Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with APTEMP


  • This topic is locked This topic is locked
2 replies to this topic

#1 RohitG

RohitG

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 10 August 2009 - 06:42 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rohit at 5:00:35.43 on Tue 08/11/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.474 [GMT 5.5:30]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
D:\Program Files\Microsoft Office\Office\OSA.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\VMware\VMware Server\vmware-authd.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS\system32\vmnat.exe
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\Program Files\VMware\VMware Server\vmserverdWin32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Rohit\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ccApp] "d:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [COMODO Internet Security] "d:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: d:\docume~1\rohit\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: d:\docume~1\rohit\startm~1\programs\startup\office~1.lnk - d:\program files\microsoft office\office\OSA.EXE
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {BDF831D2-E535-4F53-A974-0885586E507A} = 218.248.240.23,218.248.240.135
Notify: NavLogon - d:\windows\system32\NavLogon.dll
AppInit_DLLs: d:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\rohit\applic~1\mozilla\firefox\profiles\389f14fz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;d:\windows\system32\drivers\cmdguard.sys [2008-12-30 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [2008-12-30 25160]
R1 SAVRT;SAVRT;d:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;d:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ccEvtMgr;Symantec Event Manager;d:\program files\common files\symantec shared\ccEvtMgr.exe [2005-10-4 185968]
R2 ccSetMgr;Symantec Settings Manager;d:\program files\common files\symantec shared\ccSetMgr.exe [2005-10-4 177776]
R2 cmdAgent;COMODO Internet Security Helper Service;d:\program files\comodo\comodo internet security\cmdagent.exe [2008-12-30 707152]
R2 Symantec AntiVirus;Symantec AntiVirus;d:\program files\symantec antivirus\Rtvscan.exe [2005-11-15 1756912]
R2 vmserverdWin32;VMware Registration Service;d:\program files\vmware\vmware server\vmserverdWin32.exe [2008-10-30 1650782]
R2 YahooAUService;Yahoo! Updater;d:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-10 101936]
R3 NAVENG;NAVENG;d:\progra~1\common~1\symant~1\virusd~1\20090810.003\naveng.sys [2009-8-11 87888]
R3 NAVEX15;NAVEX15;d:\progra~1\common~1\symant~1\virusd~1\20090810.003\navex15.sys [2009-8-11 875728]
S3 ccPwdSvc;Symantec Password Validation;d:\program files\common files\symantec shared\ccPwdSvc.exe [2005-10-4 83568]
S3 SavRoam;SAVRoam;d:\program files\symantec antivirus\SavRoam.exe [2005-11-15 169200]
S3 VBoxNetFlt;VBoxNetFlt Service;d:\windows\system32\drivers\vboxnetflt.sys --> d:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;d:\windows\system32\drivers\zteusbser.sys [2009-4-11 99328]
S4 app_filter;app_filter;d:\program files\nvidia corporation\networkaccessmanager\bin\nSvcAppFlt.exe [2004-11-20 139264]

=============== Created Last 30 ================

2009-08-11 04:30 <DIR> --d----- d:\program files\Trend Micro
2009-07-17 05:01 <DIR> --d----- d:\docume~1\rohit\applic~1\Flickr
2009-07-17 04:59 <DIR> --d----- d:\program files\Flickr Uploadr

==================== Find3M ====================

2009-07-19 04:42 179,792 a------- d:\windows\system32\guard32.dll
2009-07-19 04:42 25,160 a------- d:\windows\system32\drivers\cmdhlp.sys
2009-07-19 04:42 132,040 a------- d:\windows\system32\drivers\cmdguard.sys
2009-03-13 20:49 3,452 a--sh--- d:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-03-13 20:49 88 ---shr-- d:\docume~1\alluse~1\applic~1\BAF97FE9F1.sys

============= FINISH: 5:01:00.98 ===============
Attached File  Attach.txt   9.64KB   18 downloads

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:58 PM

Posted 22 August 2009 - 09:45 AM

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh DDS logs back here :thumbup2:
Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:58 PM

Posted 30 August 2009 - 11:36 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users