Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot is reading 300,00 files of Virtumonde.dll and .sdn .sci also showing Zlob Downloader.bs


  • This topic is locked This topic is locked
2 replies to this topic

#1 brad6972

brad6972

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 13 March 2009 - 03:53 AM

Hi i wonder if anyone can help.

I Have got a dell mini 9 which is just over 2 months old.

When i ran spybot today it scanned 350,000 files with half of them being Virtumonde.dll or sdn or sci
Once the scan had finished spybot found 1 infection (doubleclick)

I then updated spybot and created a new registry file (as advised by spybot)
I then re scanned
This time it scanned 450,000 files with 300,000 files being mostly Virtumonde.dll or sdn or sci then followed by zlobdownloader.bs
Doubleclick showed again and i fixed the problem.
i then immunized my laptop

After looking on google i followed your advise to remove virtumonde by using Malwarebytes anti malware.
I ran quick scan and full scan and it found no infections.

So next i ran Hijackthis and these are the logs.
I have also got an external hard drive that i use and have not had that plugged in today while using spybot or malwarebytes or hijackthis.


DDS (Ver_09-02-01.01) - NTFSx86
Run by DELL at 15:21:42.26 on Fri 03/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.413 [GMT 7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Wireless Select Switch\WLSS.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\DELL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\david gray white ladder\program files\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WLSS] c:\program files\wireless select switch\WLSS.exe
mRun: [Device Detector] DevDetect.exe -autorun
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [au] c:\program files\dealio\DealioAU.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232548883069
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dell\applic~1\mozilla\firefox\profiles\c3u6g7nm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=1682&gct=&gc=1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\dell\application data\mozilla\firefox\profiles\c3u6g7nm.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-1-21 9856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-22 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-22 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-22 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-22 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-22 298264]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 OA004Afx;Provides a software interface to control audio effects of OA004 camera.;c:\windows\system32\drivers\OA004Afx.sys [2009-2-13 148056]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2009-2-13 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2009-2-13 269760]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-23 33752]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-21 98304]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-2-20 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-2-20 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-2-20 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-2-20 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-2-20 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-2-20 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-2-20 109736]

=============== Created Last 30 ================

2009-03-13 14:40 <DIR> -cd----- c:\docume~1\dell\applic~1\Malwarebytes
2009-03-13 14:39 15,504 ac------ c:\windows\system32\drivers\mbam.sys
2009-03-13 14:39 38,496 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 14:39 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 14:39 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-11 17:55 <DIR> -cd----- c:\program files\common files\xing shared
2009-03-11 17:53 499,712 ac------ c:\windows\system32\msvcp71.dll
2009-03-11 17:53 <DIR> -cd----- c:\program files\common files\Real
2009-03-10 16:51 <DIR> -cd----- c:\docume~1\dell\applic~1\MSNInstaller
2009-03-10 16:26 <DIR> -cd----- c:\program files\eMule
2009-03-09 21:53 <DIR> -cd----- c:\program files\MediaMonkey
2009-03-06 16:37 221,184 ac------ c:\windows\system32\wmpns.dll
2009-03-03 13:26 <DIR> -cd----- c:\windows\system32\IOSUBSYS
2009-03-02 16:16 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-02 16:16 73,728 ac------ c:\windows\system32\javacpl.cpl
2009-03-02 16:16 5,632 ac------ c:\windows\system32\ptpusb.dll
2009-03-02 16:16 159,232 ac------ c:\windows\system32\ptpusd.dll
2009-03-02 16:15 15,104 ac------ c:\windows\system32\drivers\usbscan.sys
2009-03-02 16:15 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-02-21 21:05 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-02-21 21:05 <DIR> -cd----- c:\documents and settings\dell\LocalLow
2009-02-21 21:05 <DIR> -cd----- c:\program files\TVUPlayer
2009-02-20 18:27 <DIR> -cd----- c:\program files\Avanquest update
2009-02-20 18:27 109,736 ac------ c:\windows\system32\drivers\s0017unic.sys
2009-02-20 18:27 10,792 ac------ c:\windows\system32\drivers\s0017cr.sys
2009-02-20 18:27 108,328 ac------ c:\windows\system32\drivers\s0017mgmt.sys
2009-02-20 18:26 104,616 ac------ c:\windows\system32\drivers\s0017obex.sys
2009-02-20 18:26 26,024 ac------ c:\windows\system32\drivers\s0017nd5.sys
2009-02-20 18:26 114,600 ac------ c:\windows\system32\drivers\s0017mdm.sys
2009-02-20 18:26 15,016 ac------ c:\windows\system32\drivers\s0017mdfl.sys
2009-02-20 18:26 12,200 ac------ c:\windows\system32\drivers\s0017cmnt.sys
2009-02-20 18:26 12,200 ac------ c:\windows\system32\drivers\s0017cm.sys
2009-02-20 18:26 86,824 ac------ c:\windows\system32\drivers\s0017bus.sys
2009-02-20 18:26 12,200 ac------ c:\windows\system32\drivers\s0017whnt.sys
2009-02-20 18:26 12,200 ac------ c:\windows\system32\drivers\s0017wh.sys
2009-02-20 18:25 <DIR> -cd----- c:\program files\Sony Ericsson
2009-02-20 18:25 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2009-02-18 16:56 7,680 ac-sh--- c:\windows\Thumbs.db
2009-02-17 16:20 <DIR> -cd----- c:\program files\Search Settings
2009-02-17 16:18 <DIR> -cd----- c:\program files\Dealio
2009-02-17 16:11 <DIR> -cd----- c:\program files\MIKSOFT
2009-02-17 16:07 <DIR> -cd----- c:\program files\Wondershare
2009-02-17 16:06 <DIR> -cd----- c:\program files\common files\Download Manager
2009-02-13 21:17 <DIR> -cd----- c:\windows\system32\windows media
2009-02-13 21:16 <DIR> -cd----- c:\windows\RegisteredPackages
2009-02-13 21:16 <DIR> -cd-h--- c:\windows\msdownld.tmp
2009-02-13 21:16 <DIR> -cd----- c:\program files\Windows Media Components
2009-02-13 11:29 24,576 ac------ c:\windows\system32\OA004Srv.exe
2009-02-13 11:29 57,656 ac------ c:\windows\system32\drivers\OA004PC.bmp
2009-02-13 11:29 45,056 ac------ c:\windows\system32\OA004Pin.dll
2009-02-13 11:29 32,768 ac------ c:\windows\OA004Cfg.exe
2009-02-13 11:29 22,951 ac------ c:\windows\system32\drivers\OA004PC.jpg
2009-02-13 11:29 15,872 ac------ c:\windows\system32\OA004Pin.crl
2009-02-13 11:29 4,368 ac------ c:\windows\OA004.uns
2009-02-13 11:29 269,760 ac------ c:\windows\system32\drivers\OA004Vid.sys
2009-02-13 11:29 148,056 ac------ c:\windows\system32\drivers\OA004Afx.sys
2009-02-13 11:29 144,672 ac------ c:\windows\system32\drivers\OA004Ufd.sys

