Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected & unable to download Windows updates


  • This topic is locked This topic is locked
4 replies to this topic

#1 Vivek Harsora

Vivek Harsora

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:44 AM

Posted 07 June 2009 - 02:04 AM

"I'm unable to open Windows Update site". It automatically takes me to Google.
Also, when i double click C: in windows explorer, it shows some error. I have to right click (By default it shows Autorun option) then use explore option.

I have similar problem to the following topic:
http://www.bleepingcomputer.com/forums/t/199411/cannot-load-windows-update-website-download-ad-aware-updates-and-more/

I tried many tolls for removal of malware, but unable to locate it.


Please find the DDS.txt and Attach.zip


DDS.txt


DDS (Ver_09-05-14.01) - NTFSx86
Run by Vivek at 3:30:56.46 on 07/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.82 [GMT 5.5:30]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IEPro\MiniDM.exe
C:\Documents and Settings\Vivek\My Documents\My Downloads\FixQhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Vivek\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_IN&c=64&bd=presario&pf=laptop
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\windowsupdate
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.22,85.255.112.130
TCP: {8710FD29-C189-477F-BDA3-7ACD926B91AA} = 85.255.112.22,85.255.112.130
TCP: {8F97C671-67F5-4AB6-A85C-D4CC8B602709} = 85.255.112.22,85.255.112.130
TCP: {9CDA9113-672B-44C2-9905-AFF2730DEDF5} = 85.255.112.22,85.255.112.130
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vivek\applic~1\mozilla\firefox\profiles\thfiytu1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/firefox
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\vivek\application data\mozilla\firefox\profiles\thfiytu1.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-12 55640]

