Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde viruses found by SpybotS&D.


  • This topic is locked This topic is locked
11 replies to this topic

#1 YumYumPB&J

YumYumPB&J

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 20 January 2009 - 05:25 PM

Hello everyone! First I must say I am very impressed by the way technical issues are resolved on this forum! Secondly, my problem started a few months ago when I tried to download a file-cracker or something (I'm not too computer savvy). I am, however, an online gamer and after the virus surpassed my McAfee and disabled Window's Update, I downloaded a free Norton and somehow managed to get the pop-ups to stop, etc. Unfortunately, whenever I am playing my online game, the animation and music are now skipping in a loop, then speed up and return to normal. I am not sure if the virus is causing this or another issue (I can only assume the virus is the culprit since the skipping happened right after I attempted to get rid of it).

I've uninstalled and re-installed the game but to no avail. Norton Anti-virus said my PC was clean but upon the advice of a gamer on a forum, I downloaded Spybot yesterday only to discover the Virtumonde virus as well as some other spyware. I then ran Combofix but I shortly uninstalled it so I don't know if I still have the logs. The problem within my game still persists, so I downloaded HiJackthis and this is the result:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:00 PM, on 1/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...houseplayer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.16.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...sh.1.0.0.47.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8680 bytes



I don't know what's wrong with my laptop and it's so terrifying to me since the Recovery CD is in another state and not currently accessible. Any help is greatly and humbly appreciated. Thank you!!

Edited by YumYumPB&J, 20 January 2009 - 07:01 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 30 January 2009 - 04:56 PM

Hello YumYumPB&J.

Looks like it was removed. Let's see if there's anything left.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#3 YumYumPB&J

YumYumPB&J
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 31 January 2009 - 07:08 PM

OK, I'm running the DDS scan right now. Everything was going fine on my PC. But now my Windows Security Alert shield icon is in my system trays saying that my computer may be at risk, even though I didn't turn if off (nor can I turn it back on through the Security Center). I was watching some shows on surfthechannel.com before the icon appeared. I'm also getting pop ups now and virus warnings... Please help!



DDS (Ver_09-01-07.01) - NTFSx86
19:02:36.12 on Sat 01/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.42 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOCUME~1\TANGER~1\LOCALS~1\Temp\sasC2.tmp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tangeria Adams\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {8a83c118-5dae-4c6a-aacf-3750f4271c12} - c:\windows\system32\iifDuSMf.dll
BHO: {3c52a24c-b852-a74b-5504-fa4c061817bd}: {db718160-c4af-4055-b47a-258bc42a25c3} - c:\windows\system32\gnbsei.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [GetModule36] c:\program files\getmodule\GetModule36.exe
uRun: [cogad] "c:\documents and settings\tangeria adams\application data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [0c458226] rundll32.exe "c:\windows\system32\gelwjyxy.dll",b
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
Notify: rqRJYrqq - rqRJYrqq.dll
AppInit_DLLs: gnbsei.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\rqRJYrqq.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\iifDuSMf

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tanger~1\applic~1\mozilla\firefox\profiles\m9r5odky.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - msn.com
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R4 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2009-1-21 419448]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-12-14 359248]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-22 24652]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-12-14 695624]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-14 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-14 35240]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-14 201288]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-12-14 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-12-14 40488]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\tanger~1\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\tanger~1\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]

