Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/infection won't allow NIS 2009 to update, etc...


  • This topic is locked This topic is locked
2 replies to this topic

#1 smeadows00

smeadows00

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 27 February 2009 - 06:19 PM

First of all, I want to "THANK" everyone who becomes involved with my issue(s). I thank you very much for your time, effort, and more importantly --- Your Mind Power! Here goes:
A friend of mine from church gave me his laptop to fix. His "Anti-Virus" had expired -(CA Anti-Virus)- and between him, his wife, & their teenage daughter, their laptop was just about coming to a complete stop...nothing will hardly run on it.
I received it after church and immediately loaded "Malwarebytes Anti-Malware" on it to scan for infections, etc...a FULL System scan revealed well over 192 infections...when I attempted to have the application remove the infections, the application crashed. I loaded Norton Internet Security 2009, successfully I believe, BUT it will NOT Update! Therefore, when I run any type of system scan - either Quick or Full - it is with Virus Definitions that are well over 180 days old! I even went so far as to download & run Lavasoft's Ad-Aware Anniversary Edition. The infections that it found, I thought I removed...yeah, right!
Everything I have attempted, tried, etc...has all been to NO AVAIL! I have went so far as using Selctive Startup, etc...to shut down Start-Up programs, etc...still --- ALL to NO Avail! It doesn't matter if I use Normal Boot-Up or SAFE MODE. Now I can't even get on the Internet! Therfore, I loaded your "DDS TOOL" onto a Flash Drive from my PC and then transferred it to his laptop. I am also sending this "POST" in from my PC since his laptop won't get on the Internet...following are his laptop logs you require...THANKS again so very much! May "Heavenly Blessings" be oured out upon you...

DDS LOG:


DDS (Ver_09-02-01.01) - NTFSx86
Run by BJ at 17:52:45.37 on Fri 02/27/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.374 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DrvInst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
F:\Malware TOOLZ\dds.scr
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearch Bar = hxxp://home.peoplepc.com/search
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://home.peoplepc.com/search
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {A057A204-BACC-4D26-CEC4-75A487FD6484} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {1F958B09-3312-7f0e-9723-4C1324C57B20} - c:\program files\internet radio\Radio.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - hxxp://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-3-7 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-3-7 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-3-7 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-3-7 59520]
S4 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-8-24 31592]
S4 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-14 24652]

=============== Created Last 30 ================

2009-02-26 17:49 250 a------- c:\windows\gmer.ini
2009-02-26 16:17 <DIR> --d----- c:\program files\NortonInstaller
2009-02-25 22:29 <DIR> --d----- C:\Temp
2009-02-25 11:29 <DIR> --d----- c:\users\bj\appdata\roaming\Malwarebytes
2009-02-24 16:56 <DIR> --d----- c:\programdata\Lavasoft
2009-02-24 16:56 <DIR> --d----- c:\program files\Lavasoft
2009-02-24 01:04 <DIR> --d----- c:\programdata\Symantec Temporary Files
2009-02-24 01:04 <DIR> --d----- c:\progra~2\Symantec Temporary Files
2009-02-24 00:24 674 a------- c:\windows\system32\CTSTATUS.FCS
2009-02-23 23:39 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-23 23:39 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-23 23:39 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-23 23:39 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-23 23:39 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-23 23:39 11,264 a------- c:\windows\system32\icardres.dll
2009-02-23 23:38 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-23 23:38 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-23 23:27 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-23 23:27 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-23 23:27 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-23 23:26 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-23 23:26 83,968 a------- c:\windows\system32\mscories.dll
2009-02-23 23:00 <DIR> --d----- c:\programdata\Norton
2009-02-23 23:00 <DIR> --d----- c:\progra~2\Norton
2009-02-23 20:41 <DIR> --d----- c:\programdata\NortonInstaller
2009-02-23 20:41 <DIR> --d----- c:\progra~2\NortonInstaller
2009-02-23 15:49 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-23 15:49 <DIR> --d----- c:\progra~2\Malwarebytes

==================== Find3M ====================

2009-02-24 16:18 41,826 a------- c:\programdata\nvModes.dat
2009-02-24 16:18 41,826 a------- c:\progra~2\nvModes.dat
2009-02-23 23:02 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-23 23:02 86,016 a------- c:\windows\inf\infstor.dat
2009-02-23 23:02 51,200 a------- c:\windows\inf\infpub.dat
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2009-01-13 16:45 2,740,224 a------- c:\windows\system32\win32cpr.dll
2009-01-13 16:45 1,556,581 a------- c:\windows\system32\winsflt.dll
2009-01-06 14:26 5,632 a------- c:\windows\fd.dll
2009-01-03 15:48 56 a---h--- c:\programdata\ezsidmv.dat
2009-01-03 15:48 56 a---h--- c:\progra~2\ezsidmv.dat
2008-12-15 19:05 27,554 a------- c:\users\bj\appdata\roaming\nvModes.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 65,536 a------- c:\windows\system32\jdns_sd.dll
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-04 23:32 293,376 a------- c:\windows\system32\psisdecd.dll
2008-12-04 23:32 428,544 a------- c:\windows\system32\EncDec.dll
2008-09-03 01:09 534 a------- c:\users\bj\appdata\roaming\wklnhst.dat
2008-07-25 09:18 174 a--sh--- c:\program files\desktop.ini
2008-07-25 09:04 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-14 09:55 308,600 a------- c:\programdata\NortonProtectionMemo.exe
2008-07-14 09:55 308,600 a------- c:\progra~2\NortonProtectionMemo.exe
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-02-27 17:53 262,144 a--sh--- c:\windows\serviceprofiles\localservice\NTUSER.DAT
2008-05-03 10:29 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-05-03 10:29 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-05-03 10:29 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 17:53:27.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 10 March 2009 - 04:17 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

DDS is a tool that gives us a general overview of the condition of your machine.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.
Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 18 March 2009 - 09:13 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users