Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, Trojan And Worm


  • Please log in to reply
1 reply to this topic

#1 Mr Reed

Mr Reed

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 02 February 2009 - 11:48 AM

I'm experiencing multiple pop ups massive decrease in speed, when accessing windows explorer, the internet, documents, and media files. I'm also unable to proceed when I tried to use my Windows Recovery CD in the CD drive
I get this message

"The option to upgrade at this time will not be available because the setup was unable to load the file:

H:\j386\WINNTUPG\NETUPGRD.dll"


DDS (Ver_09-02-01.01) - NTFSx86
Run by Mrs. Reed at 19:46:49.96 on Mon 06/02/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.681 [GMT -7:00]

AV: avast! antivirus 4.8.1229 [VPS 081106-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mrs. Reed\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ScanSoft PDF Create! 4-reminder] "c:\program files\scansoft\pdf create! 4\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\pdf create\4\ereg\ereg.ini"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking9\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking9\Ereg.ini
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
dRun: [CS Update] copy /Y "c:\windows\system32\msxml71.dll.upd" "c:\windows\system32\msxml71.dll"
dRun: [Cognac] c:\windows\temp\7.tmp.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mrs~1.ree\applic~1\mozilla\firefox\profiles\n44k69uu.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-28 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-28 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-28 147640]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-28 250040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-28 348344]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-8-28 231424]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-5-5 113896]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2008-06-02 18:34 <DIR> --d----- c:\windows\setup.pss
2008-06-02 02:01 <DIR> --d----- c:\program files\Seagate
2008-06-02 02:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2008-06-02 01:58 <DIR> --d----- c:\windows\Downloaded Installations
2008-06-02 01:58 <DIR> --dsh--- c:\windows\ftpcache
2008-06-01 19:21 57 a------- c:\windows\TaxACT08.ini
2008-06-01 19:20 <DIR> --d----- c:\program files\2nd Story Software
2008-05-27 10:50 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2008-05-27 10:50 57,344 a------- c:\windows\system32\QuickTime.qts
2008-05-09 16:23 135,168 -c------ c:\windows\system32\dllcache\wshom.ocx
2008-05-09 03:53 430,080 -c------ c:\windows\system32\dllcache\vbscript.dll
2008-05-09 03:53 172,032 -c------ c:\windows\system32\dllcache\scrrun.dll
2008-05-09 03:53 90,112 -c------ c:\windows\system32\dllcache\wshext.dll
2008-05-09 03:53 512,000 -c------ c:\windows\system32\dllcache\jscript.dll
2008-05-09 03:53 180,224 -c------ c:\windows\system32\dllcache\scrobj.dll
2008-05-08 04:24 155,648 -c------ c:\windows\system32\dllcache\wscript.exe
2008-05-07 02:07 135,168 -c------ c:\windows\system32\dllcache\cscript.exe
2008-05-06 22:12 1,288,192 -c------ c:\windows\system32\dllcache\quartz.dll
2008-05-05 11:40 113,896 a------- c:\windows\system32\drivers\keyscrambler.sys

