Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wwshow, ssodl and other worms/malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Flappie

Flappie

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 19 May 2009 - 12:35 AM

This morning I got all these popups, and I noticed jurevewa and kasituva dlls running. I ran Prevx 3, but halfway through my pc decided to reset itself. The program then found about 19 infections, after which it reset again. Now I can't use the program because it can't connect to the internet. I ran the DDS program by copying it to the pc using the network.

Anyway, here's the log, hopefully someone can help me out:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Flappie at 15:05:42.04 on Tue 19/05/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1338 [GMT 10:00]

AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Prevx\prevx.exe
E:\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
E:\Norton SystemWorks\Norton Antivirus\navapsvc.exe
E:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
E:\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
E:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDll32.exe
E:\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\reader_s.exe
C:\windows\ld08.exe
E:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Flappie\Application Data\ptidle\ptidle.exe
C:\Documents and Settings\Flappie\Application Data\Twain\Twain.exe
C:\Documents and Settings\Flappie\Application Data\digifast\digifast.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Flappie\Application Data\Microsoft\Windows\frogqn.exe
C:\Documents and Settings\Flappie\reader_s.exe
H:\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\All Users\Documents\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bigpond.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
BHO: {3e621b49-4326-466a-9e8c-0054525784aa} - c:\windows\system32\lakutufo.dll
BHO: c:\windows\system32\tya7hfd873f.dll: {a6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\tya7hfd873f.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - e:\norton systemworks\norton antivirus\NavShExt.dll
TB: Developer Toolbar: {cc962137-2e78-4f94-975e-fc0c07dbd78f} - c:\program files\internet explorer developer toolbar\IEDevToolbar.dll
EB: &Onderzoekscentrum: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\reference 2001\EROProj.dll
EB: IE DOM Explorer: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\internet explorer developer toolbar\IEDevToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools] "e:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Skype] "e:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [prnet] "c:\windows\system32\prnet.tmp"
uRun: [ptidle] "c:\documents and settings\flappie\application data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [Twain] c:\documents and settings\flappie\application data\twain\Twain.exe
uRun: [net] "c:\windows\system32\net.net"
uRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,_IWMPEvents@16
uRun: [DigiFast] c:\documents and settings\flappie\application data\digifast\digifast.exe
uRun: [GssL8HVBVOE6v] c:\documents and settings\flappie\application data\microsoft\windows\frogqn.exe
uRun: [reader_s] c:\documents and settings\flappie\reader_s.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "e:\java\jre1.6.0\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [VGAUtil] c:\program files\gigabyte\vga utility manager\G-VGA.exe
mRun: [PCSuiteTrayApplication] e:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [prnet] "c:\windows\system32\prnet.tmp"
mRun: [net] "c:\windows\system32\net.net"
mRun: [80b56458] rundll32.exe "c:\windows\system32\jurevewa.dll",b
mRun: [bakivodimo] Rundll32.exe "c:\windows\system32\yutununu.dll",s
mRun: [CPM838657c4] Rundll32.exe "c:\windows\system32\kasituva.dll",a
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [sysldtray] c:\windows\ld08.exe
dRun: [Nokia.PCSync] e:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [autochk] rundll32.exe c:\windows\system32\config\system~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\documents and settings\flappie\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\flappie\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - h:\apache group\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - e:\office\micros~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - e:\java\jre1.6.0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\office\micros~1\office11\REFIEBAR.DLL
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\reference 2001\EROProj.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120572062296
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - hxxp://exent.planet.nl/AoDSite/classes/ExentCtl.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222173884246
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab31267.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
