Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 harsiya

harsiya

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 09 August 2009 - 08:56 AM

hi, my computer has spyware infection. To remove it i have downloaded "Malware Antibytes" from this site and scanned my computer. i got many trojan spywares. i deleted all those but when i connect to internet i get those spywares again. After removing those spywares, i once got blue screen error "0x00000069", the message came "intilization failed". Then i started my computer in "last known good configuration mode". first it didn't work but afterwards it started. i scanned the computer removed all spywares but when i connect to internet all those spywares come back. i could not post this log from my computer so i am using friends computer. i have downloaded ddr software on my computer and ran it on my computer. both the reports of ddr and attach files i copied it on pen drive and using my friends computer i am posting this log.both the dds and attach files are pasted here. please help me to remove spywares from my computer. it will be a great help!


DDS (Ver_09-06-26.01) - NTFSx86
Run by Harshal Gaikwad at 14:50:46.14 on Wed 08/05/2009
Internet Explorer: 6.0.2600.0000
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.246.40 [GMT 5.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ms18_word.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Harshal Gaikwad.HARSHAL\ms18_word.exe
C:\WINDOWS\System32\svchost.exe
svchost
C:\Documents and Settings\Harshal Gaikwad.HARSHAL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {002792b2-47e9-4eba-8d46-257b3ca06d0a} - No File
BHO: {0032a128-6098-44bd-b344-f2a16e26d63a} - No File
BHO: {004f2564-47e9-4eba-8d46-257b3ca06d0a} - No File
BHO: {00654250-6098-44bd-b344-f2a16e26d63a} - No File
BHO: {009e4ac9-47e9-4eba-8d46-257b3ca06d0a} - No File
BHO: {00ca84a0-6098-44bd-b344-f2a16e26d63a} - No File
BHO: {00fea089-bf83-4855-9f45-9c66d17dc60b} - No File
BHO: {01950940-6098-44bd-b344-f2a16e26d63a} - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: &Google: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\documents and settings\harshal gaikwad.harshal\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Harshal Gaikwad] c:\documents and settings\harshal gaikwad.harshal\Harshal Gaikwad.HARSHAL.exe /i
uRun: [ms18_word] c:\documents and settings\harshal gaikwad.harshal\ms18_word.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [{3e826afb-e9d0-d66a-87cb-d862033f59c4}] c:\windows\system32\rundll32.exe "c:\windows\system32\{42bbb84e-be80-48ff-845e-09fcdf5418df}.dll" DllStart
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ms18_word] c:\windows\system32\ms18_word.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\documents and settings\harshal gaikwad.harshal\start menu\programs\startup\necsys32.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 yxgbwskt;yxgbwskt;c:\windows\system32\drivers\yxgbwskt.sys [2001-8-23 23424]
S3 cirrus;cirrus;c:\windows\system32\drivers\cirrus.sys [2009-3-8 45696]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

=============== Created Last 30 ================

2009-07-25 17:13 61,440 a------- c:\windows\system32\drivers\eilwnu.sys
2009-07-19 19:18 25,000 a------- c:\windows\system32\ms18_word.exe
2009-07-19 19:18 25,000 a------- c:\documents and settings\harshal gaikwad.harshal\ms18_word.exe
2009-07-19 19:10 <DIR> --d----- c:\docume~1\harsha~1.har\applic~1\Malwarebytes
2009-07-19 18:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 18:39 18,456 a------- c:\windows\system32\drivers\mbam.sys
2009-07-19 18:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 18:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-19 14:12 91 a------- c:\windows\wininit.ini
2009-07-07 19:57 102,400 a------- c:\windows\system32\drivers\a28c14c7.sys

==================== Find3M ====================

2008-06-08 14:43 2,456 ac------ c:\program files\racing.inf
2007-12-07 21:32 12,754,672 ac------ c:\program files\MP10Setup.exe
2005-12-02 14:18 2,057 ac------ c:\program files\Uninst.isu
2001-02-08 16:36 749,568 ac------ c:\program files\racing.exe
2001-01-26 07:32 20,923,560 ac------ c:\program files\mr.dat
2000-12-12 23:05 151,552 ac------ c:\program files\voodoo.vd
2000-12-12 23:05 176,128 ac------ c:\program files\d3d.vd
2000-11-28 02:20 536,943 ac------ c:\program files\MENUFX.DAT
2000-03-29 16:28 54,684 ac------ c:\program files\mr.cnf

============= FINISH: 14:51:08.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 20 August 2009 - 03:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 harsiya

harsiya
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 23 August 2009 - 11:22 AM

hi, thanx for time taken to help. i have formatted my system and cleaned all "C" drive contents, where my operating system was. i also updated to windows xp service pack 2. my friend gave me antivirus software to scan called "Bit Defender total security 2009". i scanned the system but it did not remove the threats completely. It showed message that "some threats are uncleaned because they were in archive or package and cannot take any action". Their location was in "E" drive. Before formatting i had backed up some files from c drive to e drive. after formatting e drive is not changed its still as it was before. Is it possible that these spywares must be in e drive now. i dont know. please help. also suggest me some free good antivirus and antispyware softwares. dds logs are pasted. thanx.




DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 9:05:25.42 on Sun 08/23/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.246.41 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -kbdx
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\pmhajhbrov.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WordPerfect Office 1215] c:\program files\wordperfect office 12\programs\Registration.exe /title="WordPerfect Office 12" /date=090609 serial=WS12WTX-9999998-UYR lang=EN
mRun: [Program Access Service] pmhajhbrov.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /Get1noarp
mRunServices: [Program Access Service] pmhajhbrov.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250966868122
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-7-2 82568]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-8-14 102208]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 FXDRV;FXDRV;\??\f:\fxdrv.sys --> f:\Fxdrv.sys [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2009-8-22 14336]
S3 PCIUtil;PCI Utility;c:\docume~1\admini~1\locals~1\temp\PCIUtil.sys [2009-8-22 4608]

=============== Created Last 30 ================

2009-08-23 07:18 385 a------- c:\windows\system32\user_gensett.xml
2009-08-23 07:12 <DIR> --d----- c:\windows\system32\logs
2009-08-23 07:12 <DIR> --d----- c:\docume~1\admini~1\applic~1\BitDefender
2009-08-23 07:12 <DIR> --d----- c:\program files\BitDefender
2009-08-23 07:12 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\BitDefender
2009-08-23 07:10 <DIR> --d----- c:\windows\system32\URTTemp
2009-08-23 07:09 <DIR> --d----- c:\program files\common files\BitDefender
2009-08-23 06:36 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-08-23 06:34 <DIR> --dsh--- C:\found.000
2009-08-23 06:25 96,768 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-08-23 06:21 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-23 06:18 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-08-23 06:17 19,528 a------- c:\windows\002425_.tmp
2009-08-23 06:17 15,872 a------- c:\windows\system32\spupdsvc.exe
2009-08-23 06:14 <DIR> --d----- c:\windows\EHome
2009-08-22 23:54 69 a------- c:\windows\NeroDigital.ini
2009-08-22 22:51 543 a------- c:\windows\system32\mapisvc.inf
2009-08-22 22:50 <DIR> --d----- c:\program files\common files\Borland Shared
2009-08-22 22:50 <DIR> --d----- c:\windows\ShellNew
2009-08-22 22:50 <DIR> --d----- c:\program files\WordPerfect Office 12
2009-08-22 22:50 <DIR> --d----- c:\program files\common files\Corel
2009-08-22 22:43 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-22 22:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\Symantec
2009-08-22 22:41 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Symantec
2009-08-22 22:33 <DIR> --d----- c:\windows\Cache
2009-08-22 22:20 74,496 a------- c:\windows\system32\drivers\Rtlnicxp.sys
2009-08-22 22:20 <DIR> --d----- c:\windows\OPTIONS
2009-08-22 22:19 6,400 a------- c:\windows\system32\drivers\splitter.sys
2009-08-22 22:19 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-08-22 22:19 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-08-22 22:19 54,272 ac------ c:\windows\system32\dllcache\swmidi.sys
2009-08-22 22:19 54,272 a------- c:\windows\system32\drivers\swmidi.sys
2009-08-22 22:19 142,464 a------- c:\windows\system32\drivers\aec.sys
2009-08-22 22:19 171,776 a------- c:\windows\system32\drivers\kmixer.sys
2009-08-22 22:19 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-08-22 22:19 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-08-22 22:18 145,792 a------- c:\windows\system32\drivers\portcls.sys
2009-08-22 22:18 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-08-22 22:18 23,552 a------- c:\windows\system32\wdmaud.drv
2009-08-22 22:18 30,208 a------- c:\windows\system32\wdmioctl.dll
2009-08-22 22:18 1,285,632 a------- c:\windows\system32\SMMedia.dll
2009-08-22 22:18 765,952 a------- c:\windows\system\crlds3d.dll
2009-08-22 22:18 65,536 a------- c:\windows\system32\Audio3d.dll
2009-08-22 22:18 <DIR> --d----- c:\windows\VirtualEar
2009-08-22 22:18 991,232 a------- c:\windows\system32\virtear.dll
2009-08-22 22:18 49,152 a------- c:\windows\system32\DSndUp.exe
2009-08-22 22:18 45,056 a------- c:\windows\system32\CleanUp.exe
2009-08-22 22:06 135,168 a----r-- c:\windows\system32\igfxres.dll
2009-08-22 22:02 61,440 a----r-- c:\windows\system32\iAlmCoIn_v4308.dll
2009-08-22 22:02 114,688 a------- c:\windows\system32\igfxpers.exe
2009-08-22 22:02 1,503,232 a------- c:\windows\system32\igfxress.dll
2009-08-22 22:02 94,208 a------- c:\windows\system32\igfxtray.exe
2009-08-22 22:02 77,824 a------- c:\windows\system32\hkcmd.exe
2009-08-22 22:02 882,298 a------- c:\windows\system32\ialmdd5.dll
2009-08-22 22:02 73,728 a------- c:\windows\system32\hccutils.dll
2009-08-22 22:02 57,344 a------- c:\windows\system32\igfxsrvc.dll
2009-08-22 22:02 197,498 a------- c:\windows\system32\ialmdev5.dll
2009-08-22 22:02 120,955 a------- c:\windows\system32\ialmdnt5.dll
