Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Keylogger


  • This topic is locked This topic is locked
2 replies to this topic

#1 sparkymike

sparkymike

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 22 March 2009 - 05:08 PM

Help! My screen is all black and various browser windows open with adds for spyware/malware removers. I can't open Task manager, which warns me that it has been disabled by the Administrator. I can't log on as Administrator ( I have never done this before, so I don't have a password. The trojan keeps opening several instances of Internet Explorer and Firefox, and also the "My Documents" folder. My anti-spyware, anti-virus (Zone Alarm)will not open all the way, and the last scans I was able to run found no infection. Ad-Aware keeps finding and deleting malware, but it seems to have no effect. I enabled my wife's Mac to receive my e-mail because I am afraid to leave this machine online.

I forgot to add the DDS text file, here it is


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 14:46:11.89 on Sun 03/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2323 [GMT -7:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:WINDOWSsystem32userinit.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
svchost.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesMediafourMacDrive 7MacDriveService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32MrobeService.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:WINDOWSsystem32PSIService.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSsystem32Tablet.exe
C:WINDOWSsystem32WTabletTabUserW.exe
C:WINDOWSsystem32Tablet.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program Filesdvd43dvd43_tray.exe
C:WINDOWSsystem32dllhost.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
svchost.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMediafourMacDrive 7MacDrive.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSSystem32reader_s.exe
C:Program FilesOperaOpera.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9HA.EXE
C:WINDOWSsystem32frmwrk32.exe
C:WINDOWSsystem32ntdll64.exe
C:Program FilesInternet Download ManagerIDMan.exe
C:Documents and SettingsOwnerreader_s.exe
C:Program FilesInternet Download ManagerIEMonitor.exe
C:Program FilesMaxtorOneTouch Statusmaxmenumgr.exe
C:DOCUME~1OwnerLOCALS~1Temp1553012694.exe
C:Program FilesStartup Fastersfagent.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsOwnerDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:program filestorrentmantbTorr.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:program filesinternet download managerIDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:progra~1micros~2office12GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogletoolbar3.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:program filesmoyeaflv downloaderMoyeaCth.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier3.1.807.1746swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: {eda29b8b-a0a9-4499-9297-85b8bdd975f5} - c:windowssystem32tegowujo.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar3.dll
TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:program filestorrentmantbTorr.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: MasterCook Bar: {c92041c1-6d22-4069-ba0e-66246aa752b0} - c:windowssystem32shdocvw.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Diagnostic Manager] c:docume~1ownerlocals~1temp1553012694.exe
uRun: [reader_s] c:documents and settingsownerreader_s.exe
mRun: [StartupFaster] "c:program filesstartup fasterstartuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
mRun: [Ctudu] rundll32.exe "c:windowsekodogod.dll",e
mRun: [Wbuzuqikuwa] rundll32.exe "c:windowsFsadafekutegef.dll",e
mRun: [gazayabeni] Rundll32.exe "c:windowssystem32yolagubu.dll",s
mRun: [CPM2f215260] Rundll32.exe "c:windowssystem32ropofotu.dll",a
mRun: [reader_s] c:windowssystem32reader_s.exe
StartupFolder: c:documents and settingsownerstart menuprogramsstartupstartupfasterStartupFaster.ini
StartupFolder: c:docume~1alluse~1startm~1programsstartupstartu~1adobeg~1.lnk - c:program filescommon filesadobecalibrationAdobe Gamma Loader.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupstartu~1aliass~1.lnk - m:program filesaliasalias sketchbook pro 2.0AliasSketchSnap.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupstartu~1macname.lnk - c:program filesmacopenerMacName.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupstartu~1regist~1.lnk - m:program filesonone softwaremask pro 4.1<FILE_REGISTRATION_APP>
StartupFolder: c:documents and settingsall usersstart menuprogramsstartupstartupfasterStartupFaster.ini