=============== Created Last 30 ================

2009-01-31 18:53 129,024 a------- c:\windows\system32\gnbsei.dll
2009-01-31 18:53 129,024 a------- c:\windows\system32\hbygytkp.dll
2009-01-31 18:53 1,464,294 ---sh--- c:\windows\system32\yxyjwleg.ini
2009-01-31 18:52 72,704 a------- c:\windows\system32\gelwjyxy.dll
2009-01-31 18:34 276,549 a--sh--- c:\windows\system32\fMSuDfii.ini2
2009-01-31 18:34 276,549 a--sh--- c:\windows\system32\fMSuDfii.ini
2009-01-31 18:33 315,904 a------- c:\windows\system32\iifDuSMf.dll
2009-01-31 18:28 <DIR> --d----- c:\docume~1\tanger~1\applic~1\cogad
2009-01-31 18:28 <DIR> --d----- c:\docume~1\tanger~1\applic~1\GetModule
2009-01-31 18:28 48,128 a------- c:\windows\system32\geBqoNdE.dll
2009-01-31 18:28 <DIR> --d----- c:\program files\GetModule
2009-01-31 18:28 <DIR> --d----- c:\program files\iCheck
2009-01-31 18:28 36,352 a------- c:\windows\system32\rqRJYrqq.dll
2009-01-31 18:28 198,706 a------- c:\windows\system32\wpv181233435211.cpx
2009-01-31 18:28 24,576 a------- c:\windows\system32\~.exe
2009-01-21 12:29 <DIR> --d----- c:\program files\a-squared Anti-Malware
2009-01-20 23:50 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-01-20 23:42 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-20 23:42 <DIR> --d----- c:\windows\Logs
2009-01-20 17:04 <DIR> --d----- c:\program files\Trend Micro
2009-01-19 20:42 <DIR> -cd----- C:\ComboFix
2009-01-19 17:18 <DIR> --d----- c:\docume~1\tanger~1\applic~1\Malwarebytes
2009-01-19 17:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-19 17:02 <DIR> acdshr-- C:\cmdcons
2009-01-19 13:19 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-19 13:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-18 03:32 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-17 13:46 <DIR> --d----- c:\docume~1\tanger~1\applic~1\BitTorrent
2009-01-17 13:46 <DIR> --d----- c:\program files\BitTorrent
2009-01-11 12:38 61,224 a------- c:\documents and settings\tangeria adams\GoToAssistDownloadHelper.exe
2009-01-08 21:56 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-08 21:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-08 21:56 <DIR> --d----- c:\docume~1\tanger~1\applic~1\SUPERAntiSpyware.com
2009-01-08 21:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-08 21:49 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-08 21:49 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-08 21:49 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-08 21:49 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-08 21:49 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-08 21:49 <DIR> -cd----- C:\60e3bd64a13f799f74
2009-01-08 21:49 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-01-08 21:49 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-08 21:41 <DIR> -cd-hr-- C:\AHCache
2009-01-08 21:40 <DIR> -cd----- C:\682cdd437f60efab56
2009-01-06 11:59 172,032 a------- c:\windows\system32\igfxres.dll
2009-01-06 11:55 53,248 a------- c:\windows\system32\CSVer.dll
2009-01-06 11:06 <DIR> -cd----- C:\ta7i0v600

==================== Find3M ====================

2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-06-02 22:15 184 a------- c:\docume~1\tanger~1\applic~1\wklnhst.dat
2008-04-28 21:32 35,912 a------- c:\docume~1\tanger~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-12 07:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 19:04:46.98 ===============

Attached Files


Edited by YumYumPB&J, 31 January 2009 - 07:37 PM.


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 31 January 2009 - 07:44 PM

Hello YumYumPB&J.

You got reinfected :thumbup2: .

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simple double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.

Update Java to Version 6 Update 11
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please download the installer for Windows.32, here. Follow the prompts to install and delete the install after use.

Take a new DDS scan after and we'll clean up whats left.