=============== Created Last 30 ================

2009-06-07 01:21 --d----- c:\program files\Windows Installer Clean Up
2009-06-05 23:14 --d----- c:\windows\system32\LogFiles
2009-06-04 11:18 --d----- c:\program files\JetAudio
2009-06-04 11:18 --d----- c:\program files\common files\COWON
2009-06-03 20:48 --d----- c:\docume~1\alluse~1\applic~1\GoodSync
2009-06-03 20:46 --d----- c:\program files\Siber Systems
2009-06-03 16:54 23,392 a------- c:\windows\system32\nscompat.tlb
2009-06-03 16:54 16,832 a------- c:\windows\system32\amcompat.tlb
2009-06-03 16:49 --d----- c:\program files\WMCap
2009-06-02 10:10 393 ---shr-- C:\autorun.inf
2009-06-01 20:19 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-06-01 12:25 --d----- c:\program files\uTorrent
2009-06-01 10:14 --d----- c:\docume~1\vivek\applic~1\uTorrent
2009-05-29 14:00 200,496 a------- c:\windows\system32\DBLIST32.OCX
2009-05-29 14:00 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-05-29 14:00 1,056,768 a------- c:\windows\system32\MSJET35.DLL
2009-05-29 14:00 430,080 a------- c:\windows\system32\MSREPL35.DLL
2009-05-29 14:00 368,912 a------- c:\windows\system32\VBAR332.DLL
2009-05-29 14:00 252,176 a------- c:\windows\system32\MSRD2X35.DLL
2009-05-29 14:00 123,664 a------- c:\windows\system32\MSJINT35.DLL
2009-05-29 14:00 24,848 a------- c:\windows\system32\MSJTER35.DLL
2009-05-29 14:00 --d----- c:\program files\Kundli
2009-05-29 14:00 299,520 a------- c:\windows\uninst.exe
2009-05-29 12:21 --d----- c:\program files\MetaliCal
2009-05-29 00:32 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-05-29 00:32 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-29 00:32 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-05-29 00:23 --d----- c:\program files\common files\PCSuite
2009-05-29 00:23 --d----- c:\program files\common files\Nokia
2009-05-29 00:22 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-05-29 00:22 --d----- c:\program files\PC Connectivity Solution
2009-05-29 00:20 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-29 00:20 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-29 00:20 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-05-29 00:20 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-05-29 00:20 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-05-29 00:20 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-05-28 23:58 26,112 a------- c:\windows\system32\drivers\usbser.sys
2009-05-28 23:58 26,112 a------- c:\windows\system32\dllcache\usbser.sys
2009-05-28 23:57 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-05-28 23:57 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-05-28 23:53 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-05-28 23:53 --d----- c:\program files\Nokia
2009-05-28 13:54 32,768 a--sh--- C:\Thumbs.db
2009-05-27 16:28 --d----- c:\program files\AnswerWorks 4.0
2009-05-27 16:25 --d----- c:\program files\AutoCAD 2006
2009-05-27 16:25 --d----- c:\docume~1\vivek\applic~1\Autodesk
2009-05-27 16:22 --d----- c:\program files\common files\Autodesk Shared
2009-05-27 16:22 --d----- c:\program files\Autodesk
2009-05-26 18:11 0 a------- c:\windows\system32\FOXIT_PDF
2009-05-26 00:13 6,144 a--sh--- c:\windows\Thumbs.db
2009-05-25 23:48 --d----- c:\program files\PixiePack Codec Pack
2009-05-25 23:46 26,784 a------- c:\windows\system32\drivers\tbhsd.sys
2009-05-25 23:45 --d----- c:\program files\RapidSolution
2009-05-25 23:45 --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2009-05-25 12:06 --d----- c:\program files\AnalogWhole
2009-05-25 12:06 --d----- c:\windows\Downloaded Installations
2009-05-25 11:22 --d----- c:\windows\system32\Logs
2009-05-25 11:20 --d----- c:\program files\Tunebite
2009-05-24 13:09 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-24 13:09 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-24 13:09 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-05-24 13:09 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-05-24 13:09 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-05-24 13:09 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-05-24 13:09 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-05-24 13:09 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-05-24 13:09 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-05-24 13:09 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-05-24 13:07 19,528 a------- c:\windows\system32\dllcache\w840nd.sys
2009-05-24 13:06 794,654 a------- c:\windows\system32\dllcache\usr1801.sys
2009-05-24 13:05 166,784 a------- c:\windows\system32\dllcache\tridxpm.sys
2009-05-24 13:04 17,129 a------- c:\windows\system32\dllcache\tdkcd31.sys
2009-05-24 13:03 16,896 a------- c:\windows\system32\dllcache\stcusb.sys
2009-05-24 13:02 35,913 a------- c:\windows\system32\dllcache\smcirda.sys
2009-05-24 13:01 252,032 a------- c:\windows\system32\dllcache\sis300iv.dll
2009-05-24 13:00 495,616 a------- c:\windows\system32\dllcache\sblfx.dll
2009-05-24 12:59 30,720 a------- c:\windows\system32\dllcache\rthwcls.sys
2009-05-24 12:58 363,520 a------- c:\windows\system32\dllcache\psisdecd.dll
2009-05-24 12:57 29,502 a------- c:\windows\system32\dllcache\pca200e.sys
2009-05-24 12:56 198,144 a------- c:\windows\system32\dllcache\nv3.sys
2009-05-24 12:55 33,088 a------- c:\windows\system32\dllcache\n9i128v2.sys
2009-05-24 12:54 56,832 a------- c:\windows\system32\dllcache\msdvbnp.ax
2009-05-24 12:53 727,786 a------- c:\windows\system32\dllcache\ltck000c.sys
2009-05-24 12:52 372,824 a------- c:\windows\system32\dllcache\iconf32.dll
2009-05-24 12:51 73,279 a------- c:\windows\system32\dllcache\hsf_spkp.sys
2009-05-24 12:50 89,088 a------- c:\windows\system32\dllcache\hpgt33.dll
2009-05-24 12:49 43,520 a------- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2009-05-24 12:48 19,996 a------- c:\windows\system32\dllcache\em556n4.sys
2009-05-24 12:47 21,606 a------- c:\windows\system32\dllcache\digiisdn.sys
2009-05-24 12:46 39,936 a------- c:\windows\system32\dllcache\cnxt1803.sys
2009-05-24 12:45 54,271 a------- c:\windows\system32\dllcache\bcm42xx5.sys
2009-05-23 13:42 --d----- c:\program files\AskBarDis
2009-05-21 00:43 --d----- c:\program files\Trend Micro
2009-05-21 00:11 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-21 00:10 --d----- c:\program files\SUPERAntiSpyware
2009-05-21 00:10 --d----- c:\docume~1\vivek\applic~1\SUPERAntiSpyware.com
2009-05-20 23:50 --d----- c:\program files\Spybot - Search & Destroy
2009-05-20 23:50 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-05-18 02:11 --d----- c:\program files\Zapu
2009-05-17 23:47 85,660 a------- c:\windows\system32\05ae04f8-b153-49b0-314b-4b69123bcbb3.exe
2009-05-17 23:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-17 23:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-16 13:04 --d----- c:\program files\RocketDock
2009-05-16 12:16 --d----- C:\Biz-Plan
2009-05-16 11:22 --d----- c:\documents and settings\vivek\.sbd
2009-05-15 23:36 --d----- c:\program files\Windows Live SkyDrive
2009-05-15 23:32 --d----- C:\Backup on web
2009-05-15 23:03 --d----- c:\docume~1\vivek\applic~1\EssentialPIM
2009-05-15 23:00 --d----- c:\program files\Mozilla Sunbird
