Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Asus Eee w/Windows XP infected with vitrtumonde family


  • Please log in to reply
3 replies to this topic

#1 joejustice

joejustice

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 08 February 2009 - 08:26 AM

Hello,

My daughter's Eee picked up a number of viruses through some sort of malware. This started 4 days ago, but she didn't realize what was happening. When she first noticed her wireless connection dropping I ran the installed Avast! virus check, which said it got rid of a number of other viruses. The problems continued, but Avast wasn't detectng everything.

I then used Spybot: Search and Destroy, which of course gave me a ton more info - and it appeared to clean off the multiple malware incidents, but then on reboot, the Virtumonde viruses continued to appear. I ran S&D several times, then realized that it wasn't removing the viruses - and it also started finding Smitfraud-C.

I then started searching the net for help, and found you guys. :thumbup2: I read the post about activating some of the settings in the firewall, made those changes, and after running S&D again, Smitfraud-C went away - but not the others. It is still infected with Virtumonde, Virtumonde.generic, and Virtumonde.sci. S&D also states that Microsoft.WindowSecurityCenter_disabled is a problem, but it isn't a virus, just a related problem.


I downloaded DDS and ComboFix (in case I'm advised to use it by you guys) to the desktop, disabled Avast and S&D, ran DDS, and here is the logfile:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Jacqueline Justice at 3:18:40.34 on Sun 02/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.557 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090207-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Jacqueline Justice\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\ddcCUmLf.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: {DF515322-62F2-402E-BB92-AE1E297E9181} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {fe3ffb37-e5eb-4825-a738-c738cc9db3aa} - c:\windows\system32\pmnnNeEX.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230250428392
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230250415361
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: d3dibn - c:\windows\system32\wins\d3dibn.dll
Notify: ddcCUmLf - ddcCUmLf.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\ddcCUmLf.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnnNeEX

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-26 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-26 155160]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-9-11 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-9-11 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2002-1-2 36864]
S0 qagkkwuw;qagkkwuw;c:\windows\system32\drivers\qbknnqsk.sys []
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-26 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-26 352920]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-11 625024]