With Regards,
The Panda

#5 YumYumPB&J

YumYumPB&J
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 31 January 2009 - 10:28 PM

Ok, I ran the Malwarbytes program and this is the log:

Malwarebytes' Anti-Malware 1.33
Database version: 1712
Windows 5.1.2600 Service Pack 3

1/31/2009 10:14:19 PM
mbam-log-2009-01-31 (22-14-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 150675
Time elapsed: 1 hour(s), 13 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 17
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\gelwjyxy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iifDuSMf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hbygytkp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gnbsei.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rqRJYrqq.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a83c118-5dae-4c6a-aacf-3750f4271c12} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8a83c118-5dae-4c6a-aacf-3750f4271c12} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db718160-c4af-4055-b47a-258bc42a25c3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db718160-c4af-4055-b47a-258bc42a25c3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8a83c118-5dae-4c6a-aacf-3750f4271c12} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db718160-c4af-4055-b47a-258bc42a25c3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrjyrqq (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0c458226 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule36 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifdusmf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifdusmf -> Delete on reboot.

Folders Infected:
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tangeria Adams\Application Data\cogad (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Tangeria Adams\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iifDuSMf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fMSuDfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fMSuDfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gnbsei.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gelwjyxy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yxyjwleg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbygytkp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Tangeria Adams\Application Data\cogad\cogad.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\rqRJYrqq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBqoNdE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tangeria Adams\Local Settings\Temporary Internet Files\Content.IE5\JB817JH8\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tangeria Adams\Local Settings\Temporary Internet Files\Content.IE5\QAT32FV0\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule36.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tangeria Adams\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tangeria Adams\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tangeria Adams\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv181233435211.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


**********************************************************************************************************************************

This is from the DSS:


DDS (Ver_09-01-07.01) - NTFSx86
22:21:09.32 on Sat 01/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.219 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tangeria Adams\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: gnbsei.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tanger~1\applic~1\mozilla\firefox\profiles\m9r5odky.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - msn.com
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R4 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2009-1-21 419448]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-12-14 359248]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-22 24652]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-12-14 695624]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-14 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-14 35240]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-14 201288]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-12-14 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-12-14 40488]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\tanger~1\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\tanger~1\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]

=============== Created Last 30 ================

2009-01-31 20:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-31 20:56 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 20:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-31 19:14 <DIR> -cd----- C:\fsaua.data
2009-01-21 12:29 <DIR> --d----- c:\program files\a-squared Anti-Malware
2009-01-20 23:50 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-01-20 23:42 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-20 23:42 <DIR> --d----- c:\windows\Logs
2009-01-20 17:04 <DIR> --d----- c:\program files\Trend Micro
2009-01-19 20:42 <DIR> -cd----- C:\ComboFix
2009-01-19 17:18 <DIR> --d----- c:\docume~1\tanger~1\applic~1\Malwarebytes
2009-01-19 17:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-19 17:02 <DIR> acdshr-- C:\cmdcons
2009-01-19 13:19 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-19 13:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-18 03:32 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-17 13:46 <DIR> --d----- c:\docume~1\tanger~1\applic~1\BitTorrent
2009-01-17 13:46 <DIR> --d----- c:\program files\BitTorrent
2009-01-11 12:38 61,224 a------- c:\documents and settings\tangeria adams\GoToAssistDownloadHelper.exe
2009-01-08 21:56 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-08 21:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-08 21:56 <DIR> --d----- c:\docume~1\tanger~1\applic~1\SUPERAntiSpyware.com
2009-01-08 21:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-08 21:49 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-08 21:49 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-08 21:49 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-08 21:49 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-08 21:49 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-08 21:49 <DIR> -cd----- C:\60e3bd64a13f799f74
2009-01-08 21:49 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-01-08 21:49 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-08 21:41 <DIR> -cd-hr-- C:\AHCache
2009-01-08 21:40 <DIR> -cd----- C:\682cdd437f60efab56
2009-01-06 11:59 172,032 a------- c:\windows\system32\igfxres.dll
2009-01-06 11:55 53,248 a------- c:\windows\system32\CSVer.dll
2009-01-06 11:06 <DIR> -cd----- C:\ta7i0v600

==================== Find3M ====================

2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-06-02 22:15 184 a------- c:\docume~1\tanger~1\applic~1\wklnhst.dat
2008-04-28 21:32 35,912 a------- c:\docume~1\tanger~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-12 07:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 22:21:37.04 ===============


Also, when I restarted the PC for Malwarebytes to remove the rest of the viruses I was getting ALOT of errors. Something about image errors or something. I'll write them down and edit the posts again. OK, I restarted the PC again and got no errors this time.

