Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan virus (nudetube.com porntube.com youporn.com) created in desktop


  • This topic is locked This topic is locked
2 replies to this topic

#1 SomeOneHackedMe

SomeOneHackedMe

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 18 October 2009 - 07:11 AM

Hi, i think my computer is infected by a virus recently.

my comp: Windows XP Home

On the 16th of october i visited a filesharing site which led to this disaster. so I restarted my computer then i realised my computer was slower then usual. i thought it was nothing so i was looking 4 a walkthrough 4 a game from gamespot then when i minimised my internet (firefox) i saw 3 short cuts to nudetube.com porntube.com youporn.com so i right click them then target to find where they were coming from and they were in some internet folder but there were no file related to it and when i check it was actualy a linked to their actual sites. when i checked the internet folder i was viewing hidden files to just incase it was hidden n there was nothing out of the ordinary. then i used avg to remove this things and after the scan it found other virus so i deleted them then 1 hour later it spread and the shortcuts (nudetube.com porntube.com youporn.com) came back and some of my files were deleted because of avg then i installed Malwarebytes' Anti-Malware and scan my coomputer deleted everything that was there and my computer was fine for about an hour. So i installed the programs that were missing files again so it overwrites it and doesnt deleted any save fiels. then they came back again (i had all these programs b4 i visited the site and worked fine) so i installed Spybot - Search & Destroy and deleted everything and that worked out fine. then i restarted my computer and my computer stuffed up. the blue screen always appear. The blue screens that i have encountered are:
STOP 0x0000000A (0xB2CFA780, 0x00000002, 0x00000000, 0x80505A34)
STOP 0x0000000A (0xADB2A080, 0x00000002, 0x00000000, 0x80505A39)
STOP 0x0000000A (0xB2CFA780, 0x00000002, 0x00000000, 0x80505AC4)
STOP 0x000000c5 (dind't write it down)
STOP 0x00000024

Also everyday pop ups of .tmp error has increased frequently, the ones that popped up so far are:
12.tmp
5D.tmp
3.tmp
5.tmp
6D.tmp
84.tmp
64.tmp
(cant remember anymore)

Things i have done to solve:
google it (obviously) then found a similar problem but the person decided to reinstall windows and he wasnt worried about his files but iam and i cant lose any of my files as they are realy important. (i didnt make any back up and i dont have enought room to make a back up and dont have any empty disk).
i found other ones and followed it and it said i was suppose 2 run windows in safe mode and i tried but couldnt because of d347.bus cause it couldnt read it so i restarted and tried 2 go back 2 windows but the blue screen appeard so i pressed f8 and tried the other safe mode (safe mode with network, safe mode with dos [i think]) then i restarted cause it didnt work and tried to run it properly but didnt work then i restarted again and it worked. and i found out that it was a daemon tool problem which the file came from so i uninstalled daemon tools and the problem i had 4 going 2 safe was gone but the blue screen appeared again. so i tried to fix it by trying to stop the blue screen (got it from some site) where i had to:
click start
right click my computer then properties
advanced tab
then in the start up and recovery box click settings
(4got the rest)
which didnt work

then i followed a differnt one:
go run type in msconfig
startup tab
disable all checklist (which includes [all in .exe], 84.tmp, 60.tmp, servises, servises, velpslme, iomssls,ctfmon, lmssspr, btdna, ccleaner, iomssls, ctfmon, [{the ones i trust}google update, yahoo, msn, skype, google toolbar, veoh, microsoft office], WCescomm, magnetic, NvCpl, velpsme, servises, lmssspr, RtlWake)

and another one:
go run type in cmd
then type in chkdsk
and i was suppose 2 type y if there was a program running and start it wen i restart the comp (so i did)
then after this was complete the blue screen came up again then i tried chkdsk /f and the sam ething happend so i tried chkdsk /r cause i thought it needed repair and the same thing happend.

The only way to fix the bluescreen was pressing f8 and selecting the Last known good configuration so the blue screen doesnt appear just suddenly but it still appears wen i try safe mode.