==================== Find3M ====================

2008-09-08 18:35 2,788,800 a------- c:\program files\FLV PlayerFCSetup.exe
2008-05-09 03:53 430,080 a------- c:\windows\system32\vbscript.dll
2008-05-09 03:53 172,032 a------- c:\windows\system32\scrrun.dll
2008-05-09 03:53 90,112 a------- c:\windows\system32\wshext.dll
2008-05-09 03:53 180,224 a------- c:\windows\system32\scrobj.dll
2008-05-08 07:02 203,136 a------- c:\windows\system32\drivers\rmcast.sys
2008-05-08 04:24 155,648 a------- c:\windows\system32\wscript.exe
2008-05-07 02:07 135,168 a------- c:\windows\system32\cscript.exe
2008-05-06 22:12 1,288,192 a------- c:\windows\system32\quartz.dll
2008-05-05 12:02 77,824 a------- c:\windows\system32\YS5sIu3M.exe
2008-04-14 05:42 11,264 a------- c:\windows\system32\spnpinst.exe
2008-04-14 05:42 985,088 a------- c:\windows\system32\setupapi.dll
2008-04-14 05:41 423,936 a------- c:\windows\system32\licdll.dll
2008-04-13 17:25 1,804 a------- c:\windows\system32\dcache.bin
2008-04-13 17:16 329,728 a------- c:\windows\system32\netsetup.exe
2008-04-13 17:13 139,656 a------- c:\windows\system32\drivers\rdpwd.sys
2008-04-13 17:13 92,424 a------- c:\windows\system32\rdpdd.dll
2008-04-13 17:13 87,176 a------- c:\windows\system32\rdpwsx.dll
2008-04-13 17:13 21,896 a------- c:\windows\system32\drivers\tdtcp.sys
2008-04-13 17:13 12,168 a------- c:\windows\system32\tsddd.dll
2008-04-13 17:13 40,840 a------- c:\windows\system32\drivers\termdd.sys
2008-04-13 17:13 12,040 a------- c:\windows\system32\drivers\tdpipe.sys
2008-04-13 17:11 3,166,208 a------- c:\windows\srchasst\msgr3en.dll
2008-04-13 17:10 53,279 a------- c:\windows\system32\odbcji32.dll
2008-04-13 17:10 4,126 a------- c:\windows\system32\msdxmlc.dll
2008-04-13 17:10 3,584 a------- c:\windows\system32\msafd.dll
2008-04-13 14:00 103,424 a------- c:\windows\system32\dpcdll.dll
2008-04-13 12:28 175,744 a------- c:\windows\system32\drivers\rdbss.sys
2008-04-13 12:21 162,816 a------- c:\windows\system32\drivers\netbt.sys
2008-04-13 12:20 91,520 a------- c:\windows\system32\drivers\ndiswan.sys
2008-04-13 12:20 182,656 a------- c:\windows\system32\drivers\ndis.sys
2008-04-13 12:19 48,384 a------- c:\windows\system32\drivers\raspptp.sys
2008-04-13 12:19 51,328 a------- c:\windows\system32\drivers\rasl2tp.sys
2008-04-13 12:19 75,264 a------- c:\windows\system32\drivers\ipsec.sys
2008-04-13 12:19 146,048 a------- c:\windows\system32\drivers\portcls.sys
2008-04-13 12:18 52,480 a------- c:\windows\system32\drivers\i8042prt.sys
2008-04-13 12:17 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2008-04-13 12:17 105,344 a------- c:\windows\system32\drivers\mup.sys
2008-04-13 12:17 456,576 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-04-13 12:16 141,056 a------- c:\windows\system32\drivers\ks.sys
2008-04-13 12:16 49,536 a------- c:\windows\system32\drivers\classpnp.sys
2008-04-13 12:15 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2008-04-13 12:15 574,976 a------- c:\windows\system32\drivers\ntfs.sys
2008-04-13 12:15 64,512 a------- c:\windows\system32\drivers\serial.sys
2008-04-13 12:14 143,744 a------- c:\windows\system32\drivers\fastfat.sys
2008-04-13 12:14 63,744 a------- c:\windows\system32\drivers\cdfs.sys
2008-04-13 12:00 30,080 a------- c:\windows\system32\drivers\modem.sys
2008-04-13 12:00 19,072 a------- c:\windows\system32\drivers\tdi.sys
2008-04-13 11:57 41,472 a------- c:\windows\system32\drivers\raspppoe.sys
2008-04-13 11:57 40,576 a------- c:\windows\system32\drivers\ndproxy.sys
2008-04-13 11:57 14,336 a------- c:\windows\system32\drivers\asyncmac.sys
2008-04-13 11:57 10,112 a------- c:\windows\system32\drivers\ndistapi.sys
2008-04-13 11:57 34,560 a------- c:\windows\system32\drivers\wanarp.sys
2008-04-13 11:57 152,832 a------- c:\windows\system32\drivers\ipnat.sys