2009-08-22 22:02 38,014 a------- c:\windows\system32\ialmrnt5.dll
2009-08-22 21:56 142,976 a------- c:\windows\system32\drivers\usbport.sys
2009-08-22 21:56 74,240 a------- c:\windows\system32\usbui.dll
2009-08-22 21:56 57,600 a------- c:\windows\system32\drivers\usbhub.sys
2009-08-22 21:56 20,480 a------- c:\windows\system32\drivers\usbuhci.sys
2009-08-22 21:55 3,328 ac------ c:\windows\system32\dllcache\pciide.sys
2009-08-22 21:55 25,088 a------- c:\windows\system32\drivers\pciidex.sys
2009-08-22 21:55 3,328 a------- c:\windows\system32\drivers\pciide.sys
2009-08-22 21:55 95,360 a------- c:\windows\system32\drivers\atapi.sys
2009-08-22 21:55 35,840 ac------ c:\windows\system32\dllcache\isapnp.sys
2009-08-22 21:55 35,840 a------- c:\windows\system32\drivers\isapnp.sys
2009-08-22 21:55 68,224 a------- c:\windows\system32\drivers\pci.sys
2009-08-22 21:55 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-22 21:51 55,396 -------- c:\windows\NuNinst.cfg
2009-08-22 21:51 2,019,328 -------- c:\windows\NuNinst.exe
2009-08-22 21:51 92,672 -------- c:\windows\system32\drivers\InCDfs.sys
2009-08-22 21:51 28,672 -------- c:\windows\system32\drivers\InCDpass.sys
2009-08-22 21:51 7,680 -------- c:\windows\system32\drivers\InCDrec.sys
2009-08-22 21:50 <DIR> --d----- c:\windows\InCD
2009-08-22 21:48 <DIR> --d----- c:\windows\RegisteredPackages
2009-08-22 21:43 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-08-22 21:43 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-08-22 21:43 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-08-22 21:43 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-08-22 21:43 364,544 -------- c:\windows\system32\TwnLib4.dll
2009-08-22 21:43 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-08-22 21:43 38,912 -------- c:\windows\system32\picn20.dll
2009-08-22 21:42 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-08-22 21:23 <DIR> --dsh--- c:\windows\Installer
2009-08-22 21:22 <DIR> --d----- c:\documents and settings\Administrator
2009-08-22 21:22 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-22 21:20 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-08-22 21:20 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-08-22 21:20 73,728 ac------ c:\windows\system32\dllcache\w3ext.dll
2009-08-22 21:20 48,256 ac------ c:\windows\system32\dllcache\w32.dll
2009-08-22 21:20 9,216 ac------ c:\windows\system32\dllcache\wamps51.dll
2009-08-22 21:20 5,632 ac------ c:\windows\system32\dllcache\w3svapi.dll
2009-08-22 21:20 4,608 ac------ c:\windows\system32\dllcache\w3ctrs51.dll
2009-08-22 21:18 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
2009-08-22 21:17 23,392 a------- c:\windows\system32\nscompat.tlb
2009-08-22 21:17 16,832 a------- c:\windows\system32\amcompat.tlb
2009-08-22 21:17 299,552 a------- c:\windows\WMSysPrx.prx
2009-08-22 21:17 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-08-22 21:17 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-08-22 21:17 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-22 21:17 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-08-22 21:17 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-08-22 14:05 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-08-22 11:47 <DIR> --ds---- c:\documents and settings\administrator\UserData
2009-08-12 02:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-08-23 06:27 80,007 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-22 21:16 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-22 14:01 0 a------- c:\windows\system32\drivers\$$TEMP$$.~~~
2008-06-08 02:13 2,456 ac------ c:\program files\racing.inf
2007-12-07 09:02 12,754,672 ac------ c:\program files\MP10Setup.exe
2005-12-02 01:48 2,057 ac------ c:\program files\Uninst.isu
2001-02-08 04:06 749,568 ac------ c:\program files\racing.exe
2001-01-25 19:02 20,923,560 ac------ c:\program files\mr.dat
2000-12-12 10:35 151,552 ac------ c:\program files\voodoo.vd
2000-12-12 10:35 176,128 ac------ c:\program files\d3d.vd
2000-11-27 13:50 536,943 ac------ c:\program files\MENUFX.DAT
2000-03-29 03:58 54,684 ac------ c:\program files\mr.cnf
2001-08-23 05:00 123,904 ---sh--- c:\windows\system32\pmhajhbrov.exe

============= FINISH: 9:06:05.53 ===============

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:35 PM

Posted 26 August 2009 - 07:28 PM

Hello harsiya,

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Your AntiVirus appears to be outdated, if this is the case, please uninstall it and install one of these free AV programs.
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Next

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following:
  • MBAM log
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#5 harsiya

harsiya
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 31 August 2009 - 03:39 AM

hi Syler, thanx for helping. As u told i am pasting three reports. All three reports cannot come in single reply text box, so i am sending two replies.