Handler: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - c:\program files\common files\microsoft shared\reference 2001\MSREF.DLL
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\reference 2001\msero.dll
Handler: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - c:\program files\common files\microsoft shared\reference 2001\MSREF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kasituva.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\kasituva.dll
STS: c:\windows\system32\tya7hfd873f.dll: {a6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\tya7hfd873f.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - e:\progra~1\dvdreg~1\DVDShell.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\lofuwogi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\flappie\applic~1\mozilla\firefox\profiles\e3itc2mh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - component: c:\documents and settings\flappie\application data\mozilla\firefox\profiles\e3itc2mh.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\flappie\application data\mozilla\firefox\profiles\e3itc2mh.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\flappie\application data\mozilla\firefox\profiles\e3itc2mh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\mozilla firefox\components\dfff.dll
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: e:\java\jre1.6.0\bin\npdeploytk.dll
FF - plugin: e:\java\jre1.6.0\bin\npjava11.dll
FF - plugin: e:\java\jre1.6.0\bin\npjava12.dll
FF - plugin: e:\java\jre1.6.0\bin\npjava13.dll
FF - plugin: e:\java\jre1.6.0\bin\npjava14.dll
FF - plugin: e:\java\jre1.6.0\bin\npjava32.dll
FF - plugin: e:\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: e:\java\jre1.6.0\bin\npoji610.dll
FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-4-16 26112]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-5-19 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-5-19 27656]
R1 GhPciScan;GhostPciScanner;e:\norton systemworks\norton ghost\GhPciScan.sys [2003-5-29 5632]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-24 81688]
R1 SAVRTPEL;SAVRTPEL;e:\norton systemworks\norton antivirus\SAVRTPEL.SYS [2003-8-7 37000]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 aawservice;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-8-22 235152]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-5-19 4368952]
R2 navapsvc;Norton AntiVirus Auto-Protect;e:\norton systemworks\norton antivirus\navapsvc.exe [2003-8-29 159344]
R2 NProtectService;Norton Unerase Protection;e:\norton~1\norton~2\NPROTECT.EXE [2003-9-16 106496]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2006-4-8 1287296]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2007-2-26 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2007-2-26 19039]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060705.018\NAVENG.Sys [2006-7-6 77864]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060705.018\NavEx15.Sys [2006-7-6 799208]
R3 SAVRT;SAVRT;e:\norton systemworks\norton antivirus\SAVRT.SYS [2003-8-7 305288]
R3 SAVScan;SAVScan;e:\norton systemworks\norton antivirus\SAVSCAN.EXE [2003-8-28 194272]
S2 FCI;FCI;c:\windows\system32\svchost.exe:ext.exe []
S2 gupdate1c9a43e6985446;Google Update Service (gupdate1c9a43e6985446);c:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-8-22 255632]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2008-8-30 87696]
S3 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;e:\macromedia\coldfusion\runtime\bin\jrunsvc.exe [2006-11-11 61440]
S3 ColdFusion MX 7 ODBC Agent;ColdFusion MX 7 ODBC Agent;e:\macromedia\coldfusion\db\slserver54\bin\swagent.exe "coldfusion mx 7 odbc agent" --> e:\macromedia\coldfusion\db\slserver54\bin\swagent.exe ColdFusion MX 7 ODBC Agent [?]
S3 ColdFusion MX 7 ODBC Server;ColdFusion MX 7 ODBC Server;e:\macromedia\coldfusion\db\slserver54\bin\swstrtr.exe "coldfusion mx 7 odbc server" --> e:\macromedia\coldfusion\db\slserver54\bin\swstrtr.exe ColdFusion MX 7 ODBC Server [?]
S3 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;e:\macromedia\coldfusion\verity\k2\_nti40\bin\k2admin.exe [2006-11-11 2732608]
S3 EnumChip;EnumChip;\??\d:\driver\gart\enumchip.sys --> d:\driver\gart\EnumChip.sys [?]
S3 JBoss;JBoss;e:\jboss\bin\jbossservice.exe --> e:\jboss\bin\JBossService.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2002-10-22 32528]
S3 OracleServiceXE;OracleServiceXE;e:\oracle\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> e:\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S3 OracleXETNSListener;OracleXETNSListener;e:\oracle\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
S3 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-25 66784]
S4 Attcacc;Attcacc; [x]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;e:\oracle\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> e:\oracle\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]