Attached Files


Edited by YumYumPB&J, 31 January 2009 - 10:38 PM.


#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 01 February 2009 - 12:01 PM

Hello YumYumPB&J.

MalwareBytes took out most of the infection.

Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"=""
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.

You had not updated you Java. Please do so. This is extremely important.

Post back with a fresh DDS.txt

With Regards,
The Panda

#7 YumYumPB&J

YumYumPB&J
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 01 February 2009 - 12:30 PM

I had updated the JavaScript but that was after the scans were done but they should show up now in the new DDS logs. Also, are there any additional left-over components of my old Anti-virus programs (Like McAfee & Norton)? Also, thank you for helping me!


:blink:DDS (Ver_09-01-07.01) - NTFSx86
12:25:53.54 on Sun 02/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.198 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2scan.exe
C:\Documents and Settings\Tangeria Adams\Desktop\dds.com
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tanger~1\applic~1\mozilla\firefox\profiles\m9r5odky.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - msn.com
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-14 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-14 35240]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-14 201288]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-12-14 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-12-14 40488]

=============== Created Last 30 ================

2009-01-31 22:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-31 22:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-31 20:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-31 20:56 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 20:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-31 19:14 <DIR> -cd----- C:\fsaua.data
2009-01-21 12:29 <DIR> --d----- c:\program files\a-squared Anti-Malware
2009-01-20 23:50 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-01-20 23:42 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-20 23:42 <DIR> --d----- c:\windows\Logs
2009-01-20 17:04 <DIR> --d----- c:\program files\Trend Micro
2009-01-19 20:42 <DIR> -cd----- C:\ComboFix
2009-01-19 17:18 <DIR> --d----- c:\docume~1\tanger~1\applic~1\Malwarebytes
2009-01-19 17:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-19 17:02 <DIR> acdshr-- C:\cmdcons
2009-01-19 13:19 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-19 13:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-18 03:32 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-17 13:46 <DIR> --d----- c:\docume~1\tanger~1\applic~1\BitTorrent
2009-01-17 13:46 <DIR> --d----- c:\program files\BitTorrent
2009-01-11 12:38 61,224 a------- c:\documents and settings\tangeria adams\GoToAssistDownloadHelper.exe
2009-01-08 21:56 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-08 21:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-08 21:56 <DIR> --d----- c:\docume~1\tanger~1\applic~1\SUPERAntiSpyware.com
2009-01-08 21:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-08 21:49 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-08 21:49 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-08 21:49 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-08 21:49 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-08 21:49 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-08 21:49 <DIR> -cd----- C:\60e3bd64a13f799f74
2009-01-08 21:49 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-01-08 21:49 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-08 21:41 <DIR> -cd-hr-- C:\AHCache
2009-01-08 21:40 <DIR> -cd----- C:\682cdd437f60efab56
2009-01-06 11:59 172,032 a------- c:\windows\system32\igfxres.dll
2009-01-06 11:55 53,248 a------- c:\windows\system32\CSVer.dll
2009-01-06 11:06 <DIR> -cd----- C:\ta7i0v600

==================== Find3M ====================

2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-06-02 22:15 184 a------- c:\docume~1\tanger~1\applic~1\wklnhst.dat
2008-04-28 21:32 35,912 a------- c:\docume~1\tanger~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-12 07:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 12:28:20.15 ===============

Attached Files



#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 01 February 2009 - 12:48 PM

Hello.

Looks good.

There are components of McAfee remaining. Run the McAfee removal tool to delete anything left.

What antivirus program are you planning to install?

