Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan Vundo and agent WinXPSP2


  • This topic is locked This topic is locked
3 replies to this topic

#1 katfoxx

katfoxx

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 13 March 2009 - 09:33 PM

have mutliple popups at startup and sometimes blue dump screens

With the help from Am I infected forum I have run
Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 2

3/8/2009 10:04:34 AM
mbam-log-2009-03-08 (10-04-34).txt
Scan type: Quick Scan
Scan type: Full Scan (C:\|)

Ran chkdsk and all was OK

Tried to enable firewall but was told it was controlled by group policy which I don't remember setting (don't know how).

Ran DDS

Here are the logs

DDS (Ver_09-02-01.01) - NTFSx86
Run by Iris at 22:07:29.34 on Fri 03/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.591 [GMT -4:00]

AV: avast! antivirus 4.8.1201 [VPS 080818-0] *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Iris\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\Documents and Settings\Iris\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\user\kiex.exe \s,c:\windows\system32\ndetect.exe,c:\windows\system32\ndetect.exe,c:\windows\system32\deviceemulator.exe,c:\windows\system32\makehm.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
TB: Yahoo! ¤u¨ă¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [reader_s] c:\documents and settings\iris\reader_s.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [services] c:\windows\services.exe
dRun: [reader_s] c:\documents and settings\iris\reader_s.exe
dRun: [services] c:\windows\services.exe
mExplorerRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus g\AirPlus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~2.lnk - c:\program files\d-link airplus xtreme g\AirPlus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: micripgc - pljevai.dll
AppInit_DLLs: fohoau.dll metgnj.dll paozxo.dll zubfua.dll sawwvp.dll pdsrhy.dll suiynv.dll lgedmi.dll kgjljg.dll nhqqgu.dll dbqqky.dll rmcjen.dll svkxop.dll suvvig.dll hzrrsx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 ceuivqrg;ceuivqrg;c:\windows\system32\drivers\ceuivqrg.sys --> c:\windows\system32\drivers\ceuivqrg.sys [?]
R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-3-10 18944]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-19 78416]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-19 20560]
R2 softyinforwow1;.Freame Micer;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 396192]
S0 bitihzsp;bitihzsp;c:\windows\system32\drivers\bitihzsp.sys --> c:\windows\system32\drivers\bitihzsp.sys [?]
S0 cjvjqiu;cjvjqiu;c:\windows\system32\drivers\iprkqmfn.sys --> c:\windows\system32\drivers\iprkqmfn.sys [?]
S0 uelsmxgo;uelsmxgo;c:\windows\system32\drivers\uelsmxgo.sys --> c:\windows\system32\drivers\uelsmxgo.sys [?]
S1 cecce00e;cecce00e;c:\windows\system32\drivers\cecce00e.sys [2009-1-25 0]
S1 fe31066c;fe31066c;c:\windows\system32\drivers\fe31066c.sys [2009-1-24 0]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-6-19 144760]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 zzbxcydf;Disk Controller;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-19 247160]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-6-19 349560]
S3 pcistub;pcistub;c:\windows\system32\pcistub.sys [2006-2-28 2304]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]