=============== Created Last 30 ================

2009-02-08 03:05 2,250 a--sh--- c:\windows\system32\XEeNnnmp.ini2
2009-02-07 15:42 529 a------- c:\windows\system32\winlogon2.exe
2009-02-07 02:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-07 02:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-06 22:29 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-06 22:27 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2009-02-06 22:26 19,016 ac------ c:\windows\system32\dllcache\w926nd.sys
2009-02-06 22:25 113,762 ac------ c:\windows\system32\dllcache\usrpda.sys
2009-02-06 22:24 26,624 ac------ c:\windows\system32\dllcache\umaxu22.dll
2009-02-06 22:24 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-02-06 22:24 50,688 ac------ c:\windows\system32\dllcache\umaxscan.dll
2009-02-06 22:24 22,912 ac------ c:\windows\system32\dllcache\umaxpcls.sys
2009-02-06 22:24 50,176 ac------ c:\windows\system32\dllcache\umaxp60.dll
2009-02-06 22:24 47,616 ac------ c:\windows\system32\dllcache\umaxcam.dll
2009-02-06 22:24 211,968 ac------ c:\windows\system32\dllcache\um54scan.dll
2009-02-06 22:24 216,064 ac------ c:\windows\system32\dllcache\um34scan.dll
2009-02-06 22:24 36,736 ac------ c:\windows\system32\dllcache\ultra.sys
2009-02-06 22:24 44,672 ac------ c:\windows\system32\dllcache\uagp35.sys
2009-02-06 22:24 11,520 ac------ c:\windows\system32\dllcache\twotrack.sys
2009-02-06 22:23 166,784 ac------ c:\windows\system32\dllcache\tridxpm.sys
2009-02-06 22:23 525,568 ac------ c:\windows\system32\dllcache\tridxp.dll
2009-02-06 22:23 159,232 ac------ c:\windows\system32\dllcache\tridkbm.sys
2009-02-06 22:23 440,576 ac------ c:\windows\system32\dllcache\tridkb.dll
2009-02-06 22:23 222,336 ac------ c:\windows\system32\dllcache\trid3dm.sys
2009-02-06 22:23 315,520 ac------ c:\windows\system32\dllcache\trid3d.dll
2009-02-06 22:23 34,375 ac------ c:\windows\system32\dllcache\tpro4.sys
2009-02-06 22:23 42,496 ac------ c:\windows\system32\dllcache\tp4res.dll
2009-02-06 22:23 82,944 ac------ c:\windows\system32\dllcache\tp4mon.exe
2009-02-06 22:23 31,744 ac------ c:\windows\system32\dllcache\tp4.dll
2009-02-06 22:21 7,040 ac------ c:\windows\system32\dllcache\tandqic.sys
2009-02-06 22:21 36,640 ac------ c:\windows\system32\dllcache\t2r4mini.sys
2009-02-06 22:21 172,768 ac------ c:\windows\system32\dllcache\t2r4disp.dll
2009-02-06 22:21 32,640 ac------ c:\windows\system32\dllcache\symc8xx.sys
2009-02-06 22:21 16,256 ac------ c:\windows\system32\dllcache\symc810.sys
2009-02-06 22:21 30,688 ac------ c:\windows\system32\dllcache\sym_u3.sys
2009-02-06 22:21 28,384 ac------ c:\windows\system32\dllcache\sym_hi.sys
2009-02-06 22:21 94,293 ac------ c:\windows\system32\dllcache\sxports.dll
2009-02-06 22:21 103,936 ac------ c:\windows\system32\dllcache\sx.sys
2009-02-06 22:21 3,968 ac------ c:\windows\system32\dllcache\swusbflt.sys
2009-02-06 22:21 10,240 ac------ c:\windows\system32\dllcache\swpidflt.dll
2009-02-06 22:20 10,240 ac------ c:\windows\system32\dllcache\swpdflt2.dll
2009-02-06 22:20 53,760 ac------ c:\windows\system32\dllcache\sw_wheel.dll
2009-02-06 22:20 41,472 ac------ c:\windows\system32\dllcache\sw_effct.dll
2009-02-06 22:20 155,648 ac------ c:\windows\system32\dllcache\stlnprop.dll
2009-02-06 22:20 53,248 ac------ c:\windows\system32\dllcache\stlncoin.dll
2009-02-06 22:20 285,760 ac------ c:\windows\system32\dllcache\stlnata.sys
2009-02-06 22:20 16,896 ac------ c:\windows\system32\dllcache\stcusb.sys
2009-02-06 22:20 48,736 ac------ c:\windows\system32\dllcache\srwlnd5.sys
2009-02-06 22:20 99,328 ac------ c:\windows\system32\dllcache\srusd.dll
2009-02-06 22:20 24,660 ac------ c:\windows\system32\dllcache\spxupchk.dll
2009-02-06 22:19 61,824 ac------ c:\windows\system32\dllcache\speed.sys
2009-02-06 22:19 106,584 ac------ c:\windows\system32\dllcache\spdports.dll
2009-02-06 22:19 19,072 ac------ c:\windows\system32\dllcache\sparrow.sys
2009-02-06 22:19 7,552 ac------ c:\windows\system32\dllcache\sonypvu1.sys
2009-02-06 22:19 37,040 ac------ c:\windows\system32\dllcache\sonypi.sys
2009-02-06 22:19 114,688 ac------ c:\windows\system32\dllcache\sonypi.dll
2009-02-06 22:19 20,752 ac------ c:\windows\system32\dllcache\sonync.sys
2009-02-06 22:19 9,600 ac------ c:\windows\system32\dllcache\sonymc.sys
2009-02-06 22:19 143,422 ac------ c:\windows\system32\dllcache\softkey.dll
2009-02-06 22:19 7,552 ac------ c:\windows\system32\dllcache\sonyait.sys
2009-02-06 22:19 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-02-06 22:17 73,796 ac------ c:\windows\system32\dllcache\slserv.exe
2009-02-06 22:16 101,760 ac------ c:\windows\system32\dllcache\sis300ip.sys
2009-02-06 22:16 3,901 ac------ c:\windows\system32\dllcache\siint5.dll
2009-02-06 22:16 161,568 ac------ c:\windows\system32\dllcache\sgsmusb.sys
