Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DHL Virus removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 rroup

rroup

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 09 November 2009 - 06:37 PM

I cannot believe I opened this from DHL claiming I missed a delivery. I knew once I clicked it I was in for some trouble. After reading similar posts and their problems, I know this DHL email is the cause. Bascially, it has taken over my internet explorer.

I've ran every Symantec scan, quick scan, full scan, deep scans and no luck.
Here are the reports:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Russell at 15:13:46.28 on Mon 11/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1256 [GMT -8:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\PFU\ScanSnap!\CardMinder\CardLauncher.exe
C:\Program Files\PFU\ScanSnap!\PDF Thumbnail View\pdfquickview.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\PFU\ScanSnap!\CardMinder\bcd_file\SbCRecE.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\PFU\ScanSnap!\Driver\PfuSsMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Russell\Local Settings\Temporary Internet Files\Content.IE5\KZ5TZA6I\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080810
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
{0ed403e8-470a-4a8a-85a4-d7688cfe39a3}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [CardMinder] c:\program files\pfu\scansnap!\cardminder\CardLauncher.exe
mRun: [Pdfquickview] c:\program files\pfu\scansnap!\pdf thumbnail view\pdfquickview.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TeletracFDC_Update] c:\program files\teletrac\fleet director client\FdcAutoUpdate.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\russell\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap!\driver\PfuSsMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A0D43FB0-116B-47AB-80FB-6DCFA92A03E3} - hxxp://irv.atlas.nvr.fde.net/nvUtility.dll
DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} - hxxp://irv.atlas.nvr.fde.net/nvUnifiedControl.ocx
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 163840]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]

=============== Created Last 30 ================

2009-11-09 22:21:41 23392 ----a-w- c:\windows\system32\nscompat.tlb
2009-11-09 22:21:41 16832 ----a-w- c:\windows\system32\amcompat.tlb
2009-11-07 15:36:30 0 d-----w- c:\program files\iPod
2009-11-07 15:36:25 0 d-----w- c:\program files\iTunes
2009-11-07 15:36:25 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-03 19:49:29 0 d-----w- c:\docume~1\russell\applic~1\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1

==================== Find3M ====================

2009-11-09 22:34:29 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-09 22:34:25 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 04:08:54 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:28:59 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18:44 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18:41 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 15:16:05 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2008-12-04 19:06:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120420081205\index.dat

============= FINISH: 15:14:04.84 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/14/2008 5:44:19 PM
System Uptime: 11/9/2009 2:34:10 PM (1 hours ago)