2009-05-15 22:55 10,011 a------- c:\windows\ePrompter.ini
2009-05-15 22:55 --d----- c:\program files\ePrompter
2009-05-15 22:47 --d----- c:\program files\Moffsoft FreeCalc
2009-05-15 22:45 244,416 a------- c:\windows\system32\msflxgrd.ocx
2009-05-15 22:45 203,976 a------- c:\windows\system32\richtx32.ocx
2009-05-15 22:45 647,872 a------- c:\windows\system32\mscomct2.ocx
2009-05-15 22:45 140,288 a------- c:\windows\system32\comdlg32.ocx
2009-05-15 13:47 29,405 -------- c:\windows\hpoins03.dat.temp
2009-05-15 13:47 38,782 -------- c:\windows\hpomdl03.dat.temp
2009-05-15 13:45 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-05-15 13:45 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-05-15 13:45 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-05-15 13:44 --d----- c:\program files\common files\Hewlett-Packard
2009-05-15 13:42 38,782 -------- c:\windows\hpomdl03.dat
2009-05-15 13:42 29,405 -------- c:\windows\hpoins03.dat
2009-05-15 13:38 262,144 a----r-- c:\windows\system32\HPZc3212.dll
2009-05-15 13:38 565,248 a----r-- c:\windows\system32\hpotscl.dll
2009-05-15 13:38 90,112 a----r-- c:\windows\system32\hpovst08.dll
2009-05-15 13:38 274,432 a----r-- c:\windows\system32\hpgwiamd.dll
2009-05-15 13:36 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-05-15 13:36 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-05-15 13:33 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-05-15 13:33 32,128 a------- c:\windows\system32\dllcache\usbccgp.sys
2009-05-14 00:16 86,016 a------- c:\windows\system32\drivers\SCBaud.w9x
2009-05-14 00:16 --d----- c:\program files\IVT Corporation
2009-05-13 22:39 143,360 a----r-- c:\windows\apptune1020.exe
2009-05-13 22:39 --d-h--- c:\program files\Zenographics
2009-05-13 22:39 574,100 a----r-- c:\windows\system32\hp1022n.img
2009-05-13 22:39 442,368 a----r-- c:\windows\system32\ZSHP1020.EXE
2009-05-13 22:39 206,768 a----r-- c:\windows\system32\hp1022.img
2009-05-13 22:39 106,496 a----r-- c:\windows\system32\VSHP1020.DLL
2009-05-13 22:39 7,294 a----r-- c:\windows\system32\ZSHP1020.HLP
2009-05-13 22:38 128,820 a----r-- c:\windows\system32\hp1020.img
2009-05-13 22:38 102,400 a------- c:\windows\system32\ZLhp1020.dll
2009-05-13 22:38 86,016 a------- c:\windows\system32\ZSPOOL.DLL
2009-05-13 22:38 28,672 a------- c:\windows\system32\zlm.dll
2009-05-13 22:38 28,672 a------- c:\windows\system32\IMF32.DLL
2009-05-13 22:38 24,576 a------- c:\windows\system32\ZTAG32.DLL
2009-05-13 22:19 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-05-13 22:19 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2009-05-13 14:29 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 14:29 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 14:29 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-13 14:29 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-13 14:14 --d----- c:\program files\MSECACHE
2009-05-13 14:00 --d----- c:\program files\LastPass
2009-05-13 13:55 --d----- c:\docume~1\vivek\applic~1\Windows Search
2009-05-13 12:49 --d----- c:\program files\MozBackup
2009-05-13 02:04 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-05-13 02:03 --dsh--- c:\documents and settings\vivek\IECompatCache
2009-05-13 02:02 --dsh--- c:\documents and settings\vivek\PrivacIE
2009-05-13 01:59 --dsh--- c:\documents and settings\vivek\IETldCache
2009-05-13 01:47 --d----- c:\windows\system32\XPSViewer
2009-05-13 01:46 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-13 01:46 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-05-13 01:46 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-13 01:46 117,760 -------- c:\windows\system32\prntvpt.dll
2009-05-13 01:46 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-13 01:46 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-05-13 01:46 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-13 01:46 --d----- C:\ba5d321622ad61c2ac2ae0
2009-05-13 01:42 --d----- c:\windows\ie8updates
2009-05-13 01:42 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-13 01:41 -cd-h--- c:\windows\ie8
2009-05-13 01:38 --d----- c:\program files\MSXML 4.0
2009-05-13 01:25 --d----- c:\docume~1\alluse~1\applic~1\SoftSwift
2009-05-13 01:25 --d----- c:\program files\SoftSwift
2009-05-13 00:56 2,145,280 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-13 00:56 2,023,936 a------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-13 00:27 --d----- c:\windows\system32\scripting
2009-05-13 00:27 --d----- c:\windows\l2schemas
2009-05-13 00:27 --d----- c:\windows\system32\en
2009-05-13 00:27 --d----- c:\windows\system32\bits
2009-05-13 00:23 --d----- c:\windows\ServicePackFiles
2009-05-13 00:19 --d----- c:\windows\network diagnostic
2009-05-13 00:18 1,355 a------- c:\windows\imsins.BAK
2009-05-13 00:14 --d----- c:\windows\EHome
2009-05-13 00:03 --d----- c:\program files\2BrightSparks
2009-05-12 23:59 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
2009-05-12 23:54 --d----- C:\Music
2009-05-12 23:53 --d----- c:\docume~1\vivek\applic~1\COWON
2009-05-12 23:41 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-05-12 23:11 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-12 23:02 --d----- c:\windows\system32\NtmsData
2009-05-12 20:56 --d----- c:\windows\system32\GroupPolicy
2009-05-12 20:56 --d----- c:\program files\Windows Desktop Search
2009-05-12 20:54 --d----- c:\program files\WinDirStat
2009-05-12 20:53 215,872 a------- c:\windows\system32\drivers\truecrypt.sys
2009-05-12 20:53 --d----- c:\program files\TrueCrypt
2009-05-12 20:52 --d----- c:\windows\system32\Adobe
2009-05-12 20:50 --d----- c:\program files\DNA
2009-05-12 20:50 --d----- c:\program files\BitTorrent
2009-05-12 20:49 --d----- c:\program files\LimeWire
2009-05-12 20:43 78,032 a------- c:\windows\system32\gspshell.dll
2009-05-12 20:43 --d----- c:\program files\GSplit
2009-05-12 20:43 176,235 a------- c:\windows\system32\Primomonnt.dll
2009-05-12 20:43 --d----- c:\windows\PrimoPDF4
2009-05-12 20:43 --d----- c:\program files\activePDF
2009-05-12 20:37 --d----- c:\program files\IObit
2009-05-12 18:44 --d----- c:\windows\system32\PreInstall
2009-05-12 18:35 --d----- c:\windows\system32\SoftwareDistribution
2009-05-12 14:56 --d----- c:\program files\IEPro
2009-05-12 14:56 --d----- c:\program files\Glary Utilities
2009-05-12 14:45 --d----- c:\program files\Foxit Software
2009-05-12 14:44 --d----- c:\program files\TeraCopy
2009-05-12 14:32 --d----- c:\windows\SHELLNEW
2009-05-12 14:22 376 a------- c:\windows\ODBC.INI
2009-05-12 14:13 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-12 14:13 --d----- c:\program files\Avira
2009-05-12 14:13 --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-12 14:11 26,368 a------- c:\windows\system32\dllcache\usbstor.sys
2009-05-12 13:45 --d----- C:\Tally72
2009-05-12 13:45 --d----- C:\Accounts
2009-05-12 13:36 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-05-12 13:36 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-05-12 13:36 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-05-12 13:36 10,368 a------- c:\windows\system32\dllcache\hidusb.sys
2009-05-12 13:09 9,924,996,096 a------- C:\My Documents Normal backup.bkf
2009-05-10 03:15 --d----- c:\docume~1\vivek\applic~1\LimeWire