Malwarebytes' Anti-Malware 1.40
Database version: 2718
Windows 5.1.2600 Service Pack 2

8/30/2009 9:17:55 AM
mbam-log-2009-08-30 (09-17-55).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 187881
Time elapsed: 44 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Harshal Gaikwad.HARSHAL\Start Menu\Programs\Startup\necsys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\a28c14c7.sys.vir (Rootkit.Rustock) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B36720EB-D77B-4626-B551-94A07137EF97}\RP21\A0005095.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

#6 harsiya

harsiya
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 31 August 2009 - 04:14 AM

Hi syler, i am not able to post OTL and extra report. Because it has long size. I dont know what to do. How will i post these reports.

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:35 PM

Posted 01 September 2009 - 07:50 PM

Im sorry harsiya I did not see your reply to this.

As for the OTL logs, you can split them up and use several posts or you can attach them.

unite.jpg


#8 harsiya

harsiya
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 05 September 2009 - 08:21 AM

i am sorry but i tried to post OTL and extra report several times. i even tried to increase the size of text box and post reply but it always give me error stating "your post was too long, please reduce the size". i tried to send it in two and three parts but still its not accepting. I dont what is the maximum words this text box takes. Please suggest me how can i post the reports or is there any other way i can send u these reports.

thanx

Edited by harsiya, 05 September 2009 - 08:24 AM.


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:35 PM

Posted 05 September 2009 - 02:58 PM

Hi harsiya,

Did you try attaching the logs? If you can't attach them please upload them to me.

Please go to the Malware Upload Channel and upload the following file.
  • Please enter the link to the topic in the text box next to: Link to topic where this file was requested:
  • Then click "Browse" on the line below and navigate to the OTL reports and sumbmit them one at a time
  • In the comment section, please make a note that I asked you to upload the file here: Syler
  • Click Send File
Please let me know when the submission has finished. Thanks.

unite.jpg


#10 harsiya

harsiya
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 07 September 2009 - 07:19 AM

Hi Syler,

I have placed both the OTL and extra reports in the section where u asked me to.

Thanks.

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:35 PM

Posted 07 September 2009 - 09:27 PM

IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.



You have an illegal copy of Bitdefender installed, you need to uninstall it then install a new Anti Virus.

[2009/08/23 07:03:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\BitDefender Total Security 2009 +Serials+Patch[H33T]-MasterUploader

  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Then post back here with a new DDS log.

unite.jpg


#12 harsiya

harsiya
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 09 September 2009 - 05:02 AM

Hi syler. Here are the DDS and attach files.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 15:37:00.79 on Wed 09/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.246.61 [GMT 5.5:30]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: avast! antivirus 4.8.1351 [VPS 090908-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Program Access Service] pmhajhbrov.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunServices: [Program Access Service] pmhajhbrov.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250966868122
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-31 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-31 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-31 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-31 352920]
S3 FXDRV;FXDRV;\??\f:\fxdrv.sys --> f:\Fxdrv.sys [?]
S3 PCIUtil;PCI Utility;c:\docume~1\admini~1\locals~1\temp\PCIUtil.sys [2009-8-23 4608]