2009-02-06 22:16 18,400 ac------ c:\windows\system32\dllcache\sgsmld.sys
2009-02-06 22:16 98,080 ac------ c:\windows\system32\dllcache\sgiulnt5.sys
2009-02-06 22:16 386,560 ac------ c:\windows\system32\dllcache\sgiul50.dll
2009-02-06 22:16 36,480 ac------ c:\windows\system32\dllcache\sfmanm.sys
2009-02-06 22:16 17,664 ac------ c:\windows\system32\dllcache\sermouse.sys
2009-02-06 22:16 6,912 ac------ c:\windows\system32\dllcache\seaddsmc.sys
2009-02-06 22:16 11,520 ac------ c:\windows\system32\dllcache\scsiscan.sys
2009-02-06 22:16 11,648 ac------ c:\windows\system32\dllcache\scsiprnt.sys
2009-02-06 22:16 17,280 ac------ c:\windows\system32\dllcache\scr111.sys
2009-02-06 22:14 41,216 ac------ c:\windows\system32\dllcache\s3mt3d.sys
2009-02-06 22:13 30,592 ac------ c:\windows\system32\dllcache\rndismpx.sys
2009-02-06 22:13 37,563 ac------ c:\windows\system32\dllcache\rlnet5.sys
2009-02-06 22:13 59,136 ac------ c:\windows\system32\dllcache\rfcomm.sys
2009-02-06 22:13 86,097 ac------ c:\windows\system32\dllcache\reslog32.dll
2009-02-06 22:13 13,776 ac------ c:\windows\system32\dllcache\recagent.sys
2009-02-06 22:13 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-02-06 22:13 714,762 ac------ c:\windows\system32\dllcache\r2mdmkxx.sys
2009-02-06 22:13 899,146 ac------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-06 22:13 41,472 ac------ c:\windows\system32\dllcache\qvusd.dll
2009-02-06 22:13 3,328 ac------ c:\windows\system32\dllcache\qv2kux.sys
2009-02-06 22:13 77,824 ac------ c:\windows\system32\dllcache\quick.ime
2009-02-06 22:13 49,024 ac------ c:\windows\system32\dllcache\ql1280.sys
2009-02-06 22:13 40,448 ac------ c:\windows\system32\dllcache\ql1240.sys
2009-02-06 22:11 70,144 ac------ c:\windows\system32\dllcache\pintlphr.exe
2009-02-06 22:10 29,769 ac------ c:\windows\system32\dllcache\pcntn5m.sys
2009-02-06 22:09 28,032 ac------ c:\windows\system32\dllcache\ovcd.sys
2009-02-06 22:08 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-02-06 22:07 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-02-06 22:06 49,024 ac------ c:\windows\system32\dllcache\mstape.sys
2009-02-06 22:05 235,648 ac------ c:\windows\system32\dllcache\mgaud.dll
2009-02-06 22:04 727,786 ac------ c:\windows\system32\dllcache\ltck000c.sys
2009-02-06 22:03 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-02-06 22:03 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-02-06 22:03 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-02-06 22:03 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-02-06 22:03 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-02-06 22:03 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-02-06 22:03 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-02-06 22:03 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-02-06 22:03 18,688 ac------ c:\windows\system32\dllcache\irsir.sys
2009-02-06 22:03 28,160 ac------ c:\windows\system32\dllcache\irmon.dll
2009-02-06 22:03 23,552 ac------ c:\windows\system32\dllcache\irmk7.sys
2009-02-06 22:03 151,552 ac------ c:\windows\system32\dllcache\irftp.exe
2009-02-06 22:03 88,192 ac------ c:\windows\system32\dllcache\irda.sys
2009-02-06 22:01 91,136 ac------ c:\windows\system32\dllcache\icam4com.dll
2009-02-06 22:00 488,383 ac------ c:\windows\system32\dllcache\hsf_v124.sys
2009-02-06 21:59 13,312 ac------ c:\windows\system32\dllcache\hpsjmcro.dll
2009-02-06 21:58 19,200 ac------ c:\windows\system32\dllcache\hidir.sys
2009-02-06 21:57 455,296 ac------ c:\windows\system32\dllcache\fusbbase.sys
2009-02-06 21:56 45,568 ac------ c:\windows\system32\dllcache\esunib.dll
2009-02-06 21:55 19,996 ac------ c:\windows\system32\dllcache\em556n4.sys
2009-02-06 21:54 29,696 ac------ c:\windows\system32\dllcache\dm9pci5.sys
2009-02-06 21:53 110,592 ac------ c:\windows\system32\dllcache\dc260usd.dll
2009-02-06 21:52 6,656 ac------ c:\windows\system32\dllcache\cmdide.sys
2009-02-06 21:51 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2009-02-06 21:50 25,471 ac------ c:\windows\system32\dllcache\atv04nt5.dll
2009-02-06 21:49 44,928 ac------ c:\windows\system32\dllcache\agpcpq.sys
2009-02-06 19:17 <DIR> --d----- c:\program files\Yahoo!
2009-02-06 19:17 <DIR> --d----- c:\program files\CCleaner
2009-02-04 19:24 <DIR> --d----- c:\docume~1\jacque~1\applic~1\cogad
2009-02-04 19:23 48,640 a------- c:\windows\system32\mlJAqoLc.dll
2009-02-04 19:23 4 a------- c:\windows\qagkkwuw
2009-02-04 19:23 2,250 a--sh--- c:\windows\system32\XEeNnnmp.ini
2009-02-04 19:22 304,128 a------- c:\windows\system32\pmnnNeEX.dll
2009-02-04 19:17 48,640 a------- c:\windows\system32\ddcCUmLf.dll
2009-02-04 19:09 44,824 a------- c:\windows\system32\prunnet.exe
2009-01-14 21:34 <DIR> --d----- c:\program files\DupeEliminator