=============== Created Last 30 ================

2009-03-13 21:56 64,000 a------- c:\windows\system32\makehm.exe
2009-03-13 21:56 65,536 a------- c:\windows\system32\D.tmp
2009-03-13 21:56 84 a------- c:\windows\system32\C.tmp
2009-03-13 21:25 65,536 a------- c:\windows\system32\B.tmp
2009-03-13 21:25 64,000 a------- c:\windows\system32\deviceemulator.exe
2009-03-13 21:25 84 a------- c:\windows\system32\9.tmp
2009-03-10 22:57 31,744 a------- c:\windows\system32\A.tmp
2009-03-10 22:57 65,536 a------- c:\windows\system32\7.tmp
2009-03-10 22:57 124 a------- c:\windows\system32\6.tmp
2009-03-10 22:46 <DIR> --d----- c:\program files\ACW
2009-03-10 22:09 31,744 a------- c:\windows\system32\8.tmp
2009-03-10 22:09 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-03-10 22:09 64,000 a------- c:\windows\system32\ndetect.exe
2009-03-10 22:08 65,536 a------- c:\windows\system32\5.tmp
2009-03-10 22:08 124 a------- c:\windows\system32\4.tmp
2009-03-10 07:13 6 a------- c:\windows\_id.dat
2009-03-10 07:13 128 a------- c:\windows\adobe.bat
2009-03-10 07:12 33,280 a------- c:\windows\system32\reader_s.exe
2009-03-10 07:12 33,280 a------- c:\documents and settings\iris\reader_s.exe
2009-03-10 07:12 80 a------- c:\windows\system32\2.tmp
2009-03-09 08:40 262,144 -------- c:\windows\system32\nvtpm32.dll
2009-03-09 08:40 105,984 -------- c:\windows\system32\3.tmp
2009-03-09 07:51 577,536 a------- c:\windows\system32\abdddb
2009-03-08 09:56 405,504 a------- c:\windows\system32\tmpxccacj1.exe
2009-03-08 09:56 <DIR> --d----- c:\docume~1\iris\applic~1\Malwarebytes
2009-03-08 09:55 <DIR> --d----- c:\documents and settings\Iris
2009-03-08 09:52 577,536 a------- c:\windows\system32\pocvu
2009-03-08 09:52 105,984 a------- c:\windows\system32\23.tmp
2009-03-08 09:52 40 a------- c:\windows\system32\20.tmp
2009-03-08 09:45 577,536 a------- c:\windows\system32\szuaf
2009-03-08 09:45 105,984 a------- c:\windows\system32\1F.tmp
2009-03-08 09:45 40 a------- c:\windows\system32\1D.tmp
2009-03-08 09:42 577,536 a------- c:\windows\system32\ybjbyyemi
2009-03-08 09:42 105,984 a------- c:\windows\system32\1C.tmp
2009-03-08 09:42 40 a------- c:\windows\system32\1B.tmp
2009-03-08 08:48 577,536 a------- c:\windows\system32\elpdqq
2009-03-08 08:48 105,984 a------- c:\windows\system32\1A.tmp
2009-03-08 08:48 40 a------- c:\windows\system32\19.tmp
2009-03-07 13:28 577,536 a------- c:\windows\system32\yiexbsoch
2009-03-07 13:28 105,984 a------- c:\windows\system32\18.tmp
2009-03-07 13:28 40 a------- c:\windows\system32\17.tmp
2009-03-07 13:25 577,536 a------- c:\windows\system32\oknguitfxr
2009-03-07 13:25 105,984 a------- c:\windows\system32\16.tmp
2009-03-07 13:25 40 a------- c:\windows\system32\15.tmp
2009-03-07 13:18 3,284 a------- c:\windows\system32\ANIWZCS{9ECE75A0-B3D3-4990-A0FE-A7B2C7CFA550}
2009-03-07 12:51 577,536 a------- c:\windows\system32\xmwbc
2009-03-07 12:51 105,984 a------- c:\windows\system32\14.tmp
2009-03-07 12:51 40 a------- c:\windows\system32\13.tmp
2009-03-06 16:06 577,536 a------- c:\windows\system32\ywoyp
2009-03-06 16:06 105,984 a------- c:\windows\system32\12.tmp
2009-03-06 16:05 40 a------- c:\windows\system32\11.tmp
2009-03-02 21:45 577,536 a------- c:\windows\system32\smrpkia
2009-03-02 21:45 105,984 a------- c:\windows\system32\10.tmp
2009-03-02 21:09 577,536 a------- c:\windows\system32\wqkeog
2009-03-02 21:05 577,536 a------- c:\windows\system32\lfvifysfn
2009-03-02 20:58 577,536 a------- c:\windows\system32\yjzjqxp
2009-03-01 17:31 577,536 a------- c:\windows\system32\kviyv
2009-03-01 14:55 577,536 a------- c:\windows\system32\zdfzfl
2009-03-01 08:51 32 a------- c:\windows\system32\work.ini
2009-03-01 08:51 209 a------- c:\windows\system32\hgset.ini
2009-03-01 08:51 <DIR> --d----- c:\windows\system32\3361
2009-03-01 08:51 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-03-01 08:49 577,536 a------- c:\windows\system32\zhlc
2009-02-28 20:00 90,112 a------- c:\windows\system32\20092027.dll
2009-02-28 20:00 77,824 a------- c:\windows\system32\u192885221.dll
2009-02-28 20:00 0 a------- c:\windows\mqcd.dbt
2009-02-28 20:00 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-28 19:59 195 a------- c:\windows\system32\xcchit32.ini
2009-02-28 19:59 28,672 a------- c:\windows\system32\kdoqmn.sr
2009-02-28 19:59 32,768 a------- c:\windows\system32\odjan.wa
2009-02-28 19:59 32,768 a------- c:\windows\system32\kei1w.an
2009-02-28 19:59 77,312 a------- c:\windows\system32\rkoq.pxf
2009-02-28 19:59 28,672 a------- c:\windows\system32\doqkm.zt
2009-02-28 19:59 634 a------- c:\windows\xccwinsys.ini
2009-02-28 19:59 <DIR> --d----- c:\windows\system32\inf
2009-02-28 19:58 0 a------- c:\windows\system32\24.tmp
2009-02-28 19:58 105,984 a------- c:\windows\system32\22.tmp
2009-02-28 19:58 40 a------- c:\windows\system32\21.tmp
2009-02-28 19:14 1,163,337 a------- c:\windows\system32\odSupp_M.dll
2009-02-28 19:14 577,536 a------- c:\windows\system32\ANIWZCS2.dll
2009-02-28 19:14 212,992 a------- c:\windows\system32\wlanapi.dll
2009-02-28 19:14 192,512 a------- c:\windows\system32\aIPH.dll
2009-02-28 19:14 126,976 a------- c:\windows\system32\WlanApp.dll
2009-02-28 19:14 57,407 a------- c:\windows\system32\ANICtl.dll
2009-02-28 19:14 49,152 a------- c:\windows\system32\AQCKGen.dll
2009-02-28 19:13 36,864 a------- c:\windows\system32\ANIOApi.dll
2009-02-28 19:13 28,205 a------- c:\windows\system32\ANIO.sys
2009-02-28 19:13 16,997 a------- c:\windows\system32\ANIO.VXD
2009-02-28 19:13 11,904 a------- c:\windows\system32\anio4.sys
2009-02-28 19:13 <DIR> --d----- c:\program files\ANI
2009-02-28 19:13 <DIR> --d----- c:\program files\D-Link
2009-02-28 19:06 11,861 a------- c:\windows\system32\drivers\mdc8021x.sys
2009-02-28 19:06 651,264 a----r-- c:\windows\system32\libeay32.dll
2009-02-28 19:06 450,560 a----r-- c:\windows\system32\AegisE5.dll
2009-02-28 19:06 327,680 a----r-- c:\windows\system32\AegisE2.dll
2009-02-28 19:06 351,840 a------- c:\windows\system32\drivers\ar5211.sys
2009-02-28 19:06 351,776 a------- c:\windows\system32\drivers\ar52119x.sys
2009-02-28 19:06 114,688 a------- c:\windows\system32\athcfg10.dll
2009-02-28 19:06 <DIR> --d----- c:\program files\D-Link AirPlus Xtreme G
2009-02-28 19:06 147,456 a----r-- c:\windows\system32\ssleay32.dll
2009-02-28 18:58 3,284 a------- c:\windows\system32\ANIWZCS{0ABE1C90-A06D-4779-8815-E9AF4D902CFA}