=============== Created Last 30 ================

2009-08-30 22:42 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-30 22:41 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-30 22:31 81,984 a------- c:\windows\system32\bdod.bin
2009-08-30 21:51 121 a------- c:\windows\bdagent.INI
2009-08-30 21:14 228,672 a------- c:\windows\system32\drivers\bdfsfltr.sys.bak
2009-08-30 21:14 102,208 a------- c:\windows\system32\drivers\bdfndisf.sys.bak
2009-08-30 21:14 108,864 a------- c:\windows\system32\drivers\bdfm.sys.bak
2009-08-30 21:14 82,568 a------- c:\windows\system32\drivers\BDVEDISK.sys.bak
2009-08-30 20:43 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 20:43 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-08-30 20:43 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-08-30 20:43 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-29 23:13 445 a------- c:\windows\EntPack.dat
2009-08-29 21:17 583 a------- c:\windows\SYMGAMES.INI
2009-08-29 21:11 343 a------- c:\windows\ENTPACK.INI
2009-08-28 17:13 850 a------- c:\windows\system32\ProductTweaks.xml
2009-08-23 19:48 385 a------- c:\windows\system32\user_gensett.xml
2009-08-23 19:42 <DIR> --d----- c:\windows\system32\logs
2009-08-23 19:42 <DIR> --d----- c:\program files\BitDefender
2009-08-23 19:40 <DIR> --d----- c:\windows\system32\URTTemp
2009-08-23 19:39 <DIR> --d----- c:\program files\common files\BitDefender
2009-08-23 19:06 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-08-23 19:04 <DIR> --dsh--- C:\found.000
2009-08-23 18:55 96,768 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-08-23 18:51 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-23 18:48 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-08-23 18:47 19,528 a------- c:\windows\002425_.tmp
2009-08-23 18:47 15,872 a------- c:\windows\system32\spupdsvc.exe
2009-08-23 18:44 <DIR> --d----- c:\windows\EHome
2009-08-23 12:24 69 a------- c:\windows\NeroDigital.ini
2009-08-23 11:21 543 a------- c:\windows\system32\mapisvc.inf
2009-08-23 11:20 <DIR> --d----- c:\program files\common files\Borland Shared
2009-08-23 11:20 <DIR> --d----- c:\windows\ShellNew
2009-08-23 11:20 <DIR> --d----- c:\program files\WordPerfect Office 12
2009-08-23 11:20 <DIR> --d----- c:\program files\common files\Corel
2009-08-23 11:13 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-23 11:12 <DIR> --d----- c:\docume~1\admini~1\applic~1\Symantec
2009-08-23 11:11 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Symantec
2009-08-23 11:03 <DIR> --d----- c:\windows\Cache
2009-08-23 10:50 74,496 a------- c:\windows\system32\drivers\Rtlnicxp.sys
2009-08-23 10:50 <DIR> --d----- c:\windows\OPTIONS
2009-08-23 10:49 6,400 a------- c:\windows\system32\drivers\splitter.sys
2009-08-23 10:49 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-08-23 10:49 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-08-23 10:49 54,272 ac------ c:\windows\system32\dllcache\swmidi.sys
2009-08-23 10:49 54,272 a------- c:\windows\system32\drivers\swmidi.sys
2009-08-23 10:49 142,464 a------- c:\windows\system32\drivers\aec.sys
2009-08-23 10:49 171,776 a------- c:\windows\system32\drivers\kmixer.sys
2009-08-23 10:49 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-08-23 10:49 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-08-23 10:48 145,792 a------- c:\windows\system32\drivers\portcls.sys
2009-08-23 10:48 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-08-23 10:48 23,552 a------- c:\windows\system32\wdmaud.drv
2009-08-23 10:48 30,208 a------- c:\windows\system32\wdmioctl.dll
2009-08-23 10:48 1,285,632 a------- c:\windows\system32\SMMedia.dll
2009-08-23 10:48 765,952 a------- c:\windows\system\crlds3d.dll
2009-08-23 10:48 65,536 a------- c:\windows\system32\Audio3d.dll
2009-08-23 10:48 <DIR> --d----- c:\windows\VirtualEar
2009-08-23 10:48 991,232 a------- c:\windows\system32\virtear.dll
2009-08-23 10:48 49,152 a------- c:\windows\system32\DSndUp.exe
2009-08-23 10:48 45,056 a------- c:\windows\system32\CleanUp.exe
2009-08-23 10:36 135,168 a----r-- c:\windows\system32\igfxres.dll
2009-08-23 10:32 61,440 a----r-- c:\windows\system32\iAlmCoIn_v4308.dll
2009-08-23 10:32 114,688 a------- c:\windows\system32\igfxpers.exe
2009-08-23 10:32 1,503,232 a------- c:\windows\system32\igfxress.dll
2009-08-23 10:32 94,208 a------- c:\windows\system32\igfxtray.exe
2009-08-23 10:32 77,824 a------- c:\windows\system32\hkcmd.exe
2009-08-23 10:32 882,298 a------- c:\windows\system32\ialmdd5.dll
2009-08-23 10:32 73,728 a------- c:\windows\system32\hccutils.dll
2009-08-23 10:32 57,344 a------- c:\windows\system32\igfxsrvc.dll
2009-08-23 10:32 197,498 a------- c:\windows\system32\ialmdev5.dll
2009-08-23 10:32 120,955 a------- c:\windows\system32\ialmdnt5.dll
2009-08-23 10:32 38,014 a------- c:\windows\system32\ialmrnt5.dll
2009-08-23 10:26 142,976 a------- c:\windows\system32\drivers\usbport.sys
2009-08-23 10:26 74,240 a------- c:\windows\system32\usbui.dll
2009-08-23 10:26 57,600 a------- c:\windows\system32\drivers\usbhub.sys
2009-08-23 10:26 20,480 a------- c:\windows\system32\drivers\usbuhci.sys
2009-08-23 10:25 3,328 ac------ c:\windows\system32\dllcache\pciide.sys
2009-08-23 10:25 25,088 a------- c:\windows\system32\drivers\pciidex.sys
2009-08-23 10:25 3,328 a------- c:\windows\system32\drivers\pciide.sys
2009-08-23 10:25 95,360 a------- c:\windows\system32\drivers\atapi.sys
2009-08-23 10:25 35,840 ac------ c:\windows\system32\dllcache\isapnp.sys
2009-08-23 10:25 35,840 a------- c:\windows\system32\drivers\isapnp.sys
2009-08-23 10:25 68,224 a------- c:\windows\system32\drivers\pci.sys
2009-08-23 10:25 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-23 10:21 55,396 -------- c:\windows\NuNinst.cfg
2009-08-23 10:21 2,019,328 -------- c:\windows\NuNinst.exe
2009-08-23 10:21 92,672 -------- c:\windows\system32\drivers\InCDfs.sys
2009-08-23 10:21 28,672 -------- c:\windows\system32\drivers\InCDpass.sys
2009-08-23 10:21 7,680 -------- c:\windows\system32\drivers\InCDrec.sys
2009-08-23 10:20 <DIR> --d----- c:\windows\InCD
2009-08-23 10:18 <DIR> --d----- c:\windows\RegisteredPackages
2009-08-23 10:13 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-08-23 10:13 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-08-23 10:13 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-08-23 10:13 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-08-23 10:13 364,544 -------- c:\windows\system32\TwnLib4.dll
2009-08-23 10:13 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-08-23 10:13 38,912 -------- c:\windows\system32\picn20.dll
2009-08-23 10:12 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-08-23 09:53 <DIR> --dsh--- c:\windows\Installer
2009-08-23 09:52 <DIR> --d----- c:\documents and settings\Administrator
2009-08-23 09:52 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-23 09:50 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-08-23 09:50 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-08-23 09:50 73,728 ac------ c:\windows\system32\dllcache\w3ext.dll
2009-08-23 09:50 48,256 ac------ c:\windows\system32\dllcache\w32.dll
2009-08-23 09:50 9,216 ac------ c:\windows\system32\dllcache\wamps51.dll
2009-08-23 09:50 5,632 ac------ c:\windows\system32\dllcache\w3svapi.dll
2009-08-23 09:50 4,608 ac------ c:\windows\system32\dllcache\w3ctrs51.dll
2009-08-23 09:48 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
2009-08-23 09:47 23,392 a------- c:\windows\system32\nscompat.tlb
2009-08-23 09:47 16,832 a------- c:\windows\system32\amcompat.tlb
2009-08-23 09:47 299,552 a------- c:\windows\WMSysPrx.prx
2009-08-23 09:47 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-08-23 09:47 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-08-23 09:47 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-23 09:47 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-08-23 09:47 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-08-23 02:35 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-08-23 00:17 <DIR> --ds---- c:\documents and settings\administrator\UserData
2009-08-12 14:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-08-23 18:57 80,007 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-23 09:46 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-23 02:31 0 a------- c:\windows\system32\drivers\$$TEMP$$.~~~
2008-06-08 14:43 2,456 ac------ c:\program files\racing.inf
2007-12-07 21:32 12,754,672 ac------ c:\program files\MP10Setup.exe
2005-12-02 14:18 2,057 ac------ c:\program files\Uninst.isu
2001-02-08 16:36 749,568 ac------ c:\program files\racing.exe
2001-01-26 07:32 20,923,560 ac------ c:\program files\mr.dat
2000-12-12 23:05 151,552 ac------ c:\program files\voodoo.vd
2000-12-12 23:05 176,128 ac------ c:\program files\d3d.vd
2000-11-28 02:20 536,943 ac------ c:\program files\MENUFX.DAT
2000-03-29 16:28 54,684 ac------ c:\program files\mr.cnf