==================== Find3M ====================

2009-03-11 17:53 348,160 ac------ c:\windows\system32\msvcr71.dll
2009-02-09 18:13 1,846,784 ac------ c:\windows\system32\win32k.sys
2009-02-02 07:56 10,520 ac------ c:\windows\system32\avgrsstx.dll
2009-02-02 07:56 325,128 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-02-02 07:55 107,272 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-01-22 08:25 120,064 ac------ c:\windows\system32\drivers\Rtenicxp.sys
2009-01-21 20:21 0 ac--h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-21 19:56 319,488 ac------ c:\windows\HideWin.exe
2009-01-21 19:47 77,423 ac------ c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-21 19:23 21,640 ac------ c:\windows\system32\emptyregdb.dat
2009-01-16 14:45 73,728 ac------ c:\windows\system32\RtNicProp32.dll
2009-01-06 05:33 3,751,995 ac------ c:\windows\system32\GPhotos.scr
2008-12-21 06:15 826,368 ac------ c:\windows\system32\wininet.dll

============= FINISH: 15:22:30.13 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/21/2009 7:43:42 PM
System Uptime: 3/13/2009 1:22:43 PM (2 hours ago)

Motherboard: Dell Inc. | | CN0J14
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | U1 | 1595/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 7 GiB total, 0.688 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP24: 3/2/2009 4:14:00 PM - Installed Java™ 6 Update 12
RP25: 3/3/2009 6:01:25 PM - Software Distribution Service 3.0
RP26: 3/5/2009 9:22:26 AM - Avg8 Update
RP27: 3/6/2009 12:15:55 PM - Restore Operation
RP28: 3/6/2009 4:27:48 PM - Software Distribution Service 3.0
RP29: 3/6/2009 4:35:48 PM - Software Distribution Service 3.0
RP30: 3/8/2009 3:37:46 PM - Avg8 Update
RP31: 3/9/2009 10:40:09 PM - Installed QuickTime
RP32: 3/10/2009 4:26:25 PM - Software Distribution Service 3.0
RP33: 3/12/2009 10:40:16 AM - Software Distribution Service 3.0

==== Installed Programs ======================

AAC Decoder
ACDSee Pro 2
Acrobat.com
Adobe AIR
Adobe Flash Player Plugin
Adobe Reader 9
Apple Software Update
AutoUpdate
Avanquest update
AVG Free 8.0
Broadcom Wireless Utility
Critical Update for Windows Media Player 11 (KB959772)
DeepSoftware HID Plugin for Windows Media Player v1.3.2.113
Dell Resource CD
Dell Touchpad
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EMSC
eMule
getPlus® for Adobe
H.264 Decoder
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Integrated Webcam Driver (1.00.03.0720)
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 12
JMicron JMB38X Flash Media Controller
K-Lite Codec Pack 4.5.3 (Full)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.7)
Picasa 3
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Search Settings 1.2
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Skype™ 3.8
Sony Ericsson PC Suite 4.010.00
Spybot - Search & Destroy
TVUPlayer 2.4.1.0
Tweak UI
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Wireless Select Switch

==== Event Viewer Messages From Past Week ========

3/7/2009 10:50:49 PM, error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_02B01028&REV_00\4&192ac53f&0&02E0) disappeared from the system without first being prepared for removal.
3/7/2009 10:50:49 PM, error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_02B01028&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
3/7/2009 10:03:18 PM, error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_02B01028&REV_00\4&192ac53f&0&03E0) disappeared from the system without first being prepared for removal.
3/6/2009 4:36:23 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Search 4.0 for Windows XP (KB940157).
3/6/2009 1:28:44 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 00230819DB2B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/6/2009 12:51:01 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/6/2009 12:23:29 PM, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 00230819DB2B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/6/2009 12:20:21 PM, error: WinDefend [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.51.1145.0 Loading engine version: 1.1.4306.0
3/9/2009 6:12:04 PM, error: DCOM [10000] - Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}. The error: "%3" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe" -Embedding
3/9/2009 11:23:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

==== End Of File ===========================


Kind regards

Brad6972

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:46 PM

Posted 24 March 2009 - 07:12 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:46 PM

Posted 03 April 2009 - 06:13 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users