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &AOL Toolbar search -
IE: Download All Links with IDM - c:program filesinternet download managerIEGetAll.htm
IE: Download FLV video content with IDM - c:program filesinternet download managerIEGetVL.htm
IE: Download with IDM - c:program filesinternet download managerIEExt.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: Get Flash by &Arty Flash Ripper - c:program filessoftdiggerflashripperIEMenu.htm
IE: MasterCook: Select Image - c:program filesmastercook 8webMCIEContext.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0} - c:windowssystem32shdocvw.dll
LSP: c:docume~1ownerlocals~1tempntdll64.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} - hxxp://media.labs.live.com/all/ps/_code_/Photosynth.cab
DPF: {8ACDC08B-DC64-4613-97F2-299B65F66E1D} - hxxp://www.digimeld.com/download/digimeldOcx.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:program filescommon filesmicrosoft sharedweb foldersPKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:progra~1micros~2office12GR99D3~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:windowssystem32NavLogon.dll
AppInit_DLLs: c:windowssystem32wmfhotfix.dll c:progra~1googlegoogle~4goec62~1.dll c:windowssystem32mupilofo.dll c:windowssystem32ropofotu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32ropofotu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:windowssystem32ropofotu.dll
SEH: {a5780613-492e-4a2a-a7fd-549610edf6cc} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:progra~1micros~2office12GRA8E1~1.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Notification Packages = scecli c:windowssystem32mupilofo.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1ownerapplic~1mozillafirefoxprofilesgovrsp1p.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:documents and settingsownerapplication dataidmidmmzcc2componentsidmmzcc.dll
FF - component: c:documents and settingsownerapplication datamozillafirefoxprofilesgovrsp1p.defaultextensions{463f6ca5-ee3c-4be1-b7e6-7fee11953374}platformwinntcomponentsFoxyTunes.dll
FF - component: c:documents and settingsownerapplication datamozillafirefoxprofilesgovrsp1p.defaultextensions{7c5c0f58-e061-457d-9033-77307f5ed00c}componentsFFAlert.dll
FF - component: c:documents and settingsownerapplication datamozillafirefoxprofilesgovrsp1p.defaultextensions{fcab6fdd-5585-425b-95c1-5ed856f3fd08}componentsnsCatcher.dll
FF - component: c:documents and settingsownerapplication datamozillafirefoxprofilesgovrsp1p.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll
FF - component: c:program filesmozilla firefoxcomponentsGoogleDesktopMozilla.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdjvu.dll
FF - plugin: c:program filesmozilla firefoxpluginsnppsynth.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpunagi2.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll
FF - plugin: c:windowssystem32photosynthnppsynth.dll
FF - HiddenExtension: XUL Cache: {C9FAA085-63BC-4384-AEF5-6938537FC5F0} - c:documents and settingsownerlocal settingsapplication data{C9FAA085-63BC-4384-AEF5-6938537FC5F0}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2009-2-7 64160]
R0 MDFSYSNT;MacDrive file system driver;c:windowssystem32driversMDFSYSNT.SYS [2007-9-5 277888]
R0 MDPMGRNT;MDPMGRNT;c:windowssystem32driversMDPMGRNT.sys [2007-2-28 19072]
R1 vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2005-6-30 353672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareAAWService.exe [2009-1-18 951632]
R2 MacDriveService;MacDriveService;c:program filesmediafourmacdrive 7MacDriveService.exe [2007-5-1 143360]
R2 Maxtor Sync Service;Maxtor Service;c:program filesmaxtorsyncSyncServices.exe [2007-9-28 156976]
R2 SVKP;SVKP;c:windowssystem32SVKP.sys [2005-9-11 2368]
R2 ubsbm;Unibrain 1394 SBM Driver;c:windowssystem32driversUBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:windowssystem32driversUBUMAPI.sys [2005-7-27 36352]
R3 ubohci;Unibrain 1394 OHCI Driver;c:windowssystem32driversubohci.sys [2005-7-27 77056]
R3 ubsbp2;Unibrain SBP2 Bus Driver;c:windowssystem32driversubsbp2.sys [2005-7-27 33664]
S2 FCF;FCF;c:windowssystem32svchost.exe:exe.exe []
S2 navapsvc;Norton AntiVirus Auto-Protect Service; [x]
S2 vsmon;TrueVector Internet Monitor;c:windowssystem32zonelabsvsmon.exe -service --> c:windowssystem32zonelabsvsmon.exe -service [?]
S2 zmyefu;zmyefu;c:windowssystem32svchost.exe -k netsvcs [2004-10-27 14336]
S3 hsparrow;hsparrow;c:docume~1ownerlocals~1temphsparrow.sys [2008-1-11 17920]
S3 NAVAP;NAVAP; [x]
S3 PacketNTx;Packet helper driver;c:windowssystem32driversPacketNTx.sys [2005-7-21 24544]
S3 restore;restore;c:windowssystem32driversrestore.sys [2009-3-21 6656]