============= FINISH: 15:37:16.12 ===============

Attached Files



#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:35 PM

Posted 09 September 2009 - 08:38 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\WINDOWS\system32\pmhajhbrov.exe
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Program Access Service"=
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Program Access Service"=-
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
Next

You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should
keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack
your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.

Next

Update Adobe reader
  • Click Start > Control Panel > Add/Remove Programs
  • Remove any older versions of Adobe Reader.
  • Click here to download the latest version of Adobe Acrobat Reader.
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Next

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Then please post back here with the following:
  • OTL results
  • ESET report
  • New DDS log
Thanks

unite.jpg


#14 harsiya

harsiya
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 13 September 2009 - 09:41 AM

Hi,
In OTL scan i did the things the way u instructed, but when i press OK button to reboot the computer does not shut down itself. I waited for 5-6 minutes but it won't shut down, so finally i switched off the power and switched on again. This happened twice. When switched on the computer asks to run OTL application. I did not ran it. It gave the below report which i am pasting here. Also for ESET online scan, it did not show any threats. No report was generated so i am not pasting anything for it. I am pasting the DDS and ATTACH files. Thanx.
So this is OTL report

All processes killed
========== FILES ==========
File\Folder C:\WINDOWS\system32\pmhajhbrov.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Program Access Service"| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\Program Access Service not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 829609 bytes

User: All Users

User: All Users.WINDOWS

User: ASHVINI
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HARRY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Harshal Gaikwad

User: Harshal Gaikwad.HARSHAL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
File delete failed. C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_494.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.90 mb


OTL by OldTimer - Version 3.0.10.7 log created on 09132009_194839

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_494.dat not found!

Registry entries deleted on Reboot...

------------------
This is DDS report.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 19:17:46.34 on Sun 09/13/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.246.40 [GMT 5.5:30]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Program Access Service] pmhajhbrov.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunServices: [Program Access Service] pmhajhbrov.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250966868122
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-31 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-31 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-31 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-31 352920]
S3 FXDRV;FXDRV;\??\f:\fxdrv.sys --> f:\Fxdrv.sys [?]
S3 PCIUtil;PCI Utility;c:\docume~1\admini~1\locals~1\temp\PCIUtil.sys [2009-8-23 4608]