==================== Find3M ====================

2009-02-03 22:40 3,788 a------- c:\docume~1\jacque~1\applic~1\wklnhst.dat
2008-12-29 00:10 163,472 a------- c:\windows\hpoins31.dat
2008-12-25 20:30 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-05-07 18:34 15,523,560 a------- c:\program files\Install AiGuruU1 Skype Phone.exe

============= FINISH: 3:19:48.34 ===============

BC AdBot (Login to Remove)

 


#2 joejustice

joejustice
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 08 February 2009 - 10:28 AM

Rats, I'm an idiot! I sent this message from the same laptop - I had the network adapter disabled, turned it back on when I ran DSS and sent my original post. Just as I was posting, the malware immediately kicked back in with the false virus scan crap that got my daughter to click on it in the first place. I closed the pop-up, which gave some sort of nastygram (wish I took a screenshot), went to the IE window and finished posting the message, then shut the wireless network adapter back off. The virus forced a 1-minute countdown to reboot, which I couldn't stop, and rebooted the Eee.

When it started again, I ran Spybot S&D again, which of course now found all the same viruses, AND Smitfraud-C is back (watching it search, and it's only at 50% or so - who knows what else was added). The system also crashed while I was off in the shed, looking for a hammer a simpler but permanent solution, and when I came back something forced the Eee to reboot. I'll run it again to make sure there isn't anything else, re-run DSS, and post both the log and attach the "attach" file.

I would attach the last file, but the virus apparently shut the system down again in the middle of the S&D search.

Question - would doing a re-install from the D: drive help here, or would the virus still reside in the boot sector? That seems like an easy solution.

thanks,

Joe

#3 joejustice

joejustice
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 08 February 2009 - 05:17 PM

OK, I had the shutdown happen again - and from what I can remember in the minute, here is what the shutdown message said:

"Restart in (countdown from 1:00 minute) authorized by NT Authority\System

Shutdown occurred because DCOM SERVER PROCESS LAUNCHER failed to respond." This is not exact working, since my memory is still 486 DX66 speed in a Intel Core Duo world. :-)

I also had the system simply turn off when I plugged in a USB hard drive; not shut down, but turn off like someone pulled the battery out. I used a built in SD card slot to copy the DDS txt files.

I have not done anything else to the system at this point, except to re-run DDS, copy the DSS.txt and attach.txt files, and turn the computer off.

Here is the new DDS log and BOTH Attach files - aatach2.txt is the newest one - good luck and thank you so much for your kind attention and assistance:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Jacqueline Justice at 16:40:22.81 on Sun 02/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.619 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090207-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jacqueline Justice\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\ddcCUmLf.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: {d1e77b8b-c702-41a0-a292-e95e191cd739} - c:\windows\system32\pmnnNeEX.dll
BHO: {DF515322-62F2-402E-BB92-AE1E297E9181} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: {FE3FFB37-E5EB-4825-A738-C738CC9DB3AA} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230250428392
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230250415361
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: d3dibn - c:\windows\system32\wins\d3dibn.dll
Notify: ddcCUmLf - ddcCUmLf.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\ddcCUmLf.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnnNeEX

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-26 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-26 155160]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-9-11 10752]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-26 352920]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [2008-9-11 26112]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2002-1-2 36864]
S0 qagkkwuw;qagkkwuw;c:\windows\system32\drivers\qbknnqsk.sys []
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-11 625024]