Motherboard: Dell Inc. | | 0TP412
Processor: Intel® Core™2 Duo CPU E4600 @ 2.40GHz | CPU | 2394/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 105.664 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP425: 8/12/2009 3:00:13 AM - Software Distribution Service 3.0
RP426: 8/13/2009 4:06:40 AM - System Checkpoint
RP427: 8/14/2009 8:45:29 AM - System Checkpoint
RP428: 8/15/2009 1:37:13 AM - Software Distribution Service 3.0
RP429: 8/15/2009 3:00:13 AM - Software Distribution Service 3.0
RP430: 8/15/2009 3:08:35 AM - Printer Driver Microsoft XPS Document Writer Installed
RP431: 8/16/2009 3:00:12 AM - Software Distribution Service 3.0
RP432: 8/17/2009 3:32:04 AM - System Checkpoint
RP433: 8/17/2009 6:19:52 PM - Software Distribution Service 3.0
RP434: 8/18/2009 7:32:04 PM - System Checkpoint
RP435: 8/19/2009 9:32:01 PM - System Checkpoint
RP436: 8/20/2009 8:19:22 AM - Software Distribution Service 3.0
RP437: 8/21/2009 9:33:07 AM - System Checkpoint
RP438: 8/22/2009 9:49:48 AM - System Checkpoint
RP439: 8/23/2009 11:44:37 AM - System Checkpoint
RP440: 8/24/2009 1:03:12 PM - System Checkpoint
RP441: 8/24/2009 2:25:41 PM - Software Distribution Service 3.0
RP442: 8/25/2009 3:00:40 PM - System Checkpoint
RP443: 8/26/2009 5:27:28 PM - System Checkpoint
RP444: 8/27/2009 3:00:14 AM - Software Distribution Service 3.0
RP445: 8/27/2009 9:44:43 PM - Software Distribution Service 3.0
RP446: 8/28/2009 10:11:01 PM - System Checkpoint
RP447: 8/30/2009 12:11:01 AM - System Checkpoint
RP448: 8/31/2009 2:11:01 AM - System Checkpoint
RP449: 8/31/2009 8:24:44 PM - Software Distribution Service 3.0
RP450: 9/1/2009 2:27:55 PM - Installed Compatibility Pack for the 2007 Office system
RP451: 9/2/2009 3:00:13 AM - Software Distribution Service 3.0
RP452: 9/3/2009 4:33:45 AM - System Checkpoint
RP453: 9/3/2009 8:24:43 AM - Software Distribution Service 3.0
RP454: 9/4/2009 3:00:13 AM - Software Distribution Service 3.0
RP455: 9/5/2009 4:05:18 AM - System Checkpoint
RP456: 9/6/2009 6:05:18 AM - System Checkpoint
RP457: 9/7/2009 8:05:19 AM - System Checkpoint
RP458: 9/7/2009 4:23:15 PM - Software Distribution Service 3.0
RP459: 9/8/2009 5:25:12 PM - System Checkpoint
RP460: 9/9/2009 3:00:16 AM - Software Distribution Service 3.0
RP461: 9/10/2009 4:05:19 AM - System Checkpoint
RP462: 9/10/2009 9:08:12 PM - Software Distribution Service 3.0
RP463: 9/11/2009 9:48:37 PM - System Checkpoint
RP464: 9/12/2009 11:21:40 PM - System Checkpoint
RP465: 9/14/2009 1:21:41 AM - System Checkpoint
RP466: 9/14/2009 7:14:58 AM - Software Distribution Service 3.0
RP467: 9/15/2009 7:21:40 AM - System Checkpoint
RP468: 9/16/2009 7:33:40 AM - System Checkpoint
RP469: 9/17/2009 10:52:53 AM - System Checkpoint
RP470: 9/17/2009 12:36:00 PM - Software Distribution Service 3.0
RP471: 9/18/2009 2:40:49 PM - System Checkpoint
RP472: 9/19/2009 3:21:40 PM - System Checkpoint
RP473: 9/20/2009 5:21:40 PM - System Checkpoint
RP474: 9/21/2009 2:11:11 PM - Software Distribution Service 3.0
RP475: 9/22/2009 2:16:43 PM - System Checkpoint
RP476: 9/23/2009 3:50:13 PM - System Checkpoint
RP477: 9/25/2009 6:37:23 AM - Software Distribution Service 3.0
RP478: 9/26/2009 6:38:46 AM - System Checkpoint
RP479: 9/27/2009 8:39:50 AM - System Checkpoint
RP480: 9/28/2009 2:05:55 PM - System Checkpoint
RP481: 9/28/2009 5:13:23 PM - Software Distribution Service 3.0
RP482: 9/29/2009 6:49:33 PM - System Checkpoint
RP483: 9/30/2009 8:38:49 PM - System Checkpoint
RP484: 10/1/2009 10:38:46 PM - System Checkpoint
RP485: 10/2/2009 10:14:57 PM - Software Distribution Service 3.0
RP486: 10/3/2009 10:38:44 PM - System Checkpoint
RP487: 10/5/2009 12:38:44 AM - System Checkpoint
RP488: 10/5/2009 9:48:25 AM - Software Distribution Service 3.0
RP489: 10/6/2009 10:38:44 AM - System Checkpoint
RP490: 10/7/2009 6:50:57 PM - System Checkpoint
RP491: 10/8/2009 5:38:56 PM - Software Distribution Service 3.0
RP492: 10/9/2009 5:53:03 PM - System Checkpoint
RP493: 10/10/2009 7:53:04 PM - System Checkpoint
RP494: 10/11/2009 9:53:03 PM - System Checkpoint