=============== Created Last 30 ================

2009-05-19 14:28 60,416 a------- c:\windows\system32\23C6.tmp
2009-05-19 14:28 40 a------- c:\windows\system32\23C4.tmp
2009-05-19 13:57 28,672 a------- c:\windows\system32\lmn_setup.exe
2009-05-19 13:09 38,912 a------- C:\wjcl.exe
2009-05-19 13:08 42,496 a------- C:\vfmf.exe
2009-05-19 13:08 31,232 a------- C:\ueksxwdu.exe
2009-05-19 13:07 53,248 a------- C:\rcojgr.exe
2009-05-19 13:07 67,584 a------- C:\ajdrms.exe
2009-05-19 13:06 36,352 a------- c:\windows\system32\rqRJYpmn.dll
2009-05-19 13:06 <DIR> --d----- c:\windows\system32\790151
2009-05-19 13:05 0 a------- c:\windows\system32\11.tmp
2009-05-19 13:05 40 a------- c:\windows\system32\F.tmp
2009-05-19 13:05 97,740 a------- c:\windows\system32\drivers\b7735bfe.sys
2009-05-19 13:05 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-05-19 13:04 36,352 a------- c:\windows\system32\yaywwUmk.dll
2009-05-19 13:04 36,352 a------- c:\windows\system32\opnklkjH.dll
2009-05-19 12:59 37,888 a------- c:\windows\system32\drivers\gxvxcserv.sys
2009-05-19 12:59 97,740 a------- c:\windows\system32\drivers\7271662.sys
2009-05-19 12:59 60,929 a------- c:\documents and settings\flappie\reader_s.exe
2009-05-19 12:59 60,929 a------- c:\windows\system32\reader_s.exe
2009-05-19 12:59 38,912 ----h--- c:\windows\ld08.exe
2009-05-19 12:58 42,496 a------- C:\mytk.exe
2009-05-19 12:58 441 ---shr-- C:\autorun.inf
2009-05-19 12:58 2 a------- C:\-2135595785
2009-05-19 12:58 30,720 a------- C:\oyar.exe
2009-05-19 12:58 15,000 a------- c:\windows\system32\tya7hfd873f.dll
2009-05-19 12:58 36,352 a------- c:\windows\system32\yaywtQGX.dll
2009-05-19 12:58 36,352 a------- c:\windows\system32\nnnnLcyy.dll
2009-05-19 12:44 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-05-19 12:44 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-05-19 12:44 <DIR> --d----- c:\program files\Prevx
2009-05-19 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-05-19 12:10 88,576 a---h--- c:\docume~1\flappie\applic~1\rbap550.dll
2009-05-19 12:10 29,184 a---h--- c:\docume~1\flappie\applic~1\RBInternetEncodings550.dll
2009-05-19 11:47 <DIR> --d----- c:\docume~1\flappie\applic~1\digifast
2009-05-19 11:47 23,552 a--sh--- c:\documents and settings\flappie\protect.dll
2009-05-19 11:47 23,552 a--sh--- c:\windows\system32\autochk.dll
2009-05-19 11:46 110,662 a------- c:\windows\system32\net.net
2009-05-19 11:42 <DIR> --d----- c:\docume~1\flappie\applic~1\Twain
2009-05-19 11:37 <DIR> --d----- c:\program files\WWShow
2009-05-19 11:37 1,428,723 ---sh--- c:\windows\system32\aweveruj.ini
2009-05-19 11:32 <DIR> --d----- c:\program files\Jcore
2009-05-19 11:32 <DIR> --d----- c:\docume~1\flappie\applic~1\ptidle
2009-05-19 11:32 165,376 a------- c:\windows\system32\prnet.tmp
2009-05-02 13:51 <DIR> --d----- c:\docume~1\flappie\applic~1\NASA
2009-04-20 21:13 <DIR> --d----- c:\documents and settings\flappie\Tracing
2009-04-20 21:11 <DIR> --d----- c:\program files\Microsoft
2009-04-20 21:11 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-20 21:05 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-05-19 14:54 5,112 a------- c:\windows\GPCIDrv.sys
2009-05-19 14:54 19,039 a------- c:\windows\system32\drivers\GVTDrv.sys
2009-05-19 13:08 14,336 a------- c:\windows\system32\svchost.exe
2009-05-19 13:05 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-05-19 11:37 81,920 a--sh--- c:\windows\system32\kasituva.dll
2009-05-19 11:37 78,848 a--sh--- c:\windows\system32\jurevewa.dll
2009-03-07 00:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 10:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-21 04:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-19 11:32 48,640 a--sh--- c:\windows\system32\yutununu.dll
2009-02-19 11:32 48,640 a--sh--- c:\windows\system32\lofuwogi.dll
2009-02-19 11:32 48,640 a--sh--- c:\windows\system32\lakutufo.dll
2007-12-23 08:05 64,512 a---h--- c:\docume~1\flappie\applic~1\rbap450.dll
2007-12-23 08:05 1,360,384 a---h--- c:\docume~1\flappie\applic~1\V4RB.dll
2004-10-01 23:00 61,440 a------- c:\program files\Uninstall_CDS.exe
2004-07-30 08:56 118,120 a------- c:\program files\common files\PCSBclean.exe
2004-07-26 14:30 315,904 a------- c:\program files\common files\PCSBoff.exe

============= FINISH: 15:07:35.21 ===============

BC AdBot (Login to Remove)

 


#2 Flappie

Flappie
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 21 May 2009 - 07:50 AM

Right...

After some more checking I found that my pc is actually infected by Win32:Virut and JunkPoly.

No other option than a format and re-install I'm guessing.


This thread can now be ignored. My apologies for cluttering.

Edited by Flappie, 21 May 2009 - 07:51 AM.


#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:34 PM

Posted 21 May 2009 - 10:37 AM

Sorry to hear that.
But a format and re-install is the best option.

Good luck.

This thread is closed.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users