==================== Find3M ====================

2009-03-10 22:55 90,112 a------- c:\windows\DUMP6e0b.tmp
2009-03-10 22:08 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-03-09 08:40 577,536 a------- c:\windows\system32\user32.DLL
2009-02-28 18:35 90,112 a------- c:\windows\DUMP53cd.tmp
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-10 19:52 90,112 a------- c:\windows\DUMP6cf2.tmp
2009-02-05 19:03 90,112 a------- c:\windows\DUMP74e1.tmp
2009-02-03 17:50 66,560 ----h--- c:\windows\system32\secupdat.dat
2009-02-03 17:49 15,000 a------- c:\windows\system32\_hs78k4rgf4d.dll
2009-02-03 17:13 102,912 a------- C:\wgqjqf.exe
2009-02-03 17:13 39,936 a------- C:\nwurjr.exe
2009-02-03 17:13 21,504 a------- C:\ywdhlny.exe
2009-02-03 17:13 128,306 a------- C:\irvgoan.exe
2009-02-03 17:12 72,704 a------- c:\windows\system32\dptuadva.dll
2009-02-03 17:10 327,924 a--sh--- c:\windows\system32\OruDKRqr.ini2
2009-01-28 09:10 0 a------- c:\windows\system32\drivers\fe31066c.sys
2009-01-28 09:10 0 a------- c:\windows\system32\drivers\cecce00e.sys
2009-01-27 21:52 129,024 a------- c:\windows\system32\ojlyvr.dll
2009-01-27 21:52 129,024 a------- c:\windows\system32\chmvqwmb.dll
2009-01-04 21:46 712,827 a--sh--- c:\windows\system32\JmnWxyxx.ini2
2008-12-20 14:02 410,984 a------- c:\windows\system32\deploytk.dll