=============== Created Last 30 ================

2009-09-13 15:42 <DIR> --d----- c:\program files\ESET
2009-08-30 22:42 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-30 22:41 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-30 22:31 81,984 a------- c:\windows\system32\bdod.bin
2009-08-30 21:51 121 a------- c:\windows\bdagent.INI
2009-08-30 21:14 228,672 a------- c:\windows\system32\drivers\bdfsfltr.sys.bak
2009-08-30 21:14 102,208 a------- c:\windows\system32\drivers\bdfndisf.sys.bak
2009-08-30 21:14 108,864 a------- c:\windows\system32\drivers\bdfm.sys.bak
2009-08-30 21:14 82,568 a------- c:\windows\system32\drivers\BDVEDISK.sys.bak
2009-08-30 20:43 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 20:43 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-08-30 20:43 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-08-30 20:43 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-29 23:13 445 a------- c:\windows\EntPack.dat
2009-08-29 21:17 583 a------- c:\windows\SYMGAMES.INI
2009-08-29 21:11 343 a------- c:\windows\ENTPACK.INI
2009-08-28 17:13 850 a------- c:\windows\system32\ProductTweaks.xml
2009-08-23 19:48 385 a------- c:\windows\system32\user_gensett.xml
2009-08-23 19:42 <DIR> --d----- c:\windows\system32\logs
2009-08-23 19:42 <DIR> --d----- c:\program files\BitDefender
2009-08-23 19:40 <DIR> --d----- c:\windows\system32\URTTemp
2009-08-23 19:39 <DIR> --d----- c:\program files\common files\BitDefender
2009-08-23 19:06 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-08-23 19:04 <DIR> --dsh--- C:\found.000
2009-08-23 18:55 96,768 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-08-23 18:51 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-23 18:48 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-08-23 18:47 19,528 a------- c:\windows\002425_.tmp
2009-08-23 18:47 15,872 a------- c:\windows\system32\spupdsvc.exe
2009-08-23 18:44 <DIR> --d----- c:\windows\EHome
2009-08-23 12:24 69 a------- c:\windows\NeroDigital.ini
2009-08-23 11:21 543 a------- c:\windows\system32\mapisvc.inf
2009-08-23 11:20 <DIR> --d----- c:\program files\common files\Borland Shared
2009-08-23 11:20 <DIR> --d----- c:\windows\ShellNew
2009-08-23 11:20 <DIR> --d----- c:\program files\WordPerfect Office 12
2009-08-23 11:20 <DIR> --d----- c:\program files\common files\Corel
2009-08-23 11:13 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-23 11:12 <DIR> --d----- c:\docume~1\admini~1\applic~1\Symantec
2009-08-23 11:11 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Symantec
2009-08-23 11:03 <DIR> --d----- c:\windows\Cache
2009-08-23 10:50 74,496 a------- c:\windows\system32\drivers\Rtlnicxp.sys
2009-08-23 10:50 <DIR> --d----- c:\windows\OPTIONS
2009-08-23 10:49 6,400 a------- c:\windows\system32\drivers\splitter.sys
2009-08-23 10:49 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-08-23 10:49 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-08-23 10:49 54,272 ac------ c:\windows\system32\dllcache\swmidi.sys
2009-08-23 10:49 54,272 a------- c:\windows\system32\drivers\swmidi.sys
2009-08-23 10:49 142,464 a------- c:\windows\system32\drivers\aec.sys
2009-08-23 10:49 171,776 a------- c:\windows\system32\drivers\kmixer.sys
2009-08-23 10:49 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-08-23 10:49 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-08-23 10:48 145,792 a------- c:\windows\system32\drivers\portcls.sys
2009-08-23 10:48 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-08-23 10:48 23,552 a------- c:\windows\system32\wdmaud.drv
2009-08-23 10:48 30,208 a------- c:\windows\system32\wdmioctl.dll
2009-08-23 10:48 1,285,632 a------- c:\windows\system32\SMMedia.dll
2009-08-23 10:48 765,952 a------- c:\windows\system\crlds3d.dll
2009-08-23 10:48 65,536 a------- c:\windows\system32\Audio3d.dll
2009-08-23 10:48 <DIR> --d----- c:\windows\VirtualEar
2009-08-23 10:48 991,232 a------- c:\windows\system32\virtear.dll
2009-08-23 10:48 49,152 a------- c:\windows\system32\DSndUp.exe
2009-08-23 10:48 45,056 a------- c:\windows\system32\CleanUp.exe
2009-08-23 10:36 135,168 a----r-- c:\windows\system32\igfxres.dll
2009-08-23 10:32 61,440 a----r-- c:\windows\system32\iAlmCoIn_v4308.dll
2009-08-23 10:32 114,688 a------- c:\windows\system32\igfxpers.exe
2009-08-23 10:32 1,503,232 a------- c:\windows\system32\igfxress.dll
2009-08-23 10:32 94,208 a------- c:\windows\system32\igfxtray.exe
2009-08-23 10:32 77,824 a------- c:\windows\system32\hkcmd.exe
2009-08-23 10:32 882,298 a------- c:\windows\system32\ialmdd5.dll
2009-08-23 10:32 73,728 a------- c:\windows\system32\hccutils.dll
2009-08-23 10:32 57,344 a------- c:\windows\system32\igfxsrvc.dll
2009-08-23 10:32 197,498 a------- c:\windows\system32\ialmdev5.dll
2009-08-23 10:32 120,955 a------- c:\windows\system32\ialmdnt5.dll
2009-08-23 10:32 38,014 a------- c:\windows\system32\ialmrnt5.dll
2009-08-23 10:26 142,976 a------- c:\windows\system32\drivers\usbport.sys
2009-08-23 10:26 74,240 a------- c:\windows\system32\usbui.dll
2009-08-23 10:26 57,600 a------- c:\windows\system32\drivers\usbhub.sys
2009-08-23 10:26 20,480 a------- c:\windows\system32\drivers\usbuhci.sys
2009-08-23 10:25 3,328 ac------ c:\windows\system32\dllcache\pciide.sys
2009-08-23 10:25 25,088 a------- c:\windows\system32\drivers\pciidex.sys
2009-08-23 10:25 3,328 a------- c:\windows\system32\drivers\pciide.sys
2009-08-23 10:25 95,360 a------- c:\windows\system32\drivers\atapi.sys
2009-08-23 10:25 35,840 ac------ c:\windows\system32\dllcache\isapnp.sys
2009-08-23 10:25 35,840 a------- c:\windows\system32\drivers\isapnp.sys
2009-08-23 10:25 68,224 a------- c:\windows\system32\drivers\pci.sys
2009-08-23 10:25 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-23 10:21 55,396 -------- c:\windows\NuNinst.cfg
2009-08-23 10:21 2,019,328 -------- c:\windows\NuNinst.exe
2009-08-23 10:21 92,672 -------- c:\windows\system32\drivers\InCDfs.sys
2009-08-23 10:21 28,672 -------- c:\windows\system32\drivers\InCDpass.sys
2009-08-23 10:21 7,680 -------- c:\windows\system32\drivers\InCDrec.sys
2009-08-23 10:20 <DIR> --d----- c:\windows\InCD
2009-08-23 10:18 <DIR> --d----- c:\windows\RegisteredPackages
2009-08-23 10:13 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-08-23 10:13 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-08-23 10:13 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-08-23 10:13 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-08-23 10:13 364,544 -------- c:\windows\system32\TwnLib4.dll
2009-08-23 10:13 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-08-23 10:13 38,912 -------- c:\windows\system32\picn20.dll
2009-08-23 10:12 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-08-23 09:53 <DIR> --dsh--- c:\windows\Installer
2009-08-23 09:52 <DIR> --d----- c:\documents and settings\Administrator
2009-08-23 09:52 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-23 09:50 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-08-23 09:50 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-08-23 09:50 73,728 ac------ c:\windows\system32\dllcache\w3ext.dll
2009-08-23 09:50 48,256 ac------ c:\windows\system32\dllcache\w32.dll
2009-08-23 09:50 9,216 ac------ c:\windows\system32\dllcache\wamps51.dll
2009-08-23 09:50 5,632 ac------ c:\windows\system32\dllcache\w3svapi.dll
2009-08-23 09:50 4,608 ac------ c:\windows\system32\dllcache\w3ctrs51.dll
2009-08-23 09:48 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
2009-08-23 09:47 23,392 a------- c:\windows\system32\nscompat.tlb
2009-08-23 09:47 16,832 a------- c:\windows\system32\amcompat.tlb
2009-08-23 09:47 299,552 a------- c:\windows\WMSysPrx.prx
2009-08-23 09:47 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-08-23 09:47 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-08-23 09:47 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-23 09:47 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-08-23 09:47 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-08-23 02:35 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-08-23 00:17 <DIR> --ds---- c:\documents and settings\administrator\UserData