=============== Created Last 30 ================

2009-03-22 13:30 23,339 a------- c:windowssystem32AAWService_2009_03_22_13_30_42.dmp
2009-03-22 11:24 24,551 a------- c:windowssystem32AAWService_2009_03_22_11_24_05.dmp
2009-03-22 06:15 2,713 ---sh--- c:windowssystem32lifeheje.exe
2009-03-21 21:27 6,656 a------- c:windowssystem32driversrestore.sys
2009-03-21 21:25 24,551 a------- c:windowssystem32AAWService_2009_03_21_21_25_58.dmp
2009-03-21 21:20 <DIR> --d----- c:program filesKaspersky Lab
2009-03-21 21:05 <DIR> --d----- c:docume~1alluse~1applic~1Kaspersky Lab Setup Files
2009-03-21 17:48 22,652 a------- c:windowssystem32AAWService_2009_03_21_17_48_11.dmp
2009-03-21 17:08 446 a------- c:windowssystem32win32hlp.cnf
2009-03-21 13:26 104,960 a------- c:windowssystem32ntdll64.exe
2009-03-21 12:56 104,960 ac------ c:windowssystem32dllcacheuserinit.exe
2009-03-21 12:47 1,101 a------- c:windowssystem32ahtn.htm
2009-03-21 12:29 136,704 a------- c:windowsekodogod.dll
2009-03-21 12:16 33,280 a------- c:program filesbreinjk.dll
2009-03-21 12:15 94,572 a------- c:windowssystem32drivers6785cca2.sys
2009-03-21 12:15 4,785 a------- c:windowssystem32warning.gif
2009-03-21 12:15 182,656 ac------ c:windowssystem32dllcachendis.sys
2009-03-21 12:15 1 a------- c:windowssystem32uniq.tll
2009-03-21 12:15 124,416 a------- C:pvnncaoo.exe
2009-03-21 12:15 29,696 a------- c:windowssystem32frmwrk32.exe
2009-03-21 12:15 29,696 a------- C:qvmkk.exe
2009-03-21 12:15 2 a------- C:739402067
2009-03-21 12:15 8,704 a------- C:gosfrwtt.exe
2009-03-21 12:15 30,208 a------- c:windowssystem32reader_s.exe
2009-03-21 12:15 30,208 a------- c:documents and settingsownerreader_s.exe
2009-03-21 12:15 41,984 a------- c:windowsFsadafekutegef.dll
2009-03-21 12:15 10,240 a------- C:stjr.exe
2009-03-21 12:14 41,984 a------- C:qurdchd.exe
2009-03-21 00:29 30,002 a------- c:windowssystem32AAWService_2009_03_21_00_29_04.dmp
2009-03-20 16:47 10,240 a------- c:windowsinstsp2.exe

==================== Find3M ====================

2009-03-21 20:49 4,212 a---h--- c:windowssystem32zllictbl.dat
2009-03-21 18:03 135,680 a------- c:windowssystem32taskmgr.exe
2009-03-21 12:56 104,960 a------- c:windowssystem32userinit.exe
2009-03-21 12:15 182,656 a------- c:windowssystem32driversndis.sys
2009-03-21 12:15 14,336 a------- c:windowssystem32svchost.exe
2009-03-21 12:14 109,056 a--sh--- c:windowssystem32ropofotu.dll
2009-03-21 12:14 98,816 a--sh--- c:windowssystem32gaduvoma.dll
2009-03-20 16:47 109,056 a--sh--- c:windowssystem32zabeyeyu.dll.vir
2009-03-20 16:47 100,864 a--sh--- c:windowssystem32bijebasi.dll
2009-03-20 05:45 70,144 a------- c:windowssystem32~.exe
2009-03-07 13:05 15,688 a------- c:windowssystem32lsdelete.exe
2009-03-07 12:57 64,160 a------- c:windowssystem32driversLbd.sys
2009-02-15 23:10 72,584 a------- c:windowszllsputility.exe
2009-02-15 23:10 1,221,512 a------- c:windowssystem32zpeng25.dll
2009-02-15 09:39 36,352 a------- c:windowssystem32ljJBttQk.dll
2009-02-09 04:13 1,846,784 a------- c:windowssystem32win32k.sys
2009-01-22 07:49 206,256 a------- c:windowssystem32idmmbc.dll
2008-03-26 13:17 81,920 a------- c:docume~1ownerapplic~1ezpinst.exe
2008-03-26 13:17 47,360 a------- c:docume~1ownerapplic~1pcouffin.sys
2007-05-30 04:34 200 a------- c:docume~1ownerapplic~1wklnhst.dat
2004-06-13 17:04 626,688 a------- c:program filescommon filesPowerButton.ocx
2003-03-20 13:21 409,600 a------- c:program filescommon filesactivelock1884.ocx
1999-07-06 17:00 6 ---shr-- c:windows@@desktop.dat
2005-06-29 19:28 0 a--sh--- c:windowssminstHPCD.sys
2006-12-17 10:07 88 ---shr-- c:windowssystem3282EDF78D82.sys
2007-12-26 04:15 168 ---shr-- c:windowssystem3297A0BF9FAF.sys
2007-12-26 04:15 9,082 a--sh--- c:windowssystem32KGyGaAvL.sys
0000-00-00 00:00 70,144 a--sh--- c:windowssystem32mifejefa.dll
0000-00-00 00:00 70,144 a--sh--- c:windowssystem32mupilofo.dll.vir
0000-00-00 00:00 70,144 a--sh--- c:windowssystem32najagasu.dll
0000-00-00 00:00 70,144 a--sh--- c:windowssystem32pinezuhi.dll
0000-00-00 00:00 70,144 a--sh--- c:windowssystem32tegowujo.dll
0000-00-00 00:00 70,144 a--sh--- c:windowssystem32yolagubu.dll
2008-07-28 15:47 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008072820080729index.dat

============= FINISH: 14:47:13.29 ===============

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 27 March 2009 - 06:00 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:24 AM

Posted 29 March 2009 - 01:37 PM

Hello sparkymike,

I am afraid I have some have some bad news for you.

Your System is infected with Virut!! :thumbup2:
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, an expert  for malware removal, and an MS-MVP, additionally has a blog post about Virut.

I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc..
Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows
:

http://web.mit.edu/ist/products/winxp/adva...all-format.html
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:24 AM

Posted 11 April 2009 - 09:53 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users