=============== Created Last 30 ================

2009-02-08 04:14 1,092 a--sh--- c:\windows\system32\XEeNnnmp.ini2
2009-02-08 04:13 1,092 a--sh--- c:\windows\system32\XEeNnnmp.ini
2009-02-07 15:42 529 a------- c:\windows\system32\winlogon2.exe
2009-02-07 02:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-07 02:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-06 22:29 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-06 22:27 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2009-02-06 22:26 19,016 ac------ c:\windows\system32\dllcache\w926nd.sys
2009-02-06 22:25 113,762 ac------ c:\windows\system32\dllcache\usrpda.sys
2009-02-06 22:24 26,624 ac------ c:\windows\system32\dllcache\umaxu22.dll
2009-02-06 22:24 69,632 ac------ c:\windows\system32\dllcache\umaxu12.dll
2009-02-06 22:24 50,688 ac------ c:\windows\system32\dllcache\umaxscan.dll
2009-02-06 22:24 22,912 ac------ c:\windows\system32\dllcache\umaxpcls.sys
2009-02-06 22:24 50,176 ac------ c:\windows\system32\dllcache\umaxp60.dll
2009-02-06 22:24 47,616 ac------ c:\windows\system32\dllcache\umaxcam.dll
2009-02-06 22:24 211,968 ac------ c:\windows\system32\dllcache\um54scan.dll
2009-02-06 22:24 216,064 ac------ c:\windows\system32\dllcache\um34scan.dll
2009-02-06 22:24 36,736 ac------ c:\windows\system32\dllcache\ultra.sys
2009-02-06 22:24 44,672 ac------ c:\windows\system32\dllcache\uagp35.sys
2009-02-06 22:24 11,520 ac------ c:\windows\system32\dllcache\twotrack.sys
2009-02-06 22:23 166,784 ac------ c:\windows\system32\dllcache\tridxpm.sys
2009-02-06 22:23 525,568 ac------ c:\windows\system32\dllcache\tridxp.dll
2009-02-06 22:23 159,232 ac------ c:\windows\system32\dllcache\tridkbm.sys
2009-02-06 22:23 440,576 ac------ c:\windows\system32\dllcache\tridkb.dll
2009-02-06 22:23 222,336 ac------ c:\windows\system32\dllcache\trid3dm.sys
2009-02-06 22:23 315,520 ac------ c:\windows\system32\dllcache\trid3d.dll
2009-02-06 22:23 34,375 ac------ c:\windows\system32\dllcache\tpro4.sys
2009-02-06 22:23 42,496 ac------ c:\windows\system32\dllcache\tp4res.dll
2009-02-06 22:23 82,944 ac------ c:\windows\system32\dllcache\tp4mon.exe
2009-02-06 22:23 31,744 ac------ c:\windows\system32\dllcache\tp4.dll
2009-02-06 22:21 7,040 ac------ c:\windows\system32\dllcache\tandqic.sys
2009-02-06 22:21 36,640 ac------ c:\windows\system32\dllcache\t2r4mini.sys
2009-02-06 22:21 172,768 ac------ c:\windows\system32\dllcache\t2r4disp.dll
2009-02-06 22:21 32,640 ac------ c:\windows\system32\dllcache\symc8xx.sys
2009-02-06 22:21 16,256 ac------ c:\windows\system32\dllcache\symc810.sys
2009-02-06 22:21 30,688 ac------ c:\windows\system32\dllcache\sym_u3.sys
2009-02-06 22:21 28,384 ac------ c:\windows\system32\dllcache\sym_hi.sys
2009-02-06 22:21 94,293 ac------ c:\windows\system32\dllcache\sxports.dll
2009-02-06 22:21 103,936 ac------ c:\windows\system32\dllcache\sx.sys
2009-02-06 22:21 3,968 ac------ c:\windows\system32\dllcache\swusbflt.sys
2009-02-06 22:21 10,240 ac------ c:\windows\system32\dllcache\swpidflt.dll
2009-02-06 22:20 10,240 ac------ c:\windows\system32\dllcache\swpdflt2.dll
2009-02-06 22:20 53,760 ac------ c:\windows\system32\dllcache\sw_wheel.dll
2009-02-06 22:20 41,472 ac------ c:\windows\system32\dllcache\sw_effct.dll
2009-02-06 22:20 155,648 ac------ c:\windows\system32\dllcache\stlnprop.dll
2009-02-06 22:20 53,248 ac------ c:\windows\system32\dllcache\stlncoin.dll
2009-02-06 22:20 285,760 ac------ c:\windows\system32\dllcache\stlnata.sys
2009-02-06 22:20 16,896 ac------ c:\windows\system32\dllcache\stcusb.sys
