpuz130;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [10/19/2007 1:50 AM 24320]--- Other Services/Drivers In Memory ---*NewlyCreated* - HELPSVC.Contents of the 'Scheduled Tasks' folder2010-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1364589140-1177238915-1001Core.job- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 17:40]2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1364589140-1177238915-1001UA.job- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-09 17:40]2010-08-04 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]2010-08-04 c:\windows\Tasks\User_Feed_Synchronization-{2D012A41-B16D-4D9C-ABA4-BEEA2361171D}.job- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.commStart Page = ${URL_STARTPAGE}mSearch Bar = hxxp://www.google.comuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlTrusted Zone: kuaiche.com\softwareDPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} - hxxp://images.friendster.com/201003A-017/js/aurigma/FriendsterImageUploader.cab.- - - - ORPHANS REMOVED - - - -BHO-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)Toolbar-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exeMSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exeMSConfigStartUp-Uniblue SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-04 12:53Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,70,d4,2d,da,5c,e6,4f,9b,8c,e5,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,70,d4,2d,da,5c,e6,4f,9b,8c,e5,\.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(932)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.Completion time: 2010-08-04 12:56:12ComboFix-quarantined-files.txt 2010-08-04 19:56Pre-Run: 7,225,823,232 bytes freePost-Run: 7,417,647,104 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin- - End Of File - - DDE971F0B874641539C39B680A043B9A Link to post Share on other sites More sharing options...
Staff screen317 Posted August 5, 2010 Staff ID:295841 Share Posted August 5, 2010 Hi,Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.Click Start Scanning.You should get a notification bar (on top) to install the ActiveX control. Click on it and select to install the ActiveX.Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.In case you are having problems with installing the ActiveX/starting the scan, please read here.Click the Full System Scan button.It will start to download scanner components and databases. This can take a while.The main scan will start.Once the scan has finished scanning, click the Automatic cleaning (recommended) buttonIt could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.The cleaning can take a while, so please be patient.Then click the Show report button and Copy/Paste what is present under results in your next reply.Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
infectedcomputer Posted August 6, 2010 Author ID:296497 Share Posted August 6, 2010 Scanning ReportThursday, August 5, 2010 13:46:43 - 16:50:01Computer name: Home ComputerScanning type: Scan system for malware, spyware and rootkitsTarget: C:\ D:\2 malware foundTrackingCookie.Doubleclick (spyware)System (Disinfected)Joke.FakePopup.A (virus)C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\BABIN\POPUP.EXE (Renamed & Submitted)StatisticsScanned:Files: 34409System: 2616Not scanned: 10Actions:Disinfected: 1Renamed: 1Deleted: 0Not cleaned: 0Submitted: 1Files not scanned:C:\HIBERFIL.SYSC:\PAGEFILE.SYSC:\WINDOWS\SYSTEM32\CONFIG\SAMC:\WINDOWS\SYSTEM32\CONFIG\DEFAULTC:\WINDOWS\SYSTEM32\CONFIG\SECURITYC:\WINDOWS\SYSTEM32\CONFIG\SOFTWAREC:\WINDOWS\SYSTEM32\CONFIG\SYSTEMC:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\4032C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\HSPERFDATA_USER\2488C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\MICROSOFT ANTIMALWARE\MPSCANCACHE-1.BINOptionsScanning engines:Scanning options:Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TARUse advanced heuristics Link to post Share on other sites More sharing options...
infectedcomputer Posted August 6, 2010 Author ID:296498 Share Posted August 6, 2010 Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. Microsoft Security Essentials successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 21 Adobe Flash Player 10.0.45.2 Adobe Reader 9.3.3 ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe ````````````````````````````````DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` Link to post Share on other sites More sharing options...
infectedcomputer Posted August 6, 2010 Author ID:296500 Share Posted August 6, 2010 Hi,I think the virus is now gone, because the antivirus does not detect it anymore. thanks! I still have one problem though. After the virus, the sound on my computer is gone. I cant watch videos with sound anymore. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 6, 2010 Staff ID:296966 Share Posted August 6, 2010 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.The sound issue is likely something with your sound driver.Right-click My Computer and click Properties. Navigate to Device Manager and see if there is a yellow exclamation mark next to your audio device. Link to post Share on other sites More sharing options...
infectedcomputer Posted August 7, 2010 Author ID:297112 Share Posted August 7, 2010 When i tried do the combofix uninstall, an error came up saying that windows cannot find combofix.I already fixed the sound. thanks! Link to post Share on other sites More sharing options...
Staff screen317 Posted August 8, 2010 Staff ID:297591 Share Posted August 8, 2010 Hi,Put a copy of ComboFix on your Desktop (do not run it, just put it there) and try again please.Good to hear the sound issue is fixed. What was wrong with it? Link to post Share on other sites More sharing options...
infectedcomputer Posted August 8, 2010 Author ID:297892 Share Posted August 8, 2010 Hi,Its still the same, windows cannot find combofix.I dont know what was wrong with the sound driver, but when the uninstalled it the sound came back. Link to post Share on other sites More sharing options...
infectedcomputer Posted August 8, 2010 Author ID:297895 Share Posted August 8, 2010 Hi,Can you help me with another problem i have? you see, every time i watch a video online, the internet connection suddenly stops working. If try to repair internet connection it says "cannot query tcip/ip". please help me, its starting to annoy me.Thanks in advance Link to post Share on other sites More sharing options...