==================== Find3M ====================

2009-05-13 00:31 81,983 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-12 13:42 1,713 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Presario V3000 (RQ073PA#ACJ)_YN_0Pres_Q2CE646079W_E433343372_46_I30B2_SWistron_V61.44_BF.11_T06
0911_WXH2_L409_M503_J80_7Intel_8Celeron M 430_91.73_#061114_N80861092_(RQ073PA#ACJ)_XMOBILE_CN10_Z_2F.11.MRK
2009-03-21 19:36 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2006-12-14 05:50 22 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 3:32:16.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Vivek Harsora

Vivek Harsora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:44 AM

Posted 07 June 2009 - 03:08 PM

Panda online scan shown Viruses.... which cannot be cleaned.

Log file attached

===========

Hello

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Attached Files


Edited by Orange Blossom, 07 June 2009 - 03:12 PM.


#3 Vivek Harsora

Vivek Harsora
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:44 AM

Posted 08 June 2009 - 04:55 AM

:thumbup2: Done it !!! :)


It was really time consuming.. took almost 8 hrs. to do it.

AVG Anti-rootkit made the real job. (scanned in safe mode)
Then Spybot S&D and then Malwarebytes were unlocked and further they cleaned other stuff.
Avira also played a role in it..


All the logs attached.

Thanks to the forum topics.. :)

Attached Files

  • Attached File  Logs.zip   39.83KB   1 downloads


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:14 AM

Posted 17 June 2009 - 05:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:08:14 PM

Posted 22 June 2009 - 05:41 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
All others please read The Preparation Guide before starting your topic.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users