2009-02-06 22:20 48,736 ac------ c:\windows\system32\dllcache\srwlnd5.sys
2009-02-06 22:20 99,328 ac------ c:\windows\system32\dllcache\srusd.dll
2009-02-06 22:20 24,660 ac------ c:\windows\system32\dllcache\spxupchk.dll
2009-02-06 22:19 61,824 ac------ c:\windows\system32\dllcache\speed.sys
2009-02-06 22:19 106,584 ac------ c:\windows\system32\dllcache\spdports.dll
2009-02-06 22:19 19,072 ac------ c:\windows\system32\dllcache\sparrow.sys
2009-02-06 22:19 7,552 ac------ c:\windows\system32\dllcache\sonypvu1.sys
2009-02-06 22:19 37,040 ac------ c:\windows\system32\dllcache\sonypi.sys
2009-02-06 22:19 114,688 ac------ c:\windows\system32\dllcache\sonypi.dll
2009-02-06 22:19 20,752 ac------ c:\windows\system32\dllcache\sonync.sys
2009-02-06 22:19 9,600 ac------ c:\windows\system32\dllcache\sonymc.sys
2009-02-06 22:19 143,422 ac------ c:\windows\system32\dllcache\softkey.dll
2009-02-06 22:19 7,552 ac------ c:\windows\system32\dllcache\sonyait.sys
2009-02-06 22:19 7,040 ac------ c:\windows\system32\dllcache\snyaitmc.sys
2009-02-06 22:17 73,796 ac------ c:\windows\system32\dllcache\slserv.exe
2009-02-06 22:16 101,760 ac------ c:\windows\system32\dllcache\sis300ip.sys
2009-02-06 22:16 3,901 ac------ c:\windows\system32\dllcache\siint5.dll
2009-02-06 22:16 161,568 ac------ c:\windows\system32\dllcache\sgsmusb.sys
2009-02-06 22:16 18,400 ac------ c:\windows\system32\dllcache\sgsmld.sys
2009-02-06 22:16 98,080 ac------ c:\windows\system32\dllcache\sgiulnt5.sys
2009-02-06 22:16 386,560 ac------ c:\windows\system32\dllcache\sgiul50.dll
2009-02-06 22:16 36,480 ac------ c:\windows\system32\dllcache\sfmanm.sys
2009-02-06 22:16 17,664 ac------ c:\windows\system32\dllcache\sermouse.sys
2009-02-06 22:16 6,912 ac------ c:\windows\system32\dllcache\seaddsmc.sys
2009-02-06 22:16 11,520 ac------ c:\windows\system32\dllcache\scsiscan.sys
2009-02-06 22:16 11,648 ac------ c:\windows\system32\dllcache\scsiprnt.sys
2009-02-06 22:16 17,280 ac------ c:\windows\system32\dllcache\scr111.sys
2009-02-06 22:14 41,216 ac------ c:\windows\system32\dllcache\s3mt3d.sys
2009-02-06 22:13 30,592 ac------ c:\windows\system32\dllcache\rndismpx.sys
2009-02-06 22:13 37,563 ac------ c:\windows\system32\dllcache\rlnet5.sys
2009-02-06 22:13 59,136 ac------ c:\windows\system32\dllcache\rfcomm.sys
2009-02-06 22:13 86,097 ac------ c:\windows\system32\dllcache\reslog32.dll
2009-02-06 22:13 13,776 ac------ c:\windows\system32\dllcache\recagent.sys
2009-02-06 22:13 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-02-06 22:13 714,762 ac------ c:\windows\system32\dllcache\r2mdmkxx.sys
2009-02-06 22:13 899,146 ac------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-06 22:13 41,472 ac------ c:\windows\system32\dllcache\qvusd.dll
2009-02-06 22:13 3,328 ac------ c:\windows\system32\dllcache\qv2kux.sys
2009-02-06 22:13 77,824 ac------ c:\windows\system32\dllcache\quick.ime
2009-02-06 22:13 49,024 ac------ c:\windows\system32\dllcache\ql1280.sys
2009-02-06 22:13 40,448 ac------ c:\windows\system32\dllcache\ql1240.sys
2009-02-06 22:11 70,144 ac------ c:\windows\system32\dllcache\pintlphr.exe
2009-02-06 22:10 29,769 ac------ c:\windows\system32\dllcache\pcntn5m.sys
2009-02-06 22:09 28,032 ac------ c:\windows\system32\dllcache\ovcd.sys
2009-02-06 22:08 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-02-06 22:07 59,104 ac------ c:\windows\system32\dllcache\n9i128v2.dll
2009-02-06 22:06 49,024 ac------ c:\windows\system32\dllcache\mstape.sys
2009-02-06 22:05 235,648 ac------ c:\windows\system32\dllcache\mgaud.dll