Staff screen317 Posted August 10, 2010 Staff ID:298609 Share Posted August 10, 2010 Hi,Re: ComboFix, do this:Ensure that ComboFix is on your Desktop.Then click Start --> Run; enter this command exactly as shown:"%userprofile%\Desktop\ComboFix.exe" /uninstallPress Enter.Restart your computer.Now click Start --> Run, type cmd.exe and press Enter.Next, type in this command:ipconfig /flushdnsPress Enter. Restart your computer and see if the Internet issues persists.If no joy, access cmd.exe again. Enter this command:netsh winsock resetPress Enter, restart your computer and see if the issue is resolved. Link to post Share on other sites More sharing options...
infectedcomputer Posted August 11, 2010 Author ID:299139 Share Posted August 11, 2010 Hi,Windows still cannot find combofix and i am sure that the combofix icon is at my desktop.I already tried ipconfig /flushdns a long time ago but it did not workRe:netsh winsock resetnetsh is not recognized as an internal or external command, operable program or batch file. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 12, 2010 Staff ID:299512 Share Posted August 12, 2010 Hi,Does this file exist?C:\windows\sytem32\netsh.exePlease reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).See if ComboFix will uninstall from there. Link to post Share on other sites More sharing options...
infectedcomputer Posted August 14, 2010 Author ID:300504 Share Posted August 14, 2010 Hi,the file C:\windows\system32\netsh.exe does not exist, i tried looking for it in the internet, but did not find a site where i can download it Link to post Share on other sites More sharing options...
infectedcomputer Posted August 14, 2010 Author ID:300505 Share Posted August 14, 2010 Hi, can you please send me a link where i can download the file "netsh.exe" Link to post Share on other sites More sharing options...
Staff screen317 Posted August 16, 2010 Staff ID:301229 Share Posted August 16, 2010 Hi,My apologies for the delay.You will need your Windows XP CD. If you have it, then we can replace the file. Do you have it..?Also, you have uTorrent installed.Please see:HijackThis Forum PolicyWe will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.Uninstall it before proceeding please. Post a fresh DDS log after. Link to post Share on other sites More sharing options...
infectedcomputer Posted August 21, 2010 Author ID:303178 Share Posted August 21, 2010 Hi, No, i do not have the Windows xp cd.I already uninstalled uttorent. Link to post Share on other sites More sharing options...
infectedcomputer Posted August 21, 2010 Author ID:303180 Share Posted August 21, 2010 Hi, I did not put the Attach.txt but i put the DDS hereDDS (Ver_10-03-17.01) - NTFSx86 Run by User at 22:12:27.28 on Fri 08/20/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351.127 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\program files\pcsgvmbqezmzr\jdqguja.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\program files\pcsgvmbqezmzr\jdqguja.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\msiexec.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\User\Desktop\Virus Fiixing\dds.scr============== Pseudo HJT Report ===============mSearch Bar = hxxp://www.google.comuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: H - No FileBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dlluRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTOuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [soundMan] SOUNDMAN.EXEmRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNCmRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,NuPolicies-explorer: NoResolveTrack = 1 (0x1)uPolicies-explorer: NoSMMyPictures = 1 (0x1)uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)mPolicies-system: DisableCAD = 1 (0x1)dPolicies-explorer: NoSMHelp = 1 (0x1)dPolicies-explorer: NoResolveTrack = 1 (0x1)dPolicies-explorer: NoSMMyPictures = 1 (0x1)dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllTrusted Zone: google.com\wwwDPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/stg_drm.ocxDPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271369202235DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.solidaxision.com/setup/solidstateion.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocxDPF: {D84EB4B0-BFA9-4B0C-B75A-17ABAD45ABB7} - hxxp://images.friendster.com/201003A-017/js/aurigma/FriendsterImageUploader.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File============= SERVICES / DRIVERS ===============R0 ndisex;ndisex;c:\windows\system32\drivers\ndisex.sys [2010-3-17 18432]R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2010-1-24 53248]R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2010-1-23 21144]R1 atapint;atapint;c:\windows\system32\drivers\atapint.sys [2010-3-17 18944]R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-8-7 54760]S1 asyncm2k;asyncm2k;c:\windows\system32\drivers\asyncm2k.sys --> c:\windows\system32\drivers\asyncm2k.sys [?]S2 KAVSafe;KAVSafe;\??