Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with mtn6.com-com.ws and Auot-Portect Results pop-up


  • This topic is locked This topic is locked
2 replies to this topic

#1 bsteele321

bsteele321

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 17 January 2009 - 05:53 PM

I keep having these mtn6.com-com.ws pop ups saying I won stuff. Also, keep having Auto-Protect Results pop up and save I have some Trojan Horse virus. These pop up often making it very difficult to use the computer.


DDS (Ver_09-01-07.01) - FAT32x86
Run by ALAWRENCE at 17:40:20.45 on Sat 01/17/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.69 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\ALAWRENCE\Application Data\gadcom\gadcom.exe
C:\Documents and Settings\ALAWRENCE\Application Data\Twain\Twain.exe
C:\PROGRA~1\COMMON~1\urfo\urfom.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\urfo\urfoa.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\ALAWRENCE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mWinlogon: System=ziswin.exe
BHO: {b81b46a3-33ba-efeb-d084-7436ec397a44}: {44a793ce-6347-480d-befe-ab333a64b18b} - c:\windows\system32\rpmyqd.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\nnnmlMcb.dll
BHO: {8de322c6-8cea-4c68-8303-1220213fb0e4} - c:\windows\system32\nnnnKawv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [gadcom] "c:\documents and settings\alawrence\application data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
uRun: [Twain] c:\documents and settings\alawrence\application data\twain\Twain.exe
uRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -rem
uRun: [urfo] c:\progra~1\common~1\urfo\urfom.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [bascstray] BascsTray.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [AdaptecDirectCD] c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [ZCfgSvc.exe] c:\windows\system32\ZCfgSvc.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [3f301644] rundll32.exe "c:\windows\system32\tshoomkg.dll",b
StartupFolder: c:\docume~1\alawre~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\pcounter\WBALANCE.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\dell\bluetooth software\BTTray.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\dell\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: nnnmlMcb - nnnmlMcb.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: rpmyqd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\nnnmlMcb.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnnKawv

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alawre~1\applic~1\mozilla\firefox\profiles\17wd0svh.default\
FF - plugin: c:\documents and settings\alawrence\application data\mozilla\firefox\profiles\17wd0svh.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\j2re1.4.1_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.1_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.1_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.1_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.1_02\bin\NPJPI141_02.dll
FF - plugin: c:\program files\java\j2re1.4.1_02\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava12.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJPI141_02.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPXPEE.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090117.006\naveng.sys [2009-1-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090117.006\navex15.sys [2009-1-17 876112]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [2003-8-25 92550]
R4 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2003-8-26 3712]
S3 EL3C574;FE574B-3Com 10/100 LAN PCCard Device Driver;c:\windows\system32\drivers\el574nd4.sys [2005-4-27 24653]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2003-8-26 54272]
S4 ousbehci;NEC PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\ousbehci.sys [2003-8-26 39296]

=============== Created Last 30 ================

2009-01-17 16:51 <DIR> --d----- c:\program files\CCleaner
2009-01-17 16:22 1,404,867 ---sh--- c:\windows\system32\gkmoohst.ini
2009-01-17 16:22 72,704 a------- c:\windows\system32\tshoomkg.dll
2009-01-11 15:46 129,024 -------- c:\windows\system32\rpmyqd.dll
2009-01-11 15:46 129,024 a------- c:\windows\system32\sqemmbjl.dll
2009-01-11 15:45 1,404,867 ---sh--- c:\windows\system32\rrfleuyc.ini
2009-01-11 15:45 72,704 -------- c:\windows\system32\cyuelfrr.dll
2009-01-10 11:17 129,024 a------- c:\windows\system32\timzcb.dll
2009-01-10 11:17 129,024 a------- c:\windows\system32\wkidbpwl.dll
2009-01-10 11:17 1,256,329 ---sh--- c:\windows\system32\jvmmrhrg.ini
2009-01-10 11:17 72,704 a------- c:\windows\system32\grhrmmvj.dll
2009-01-09 20:02 129,024 a------- c:\windows\system32\tljxrrrd.dll
2009-01-09 19:59 1,248,432 ---sh--- c:\windows\system32\ojimqush.ini
2009-01-08 19:59 129,024 a------- c:\windows\system32\yvbmepcd.dll
2009-01-08 19:56 1,250,178 ---sh--- c:\windows\system32\tphrdrae.ini
2009-01-08 19:56 72,704 a------- c:\windows\system32\eardrhpt.dll
2009-01-04 19:37 1,307,356 ---sh--- c:\windows\system32\qryahhfd.ini
2009-01-04 19:33 129,024 a------- c:\windows\system32\vwkqwu.dll
2009-01-04 19:33 129,024 a------- c:\windows\system32\ksriomrk.dll
2009-01-04 15:45 1,307,356 ---sh--- c:\windows\system32\dkstsudy.ini
2009-01-04 15:37 129,024 a------- c:\windows\system32\ihamaves.dll
2009-01-03 19:00 <DIR> --d----- c:\program files\common files\urfo
2009-01-03 19:00 127,578 a------- c:\windows\system32\tsuninst.exe
2009-01-03 19:00 <DIR> --d----- c:\windows\urfo
2009-01-03 19:00 <DIR> --d----- c:\program files\InetGet2
2009-01-03 10:06 129,024 a------- c:\windows\system32\drnydj.dll
2009-01-03 10:06 129,024 a------- c:\windows\system32\nmetcmll.dll
2009-01-03 10:03 1,307,356 ---sh--- c:\windows\system32\ugvkbxee.ini
2009-01-03 10:03 72,704 a------- c:\windows\system32\eexbkvgu.dll
2008-12-29 22:36 <DIR> --d----- c:\docume~1\alawre~1\applic~1\Sammsoft
2008-12-29 22:35 <DIR> --d----- c:\program files\Advanced Registry Optimizer
2008-12-29 21:21 <DIR> --d----- c:\program files\Western Digital
2008-12-29 21:20 <DIR> --d----- c:\program files\Western Digital Technologies
2008-12-29 21:11 1,307,934 ---sh--- c:\windows\system32\cphogipp.ini
2008-12-29 08:07 129,024 a------- c:\windows\system32\ggcgibmk.dll

==================== Find3M ====================

2008-12-17 20:45 72,704 a------- c:\windows\system32\qnymirta.dll
2008-12-17 20:42 129,024 a------- c:\windows\system32\vwuaeaxb.dll
2008-12-17 20:42 129,024 a------- c:\windows\system32\itbbuc.dll
2008-12-14 19:07 129,024 a------- c:\windows\system32\slsfihxv.dll
2008-12-14 19:07 129,024 a------- c:\windows\system32\freqai.dll
2008-12-14 19:04 302,592 a------- c:\windows\system32\nnnnKawv.dll
2008-12-14 18:58 34,816 -------- c:\windows\system32\nnnmlMcb.dll
2008-12-14 18:58 22,016 a------- c:\windows\system32\~.exe
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 -------- c:\windows\system32\dllcache\gdi32.dll
2008-04-05 10:12 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 17:43:27.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:11:43 AM

Posted 18 January 2009 - 02:09 AM

Hi bsteele321
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.


I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Please post back so I know you still require help.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:43 PM

Posted 15 February 2009 - 02:23 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users