2009-02-06 22:04 727,786 ac------ c:\windows\system32\dllcache\ltck000c.sys
2009-02-06 22:03 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-02-06 22:03 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-02-06 22:03 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-02-06 22:03 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-02-06 22:03 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-02-06 22:03 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-02-06 22:03 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-02-06 22:03 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-02-06 22:03 18,688 ac------ c:\windows\system32\dllcache\irsir.sys
2009-02-06 22:03 28,160 ac------ c:\windows\system32\dllcache\irmon.dll
2009-02-06 22:03 23,552 ac------ c:\windows\system32\dllcache\irmk7.sys
2009-02-06 22:03 151,552 ac------ c:\windows\system32\dllcache\irftp.exe
2009-02-06 22:03 88,192 ac------ c:\windows\system32\dllcache\irda.sys
2009-02-06 22:01 91,136 ac------ c:\windows\system32\dllcache\icam4com.dll
2009-02-06 22:00 488,383 ac------ c:\windows\system32\dllcache\hsf_v124.sys
2009-02-06 21:59 13,312 ac------ c:\windows\system32\dllcache\hpsjmcro.dll
2009-02-06 21:58 19,200 ac------ c:\windows\system32\dllcache\hidir.sys
2009-02-06 21:57 455,296 ac------ c:\windows\system32\dllcache\fusbbase.sys
2009-02-06 21:56 45,568 ac------ c:\windows\system32\dllcache\esunib.dll
2009-02-06 21:55 19,996 ac------ c:\windows\system32\dllcache\em556n4.sys
2009-02-06 21:54 29,696 ac------ c:\windows\system32\dllcache\dm9pci5.sys
2009-02-06 21:53 110,592 ac------ c:\windows\system32\dllcache\dc260usd.dll
2009-02-06 21:52 6,656 ac------ c:\windows\system32\dllcache\cmdide.sys
2009-02-06 21:51 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2009-02-06 21:50 25,471 ac------ c:\windows\system32\dllcache\atv04nt5.dll
2009-02-06 21:49 44,928 ac------ c:\windows\system32\dllcache\agpcpq.sys
2009-02-06 19:17 <DIR> --d----- c:\program files\Yahoo!
2009-02-06 19:17 <DIR> --d----- c:\program files\CCleaner
2009-02-04 19:24 <DIR> --d----- c:\docume~1\jacque~1\applic~1\cogad
2009-02-04 19:23 48,640 a------- c:\windows\system32\mlJAqoLc.dll
2009-02-04 19:23 4 a------- c:\windows\qagkkwuw
2009-02-04 19:22 304,128 a------- c:\windows\system32\pmnnNeEX.dll
2009-02-04 19:17 48,640 a------- c:\windows\system32\ddcCUmLf.dll
2009-02-04 19:09 44,824 a------- c:\windows\system32\prunnet.exe
2009-01-14 21:34 <DIR> --d----- c:\program files\DupeEliminator

==================== Find3M ====================

2009-02-03 22:40 3,788 a------- c:\docume~1\jacque~1\applic~1\wklnhst.dat
2008-12-29 00:10 163,472 a------- c:\windows\hpoins31.dat
2008-12-25 20:30 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-05-07 18:34 15,523,560 a------- c:\program files\Install AiGuruU1 Skype Phone.exe

============= FINISH: 16:41:34.89 ===============

Attached Files



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:44 AM

Posted 12 February 2009 - 08:40 PM

hi,


activating some of the settings in the firewall, made those changes

a firewall is totally useless once a machine has become compromised.


your log is several days old. if you still need help you can do this:

You said you had combofix. read this guide first about using it. It will explain what you need to know.
after you read the guide--Double click the icon and follow the prompts to update it and install the ms recovery console.

the guide is here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users