Files i installed from 16th October to 18th October:
Hotspot Shield
Malwarebytes' Anti-Malware
Spybot - Search & Destroy
Adobe Flash CS4 Professional
Adobe Fireworks CS4
cobian backup 8 (i couldnt fully install it but i installed it over 3 times and it keeps saying 7 errors until around the 3rd time it says 4 errors)
dds
RootRepeal

Files i uninstalled from 16th October to 18th October:
Hotspot Shield
Adobe Fireworks CS4

Files i still have after Last known good configuration:
Hotspot Shield

so my main problem is to delete this virus from the site i got, so could someone please help me. thanks in advance (hopefully soon cause i have exams coming up and these virus are infecting my files and i cant lose my notes.)


DDS (Ver_09-10-13.01) - NTFSx86
Run by Owner at 20:42:09.54 on Sun 18/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.61.1033.18.1023.363 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
svchost.exe C:\WINDOWS\TEMP\VRT7.tmp
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\servises.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe "C:\WINDOWS\system32\7F.tmp"
C:\WINDOWS\system32\80.tmp
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
mURLSearchHooks: H - No File
mWinlogon: Taskman=c:\recycler\s-1-5-21-1157645303-3774681882-903591932-4791\yv8g67.exe
uWinlogon: Shell=c:\windows\system32\lmssspr.exe,c:\windows\system32\velplsme.exe,c:\recycler\s-1-5-21-1157645303-3774681882-903591932-4791\yv8g67.exe,explorer.exe,c:\windows\system32\iomssls.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
BHO: WinAVI FLVSense: {e8df67a1-b618-4f3f-9e7c-cbe175adef5b} - c:\program files\winavi flv converter\FLVTune.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\tbHots.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [servises] c:\windows\system32\servises.exe
uRun: [opqlsys] c:\windows\system32\velplsme.exe
uRun: [crsmons] c:\windows\system32\iomssls.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [xisbcom] c:\windows\system32\lmssspr.exe
mRun: [2050] c:\windows\system32\84.tmp.exe
mRun: [servises] c:\windows\system32\servises.exe
dRun: [servises] c:\windows\system32\servises.exe
dRunOnce: [RunNarrator] Narrator.exe
uExplorerRun: [servises] c:\windows\system32\servises.exe
mExplorerRun: [servises] c:\windows\system32\servises.exe
dExplorerRun: [servises] c:\windows\system32\servises.exe
IE: &Download FLV by WinAVI... - c:\program files\winavi flv converter\flv_link.htm
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\winavi flv converter\FLVTune.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\yahtzee\images\stg_drm.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\yahtzee\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\7nkd3k6g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&q=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\7nkd3k6g.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\7nkd3k6g.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\crawler\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\firefox\components\xshared.dll
FF - component: c:\program files\crawler\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\7nkd3k6g.default\extensions\{5601b994-0e9b-4ce2-8ab9-ad1155f2abbd}\plugins\NPNeffyPlugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\7nkd3k6g.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ahnlab\asp\components\npaosmgr\npaosmgr.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMFFUpdater.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMNetmarbleDownload.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMStarter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMSystemInformer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMWebMessengerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mympc\rpplugins\nppl3260.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-23 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-23 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-9-30 141312]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-23 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-23 297752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-19 8849]
R2 GenPort;GenPort;c:\windows\system32\drivers\genport.sys [2007-10-16 4832]
R2 MapMem;MapMem;c:\windows\system32\drivers\MAPMEM.SYS [2007-10-16 6816]
R2 NTRemap;NTRemap;c:\windows\system32\drivers\NTREMAP.SYS [2007-10-16 6336]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 34304]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;c:\windows\system32\drivers\Bel6001.sys [2008-12-1 168448]
R3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [2009-9-16 32768]
RUnknown zuwvnwcb1;zuwvnwcb1; [x]
S1 zhrrkerjy1;zhrrkerjy1;c:\windows\system32\drivers\zhrrkerjy1.sys --> c:\windows\system32\drivers\zhrrkerjy1.sys [?]
S1 zvgwohoaj1;zvgwohoaj1;c:\windows\system32\drivers\zvgwohoaj1.sys [2009-10-18 40192]
S2 gupdate1c935adf182628;Google Update Service (gupdate1c935adf182628);c:\program files\google\update\GoogleUpdate.exe [2008-10-24 133104]
S2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe --> c:\program files\hotspot shield\hsswpr\hsssrv.exe [?]
S2 SwPrvSSScsiSV;MS Software Shadow Copy Provider SwPrvSSScsiSV;c:\windows\system32\7f.tmp srv --> c:\windows\system32\7F.tmp srv [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\hsstrayservice.exe --> c:\program files\hotspot shield\bin\HssTrayService.EXE [?]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-8-18 132608]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-8-18 79104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]