2008-04-13 11:57 20,864 a------- c:\windows\system32\drivers\ipinip.sys
2008-04-13 11:56 30,592 a------- c:\windows\system32\drivers\rndismp.sys
2008-04-13 11:56 12,800 a------- c:\windows\system32\drivers\usb8023.sys
2008-04-13 11:56 30,592 -------- c:\windows\system32\drivers\rndismpx.sys
2008-04-13 11:56 12,800 -------- c:\windows\system32\drivers\usb8023x.sys
2008-04-13 11:56 69,120 a------- c:\windows\system32\drivers\psched.sys
2008-04-13 11:56 35,072 a------- c:\windows\system32\drivers\msgpc.sys
2008-04-13 11:56 88,320 a------- c:\windows\system32\drivers\nwlnkipx.sys
2008-04-13 11:56 34,688 a------- c:\windows\system32\drivers\netbios.sys
2008-04-13 11:56 12,288 a------- c:\windows\system32\drivers\tunmp.sys
2008-04-13 11:55 14,592 a------- c:\windows\system32\drivers\ndisuio.sys
2008-04-13 11:54 11,264 a------- c:\windows\system32\drivers\irenum.sys
2008-04-13 11:53 264,832 a------- c:\windows\system32\drivers\http.sys
2008-04-13 11:53 36,608 a------- c:\windows\system32\drivers\ip6fw.sys
2008-04-13 11:53 71,552 a------- c:\windows\system32\drivers\bridge.sys
2008-04-13 11:53 40,320 a------- c:\windows\system32\drivers\nmnt.sys
2008-04-13 11:51 101,120 -------- c:\windows\system32\drivers\bthpan.sys
2008-04-13 11:51 55,808 a------- c:\windows\system32\drivers\atmlane.sys
2008-04-13 11:51 61,824 a------- c:\windows\system32\drivers\nic1394.sys
2008-04-13 11:51 60,800 a------- c:\windows\system32\drivers\arp1394.sys
2008-04-13 11:51 59,904 a------- c:\windows\system32\drivers\atmarpc.sys
2008-04-13 11:46 37,888 -------- c:\windows\system32\drivers\bthmodem.sys
2008-04-13 11:46 17,024 -------- c:\windows\system32\drivers\bthenum.sys
2008-04-13 11:46 59,136 -------- c:\windows\system32\drivers\rfcomm.sys
2008-04-13 11:46 36,480 -------- c:\windows\system32\drivers\bthprint.sys
2008-04-13 11:46 25,600 -------- c:\windows\system32\drivers\hidbth.sys
2008-04-13 11:46 18,944 -------- c:\windows\system32\drivers\bthusb.sys
2008-04-13 11:46 121,984 -------- c:\windows\system32\drivers\usbvideo.sys
2008-04-13 11:46 25,344 a------- c:\windows\system32\drivers\sonydcam.sys
2008-04-13 11:44 17,664 a------- c:\windows\system32\watchdog.sys
2008-04-13 11:44 799,744 a------- c:\windows\system32\drivers\dmboot.sys
2008-04-13 11:44 153,344 a------- c:\windows\system32\drivers\dmio.sys
2008-04-13 11:44 81,664 a------- c:\windows\system32\drivers\videoprt.sys
2008-04-13 11:44 20,992 a------- c:\windows\system32\drivers\vga.sys
2008-04-13 11:43 14,208 -------- c:\windows\system32\drivers\wacompen.sys
2008-04-13 11:43 12,672 -------- c:\windows\system32\drivers\mutohpen.sys
2008-04-13 11:41 52,352 a------- c:\windows\system32\drivers\volsnap.sys
2008-04-13 11:39 4,352 a------- c:\windows\system32\drivers\swenum.sys
2008-04-13 11:39 7,552 a------- c:\windows\system32\drivers\mskssrv.sys
2008-04-13 11:39 4,992 a------- c:\windows\system32\drivers\mspqm.sys
2008-04-13 11:39 5,376 a------- c:\windows\system32\drivers\mspclock.sys
2008-04-13 11:39 24,576 a------- c:\windows\system32\drivers\kbdclass.sys
2008-04-13 11:39 23,040 a------- c:\windows\system32\drivers\mouclass.sys
2008-04-13 11:39 384,768 a------- c:\windows\system32\drivers\update.sys
2008-04-13 11:39 42,368 a------- c:\windows\system32\drivers\mountmgr.sys
2008-04-13 11:38:29 A------- 71,168 c:\windows\system32\drivers\dxg.sys

============= FINISH: 19:47:52.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:44 PM

Posted 07 February 2009 - 01:16 PM

hi Mr Reed,

Your log is several days old. If you still need help, we will get a download. Its called Combofix. There is a guide to read first. Once you finish the guide, download and first disable your Antivirus and any antimalware you have running. Double click the combofix icon and follow the prompts.

The guide to read through:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users