RP495: 10/12/2009 10:23:42 PM - Software Distribution Service 3.0
RP496: 10/13/2009 11:53:03 PM - System Checkpoint
RP497: 10/15/2009 1:53:03 AM - System Checkpoint
RP498: 10/15/2009 11:30:54 PM - Software Distribution Service 3.0
RP499: 10/16/2009 3:00:16 AM - Software Distribution Service 3.0
RP500: 10/17/2009 3:11:53 AM - System Checkpoint
RP501: 10/18/2009 5:11:54 AM - System Checkpoint
RP502: 10/19/2009 7:11:54 AM - System Checkpoint
RP503: 10/19/2009 9:56:45 AM - Software Distribution Service 3.0
RP504: 10/20/2009 2:50:26 PM - System Checkpoint
RP505: 10/21/2009 4:56:53 PM - System Checkpoint
RP506: 10/22/2009 3:00:13 AM - Software Distribution Service 3.0
RP507: 10/22/2009 8:19:30 PM - Software Distribution Service 3.0
RP508: 10/23/2009 9:07:43 PM - System Checkpoint
RP509: 10/24/2009 9:08:49 PM - System Checkpoint
RP510: 10/25/2009 11:07:43 PM - System Checkpoint
RP511: 10/26/2009 8:34:46 AM - Software Distribution Service 3.0
RP512: 10/27/2009 8:45:37 AM - System Checkpoint
RP513: 10/28/2009 1:30:57 PM - System Checkpoint
RP514: 10/29/2009 2:46:49 PM - System Checkpoint
RP515: 10/29/2009 6:37:43 PM - Software Distribution Service 3.0
RP516: 10/30/2009 7:53:59 PM - System Checkpoint
RP517: 10/31/2009 9:54:00 PM - System Checkpoint
RP518: 11/1/2009 11:53:59 PM - System Checkpoint
RP519: 11/2/2009 10:22:26 PM - Software Distribution Service 3.0
RP520: 11/3/2009 11:22:55 PM - System Checkpoint
RP521: 11/4/2009 4:00:14 AM - Software Distribution Service 3.0
RP522: 11/5/2009 4:58:20 AM - System Checkpoint
RP523: 11/5/2009 10:36:41 AM - Software Distribution Service 3.0
RP524: 11/6/2009 12:16:04 PM - System Checkpoint
RP525: 11/7/2009 2:23:22 AM - Software Distribution Service 3.0
RP526: 11/8/2009 1:47:11 AM - System Checkpoint
RP527: 11/9/2009 3:47:10 AM - System Checkpoint
RP528: 11/9/2009 1:12:06 PM - Removed Java™ 6 Update 7
RP529: 11/9/2009 1:18:55 PM - Removed Java™ 6 Update 5
RP530: 11/9/2009 2:56:54 PM - Removed FOX News Live Stream
RP531: 11/9/2009 3:13:02 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 7.0
Adobe Reader 9.1
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 4.7
BlackBerry® Media Sync
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Brother HL-5240
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell ETS Factory Installation
FleetDirector eClient
Google Earth
Google Toolbar for Internet Explorer
Google Updater
GoToMeeting 4.1.0.366
GoToMyPC
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel® Matrix Storage Manager
iTunes
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSXML 6 Service Pack 2 (KB954459)
NVIDIA Drivers
PartyCAD10
PhotoScape
PowerDVD
QuickBooks Pro 2007
QuickBooks Product Listing Service
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Media Manager
Roxio Update Manager
Safari
ScanSnap!
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 3.8
Sonic CinePlayer Decoder Pack
SupportSoft Assisted Service
Symantec AntiVirus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VNC Free Edition 4.1.2
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Search 4.0
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

11/5/2009 10:37:45 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
11/4/2009 10:55:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

==== End Of File ===========================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/09 15:17
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xAE1A4000 Size: 819200 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xBA2A8000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091106.003\EraserUtilDrvI9.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89c44520

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:17 AM

Posted 16 November 2009 - 02:26 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please. Describe also remaining issues.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:17 AM

Posted 22 November 2009 - 08:15 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users