=============== Created Last 30 ================

2009-10-18 20:26 32 a--s---- c:\windows\system32\2382874839.dat
2009-10-18 20:26 40,192 a------- c:\windows\system32\drivers\zvgwohoaj1.sys
2009-10-18 20:26 18,944 a------- c:\windows\system32\84.tmp
2009-10-18 20:26 23,552 a------- c:\windows\system32\80.tmp
2009-10-18 20:26 64,000 a------- c:\windows\system32\7F.tmp
2009-10-18 20:26 1 a------- c:\windows\system32\7E.tmp
2009-10-18 20:26 264 a------- c:\windows\system32\7C.tmp
2009-10-18 20:23 0 a------- c:\windows\system32\7B.tmp
2009-10-18 18:33 40,192 a------- c:\windows\system32\drivers\zbkfosgsw3.sys
2009-10-18 18:33 18,944 a------- c:\windows\system32\7D.tmp
2009-10-18 18:33 23,552 a------- c:\windows\system32\79.tmp
2009-10-18 18:33 172 a------- c:\windows\system32\78.tmp
2009-10-18 18:31 40,192 a------- c:\windows\system32\drivers\zcprrqegnki1.sys
2009-10-18 18:31 18,944 a------- c:\windows\system32\7A.tmp
2009-10-18 18:31 23,552 a------- c:\windows\system32\77.tmp
2009-10-18 18:31 172 a------- c:\windows\system32\76.tmp
2009-10-18 18:14 0 a------- c:\windows\system32\75.tmp
2009-10-18 18:14 23,552 a------- c:\windows\system32\74.tmp
2009-10-18 18:14 172 a------- c:\windows\system32\73.tmp
2009-10-18 17:59 0 a------- c:\windows\system32\70.tmp
2009-10-18 17:56 40,192 a------- c:\windows\system32\drivers\zqnwudvx9.sys
2009-10-18 17:56 18,944 a------- c:\windows\system32\72.tmp
2009-10-18 17:56 34,304 a------- c:\windows\system32\71.tmp
2009-10-18 17:56 23,552 a------- c:\windows\system32\6E.tmp
2009-10-18 17:56 172 a------- c:\windows\system32\6C.tmp
2009-10-18 17:43 <DIR> --d----- c:\program files\Cobian Backup 8
2009-10-18 17:27 40,192 a------- c:\windows\system32\drivers\zchbojgynej3.sys
2009-10-18 17:27 18,944 a------- c:\windows\system32\6F.tmp
2009-10-18 17:27 23,552 a------- c:\windows\system32\6B.tmp
2009-10-18 17:27 172 a------- c:\windows\system32\65.tmp
2009-10-18 17:19 40,192 a------- c:\windows\system32\drivers\zkwocdfxo3.sys
2009-10-18 17:19 18,944 a------- c:\windows\system32\6D.tmp
2009-10-18 17:18 23,552 a------- c:\windows\system32\6A.tmp
2009-10-18 17:18 172 a------- c:\windows\system32\69.tmp
2009-10-18 17:12 23,552 a------- c:\windows\system32\67.tmp
2009-10-18 17:12 172 a------- c:\windows\system32\66.tmp
2009-10-18 17:11 40,192 a------- c:\windows\system32\drivers\zhgqdfrdfu3.sys
2009-10-18 17:11 18,944 a------- c:\windows\system32\68.tmp
2009-10-18 17:10 172 a------- c:\windows\system32\64.tmp
2009-10-18 17:06 40,192 a------- c:\windows\system32\drivers\zohqjasr5.sys
2009-10-18 17:06 18,944 a------- c:\windows\system32\63.tmp
2009-10-18 17:06 34,304 a------- c:\windows\system32\62.tmp
2009-10-18 17:06 32,256 a------- c:\windows\system32\61.tmp
2009-10-18 17:06 23,552 a------- c:\windows\system32\5F.tmp
2009-10-18 17:06 172 a------- c:\windows\system32\5E.tmp
2009-10-18 17:01 40,192 a------- c:\windows\system32\drivers\zjfkviuytt3.sys
2009-10-18 17:01 18,944 a------- c:\windows\system32\60.tmp