==================== Find3M ====================

2009-08-23 18:57 80,007 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-23 09:46 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-23 02:31 0 a------- c:\windows\system32\drivers\$$TEMP$$.~~~
2008-06-08 14:43 2,456 ac------ c:\program files\racing.inf
2007-12-07 21:32 12,754,672 ac------ c:\program files\MP10Setup.exe
2005-12-02 14:18 2,057 ac------ c:\program files\Uninst.isu
2001-02-08 16:36 749,568 ac------ c:\program files\racing.exe
2001-01-26 07:32 20,923,560 ac------ c:\program files\mr.dat
2000-12-12 23:05 151,552 ac------ c:\program files\voodoo.vd
2000-12-12 23:05 176,128 ac------ c:\program files\d3d.vd
2000-11-28 02:20 536,943 ac------ c:\program files\MENUFX.DAT
2000-03-29 16:28 54,684 ac------ c:\program files\mr.cnf

============= FINISH: 19:18:08.29 ===============

Attached Files



#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:35 PM

Posted 13 September 2009 - 09:51 PM

Is their a reason why you have not updated your sevice pack and Adobe? please do so and run this OTL script.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Program Access Service"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Program Access Service"=-
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
Next

You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should
keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack
your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.

Next

Update Adobe reader
  • Click Start > Control Panel > Add/Remove Programs
  • Remove any older versions of Adobe Reader.
  • Click here to download the latest version of Adobe Acrobat Reader.
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Then post a new DDS log.

Edited by syler, 13 September 2009 - 10:50 PM.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users