Please take a new DDS.txt log after. If there is anything that is still around, we'll rip it out manually.

With Regards,
The Panda

#9 YumYumPB&J

YumYumPB&J
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 01 February 2009 - 01:51 PM

Again, I thank you. I have A-Squared Anti-virus downloaded but I don't think I'm fully utilizing it right now. I had to uninstall Norton because it was causing my online MMO to behave in an erratic way. Which anti-virus would you recommend?


DDS (Ver_09-01-07.01) - NTFSx86
13:50:02.70 on Sun 02/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.209 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tangeria Adams\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tanger~1\applic~1\mozilla\firefox\profiles\m9r5odky.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - msn.com
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R4 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2009-1-21 419448]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-22 24652]
S3 SVRPEDRV;SVRPEDRV;\??\c:\docume~1\tanger~1\locals~1\temp\rarsfx0\s10vwf\pedrv.sys --> c:\docume~1\tanger~1\locals~1\temp\rarsfx0\s10vwf\PEDrv.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]

=============== Created Last 30 ================

2009-01-31 22:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-31 22:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-31 20:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-31 20:56 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 20:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-31 19:14 <DIR> -cd----- C:\fsaua.data
2009-01-21 12:29 <DIR> --d----- c:\program files\a-squared Anti-Malware
2009-01-20 23:50 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-01-20 23:42 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-01-20 23:42 <DIR> --d----- c:\windows\Logs
2009-01-20 17:04 <DIR> --d----- c:\program files\Trend Micro
2009-01-19 20:42 <DIR> -cd----- C:\ComboFix
2009-01-19 17:18 <DIR> --d----- c:\docume~1\tanger~1\applic~1\Malwarebytes
2009-01-19 17:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-19 17:02 <DIR> acdshr-- C:\cmdcons
2009-01-19 13:19 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-19 13:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-18 03:32 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-17 13:46 <DIR> --d----- c:\docume~1\tanger~1\applic~1\BitTorrent
2009-01-17 13:46 <DIR> --d----- c:\program files\BitTorrent
2009-01-11 12:38 61,224 a------- c:\documents and settings\tangeria adams\GoToAssistDownloadHelper.exe
2009-01-08 21:56 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-08 21:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-08 21:56 <DIR> --d----- c:\docume~1\tanger~1\applic~1\SUPERAntiSpyware.com
2009-01-08 21:51 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-08 21:49 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-08 21:49 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-08 21:49 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-08 21:49 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-08 21:49 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-08 21:49 <DIR> -cd----- C:\60e3bd64a13f799f74
2009-01-08 21:49 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-01-08 21:49 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-08 21:41 <DIR> -cd-hr-- C:\AHCache
2009-01-08 21:40 <DIR> -cd----- C:\682cdd437f60efab56
2009-01-06 11:59 172,032 a------- c:\windows\system32\igfxres.dll
2009-01-06 11:55 53,248 a------- c:\windows\system32\CSVer.dll
2009-01-06 11:06 <DIR> -cd----- C:\ta7i0v600

==================== Find3M ====================

2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-06-02 22:15 184 a------- c:\docume~1\tanger~1\applic~1\wklnhst.dat
2008-04-28 21:32 35,912 a------- c:\docume~1\tanger~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-12 07:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 13:50:29.54 ===============

Attached Files


Edited by YumYumPB&J, 01 February 2009 - 02:43 PM.


#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 01 February 2009 - 03:20 PM

Hello.

A^2 antimalware isn't an antivirus, and won't provide enough protection by itself.

I would also add any of the AVs below:
After installing, update the database, run a full system scan and remove any items found.

With Regards,
The Panda

#11 YumYumPB&J

YumYumPB&J
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 01 February 2009 - 04:49 PM

OK, I downloading Avira Antivirus and I'm updating it now. Thanks again for all your help!

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 11 February 2009 - 04:04 PM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users