\c:\windows\system32\drivers\kavsafe.sys --> c:\windows\system32\drivers\KAVSafe.sys [?]S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]S3 cpuz132;cpuz132;\??\c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys [?]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2010-1-24 714240]S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]S3 tapavpn;Steganos Anonym VPN Adapter;c:\windows\system32\drivers\tapavpn.sys [2007-10-19 24320]=============== Created Last 30 ================2010-08-14 20:24:02 0 d-----w- c:\program files\Epson Software2010-08-12 21:14:49 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll2010-08-12 21:14:41 149504 ------w- c:\windows\system32\dllcache\schannel.dll2010-08-07 17:44:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!2010-08-07 17:39:27 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys2010-08-07 17:35:21 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition2010-08-07 16:45:43 0 d-----w- c:\program files\Messenger Plus! Live2010-08-07 05:14:32 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MPK2010-08-06 01:51:55 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters2010-08-05 20:45:20 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure2010-08-05 08:11:52 0 d-----w- c:\program files\Paint.NET2010-08-05 06:19:54 0 d-----r- C:\AHCache2010-08-04 21:56:04 0 d-----w- c:\windows\system32\wbem\snmp2010-08-04 21:56:03 0 d-----w- c:\windows\srchasst2010-08-04 21:56:01 0 d-----w- c:\windows\system32\xircom2010-08-04 21:56:01 0 d-----w- c:\program files\msn gaming zone2010-08-04 21:55:59 0 d-----w- c:\windows\system32\inetsrv2010-08-04 21:55:59 0 d-----w- c:\windows\msagent2010-08-04 19:32:50 0 d-sha-r- C:\cmdcons2010-08-04 19:29:27 98816 ----a-w- c:\windows\sed.exe2010-08-04 19:29:27 77312 ----a-w- c:\windows\MBR.exe2010-08-04 19:29:27 256512 ----a-w- c:\windows\PEV.exe2010-08-04 19:29:27 161792 ----a-w- c:\windows\SWREG.exe2010-08-03 02:25:16 8462336 ------w- c:\windows\system32\dllcache\shell32.dll2010-08-01 21:53:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-01 17:48:24 0 ----a-w- c:\documents and settings\user\defogger_reenable2010-08-01 17:30:24 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat2010-08-01 01:20:31 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes2010-07-31 23:54:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-07-31 23:27:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-07-31 23:26:32 0 d-----w- c:\program files\Pando Networks2010-07-31 23:26:32 0 d-----w- c:\program files\Monopoly City2010-07-31 23:26:32 0 d-----w- c:\program files\Fizzy2010-07-31 23:26:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files2010-07-31 23:26:27 0 d-----w- c:\windows\Virtual Families2010-07-31 23:26:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Cached Installations2010-07-31 23:26:25 0 d-----w- c:\docume~1\user\applic~1\SpinTop2010-07-31 23:26:22 0 d-----w- c:\windows\Diner Dash Flo Through Time2010-07-31 22:24:20 0 d-----w- c:\windows\system32\XPSViewer2010-07-31 19:32:43 73728 ----a-w- c:\windows\system32\javacpl.cpl2010-07-31 19:32:42 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-07-30 22:19:38 0 d-----w- c:\windows\uninstall2010-07-30 19:05:56 0 d-----w- c:\windows\system32\wbem\Repository2010-07-29 19:08:31 0 d-----w- c:\program files\Cheat Engine2010-07-27 20:58:41 224 ----a-w- c:\windows\system32\9B13A86D.plf2010-07-27 04:12:18 0 d-----w- c:\docume~1\user\applic~1\Pogo2010-07-27 04:12:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Pogo2010-07-23 20:46:27 25 ----a-w- c:\windows\popcinfot.dat2010-07-23 06:09:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia2010-07-23 06:08:26 19 ----a-w- c:\windows\popcinfo.dat2010-07-22 16:54:07 0 d-----w- C:\Desktop2010-07-22 16:08:09 642 ----a-w- c:\windows\system32\runkgb.lnk==================== Find3M ====================2010-08-03 20:09:15 2589 -c--a-w- c:\windows\system32\comcat.dll2010-07-23 06:07:40 737280 -c--a-w- c:\windows\iun6002.exe2010-07-17 19:46:07 30912 -c-ha-w- c:\windows\system32\mlfcache.dat2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-28 19:30:41 15728 ----a-w- c:\windows\system32\drivers\bootsafe.sys2010-06-28 19:30:32 24472 ----a-w- c:\windows\system32\drivers\bc.sys2010-06-25 00:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll2010-06-24 12:22:01 611840 ------w- c:\windows\system32\dllcache\mstime.dll2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll2010-06-01 17:37:48 221568 -c----w- c:\windows\system32\MpSigStub.exe============= FINISH: 22:13:03.11 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted August 22, 2010 Staff ID:303518 Share Posted August 22, 2010 Hi,Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall Service Pack 3.When that completes, restart your computer. Download Service Pack 3 from here:http://www.microsoft.com/downloads/details...;displaylang=enEnsure that all security programs are disabled, then install it. Restart your computer and run ComboFix again; post its log. Link to post Share on other sites More sharing options...
Recommended Posts