============= FINISH: 22:07:57.40 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/25/2007 12:53:46 AM
System Uptime: 3/13/2009 8:55:17 PM (2 hours ago)

Motherboard: Intel Corporation | | D946GZIS
Processor: Intel® Pentium® 4 CPU 3.00GHz | LGA 775 | 2997/200mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | LGA 775 | 2997/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 100.13 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MS_PASSTHRUMP\0000
Manufacturer: Microsoft
Name: Intel® PRO/100 VE Network Connection #2 -
PNP Device ID: ROOT\MS_PASSTHRUMP\0000
Service: Passthru

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MS_PASSTHRUMP\0003
Manufacturer: Microsoft
Name: Intel® PRO/100 VE Network Connection -
PNP Device ID: ROOT\MS_PASSTHRUMP\0003
Service: Passthru

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MS_PASSTHRUMP\0004
Manufacturer: Microsoft
Name: WAN Miniport (IP) -
PNP Device ID: ROOT\MS_PASSTHRUMP\0004
Service: Passthru

==== System Restore Points ===================

RP1: 3/2/2009 8:22:11 PM - System Checkpoint
RP2: 3/6/2009 3:22:45 PM - System Checkpoint

==== Installed Programs ======================


Ad-Aware
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
AIM 6
AirPlus G
ANIO Service
ANIWZCS2 Service
AudibleManager
AutoUpdate
avast! Antivirus
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro (PlaysForSure)
Creative ZEN Vision M Series
D-Link AirPlus G Wireless LAN Adapter
D-Link AirPlus Xtreme G Adapter
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EA Download Manager
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Product Detection
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections
InterActual Player
IrfanView (remove only)
Java™ 6 Update 11
Java™ 6 Update 6
LightScribe 1.4.89.1
LimeWire 4.16.7
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Small Business
Microsoft Reader
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.0.6)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero Suite
Netflix Movie Viewer
OpenOffice.org 2.3
QuickTime
Rhapsody
Rhapsody Player Engine
Roll
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SigmaTel Audio
Songbird 1.0.0 (20081124)
SPORE™
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
The Sims 2
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VeohTV BETA
WebFldrs XP
Windows Backup Utility
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! ¤u¨ă¦C
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

3/7/2009 11:51:26 AM, error: Service Control Manager [7023] - The Browser service terminated with the following error: The system cannot find the file specified.
3/7/2009 11:51:25 AM, error: Service Control Manager [7023] - The Disk Controller service terminated with the following error: The specified module could not be found.
3/7/2009 11:51:25 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
3/7/2009 11:51:25 AM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/7/2009 11:51:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.
3/7/2009 11:51:25 AM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/7/2009 11:51:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.
3/6/2009 8:29:44 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
3/7/2009 12:20:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/7/2009 12:21:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/7/2009 12:21:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2009 12:21:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2009 12:21:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2009 12:21:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/7/2009 12:21:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec NetBT RasAcd SASDIFSV SASKUTIL Tcpip
3/8/2009 7:47:29 AM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 00119588C1C1 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
3/8/2009 9:04:32 AM, error: Service Control Manager [7034] - The mabidwe Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2009 9:04:32 AM, error: Service Control Manager [7034] - The afisicx Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2009 9:07:44 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
3/9/2009 7:35:51 AM, error: Service Control Manager [7034] - The sopidkc Service service terminated unexpectedly. It has done this 1 time(s).
3/10/2009 9:35:50 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library SanDisk Cruzer Mini USB Device.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:41 AM

Posted 14 March 2009 - 04:21 PM

Hello Katfoxx,

I'm afraid I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware on your system. In that case, it's unfortunately a lost cause - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 katfoxx

katfoxx
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 17 March 2009 - 09:11 PM

Hi,

Thanks for the assessment and assistance. I have reinstalled windows and updated drivers.

Thanks again,

Kat

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:41 AM

Posted 18 March 2009 - 02:50 AM

You're welcome, Kat

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users