2009-10-18 17:01 23,552 a------- c:\windows\system32\5C.tmp
2009-10-18 17:01 172 a------- c:\windows\system32\5B.tmp
2009-10-18 16:52 40,192 a------- c:\windows\system32\drivers\zjplhwru5.sys
2009-10-18 16:52 18,944 a------- c:\windows\system32\5D.tmp
2009-10-18 16:52 23,552 a------- c:\windows\system32\5A.tmp
2009-10-18 16:52 172 a------- c:\windows\system32\57.tmp
2009-10-18 16:41 40,192 a------- c:\windows\system32\drivers\zogofwbomwd7.sys
2009-10-18 16:41 18,944 a------- c:\windows\system32\59.tmp
2009-10-18 16:41 34,304 a------- c:\windows\system32\58.tmp
2009-10-18 16:41 23,552 a------- c:\windows\system32\56.tmp
2009-10-18 16:41 172 a------- c:\windows\system32\55.tmp
2009-10-18 16:33 32,256 a------- c:\windows\system32\54.tmp
2009-10-18 16:33 23,552 a------- c:\windows\system32\53.tmp
2009-10-18 16:33 172 a------- c:\windows\system32\52.tmp
2009-10-18 16:27 40,192 a------- c:\windows\system32\drivers\zutqwgrbgi3.sys
2009-10-18 16:27 18,944 a------- c:\windows\system32\51.tmp
2009-10-18 16:27 34,304 a------- c:\windows\system32\50.tmp
2009-10-18 16:27 32,256 a------- c:\windows\system32\4F.tmp
2009-10-18 16:27 23,552 a------- c:\windows\system32\4E.tmp
2009-10-18 16:26 172 a------- c:\windows\system32\4D.tmp
2009-10-18 16:20 40,192 a------- c:\windows\system32\drivers\zmwqcyem7.sys
2009-10-18 16:20 18,944 a------- c:\windows\system32\4C.tmp
2009-10-18 16:19 34,304 a------- c:\windows\system32\4B.tmp
2009-10-18 16:19 32,256 a------- c:\windows\system32\4A.tmp
2009-10-18 16:19 23,552 a------- c:\windows\system32\49.tmp
2009-10-18 16:19 172 a------- c:\windows\system32\48.tmp
2009-10-18 16:11 21,374 a------- c:\windows\system32\47.tmp
2009-10-18 16:11 32,256 a------- c:\windows\system32\46.tmp
2009-10-18 16:11 23,552 a------- c:\windows\system32\44.tmp
2009-10-18 16:11 172 a------- c:\windows\system32\42.tmp
2009-10-18 15:44 37,376 a------- c:\windows\system32\drivers\HssDrv.sys
2009-10-18 15:44 <DIR> --d----- c:\windows\LastGood.Tmp
2009-10-18 15:41 18,944 a------- c:\windows\system32\45.tmp
2009-10-18 15:41 23,552 a------- c:\windows\system32\41.tmp
2009-10-18 15:41 172 a------- c:\windows\system32\3C.tmp
2009-10-18 15:32 40,192 a------- c:\windows\system32\drivers\zuwvnwcb1.sys
2009-10-18 15:32 18,944 a------- c:\windows\system32\43.tmp
2009-10-18 15:32 23,552 a------- c:\windows\system32\3F.tmp
2009-10-18 15:32 172 a------- c:\windows\system32\3E.tmp
2009-10-18 15:31 58,368 ---shr-- c:\windows\system32\lmssspr.exe
2009-10-18 13:14 23,552 a------- c:\windows\system32\servises.exe
2009-10-18 13:14 40,192 a------- c:\windows\system32\drivers\zrbkfntprfx7.sys
2009-10-18 13:14 18,944 a------- c:\windows\system32\40.tmp
2009-10-18 13:14 32,256 a------- c:\windows\system32\reader_s.exe
2009-10-18 13:14 32,256 a------- c:\documents and settings\owner\reader_s.exe
2009-10-18 13:14 172 a------- c:\windows\system32\3B.tmp
2009-10-18 12:06 40,192 a------- c:\windows\system32\drivers\zhoufjwwhlw7.sys
2009-10-18 12:06 18,944 a------- c:\windows\system32\3D.tmp
2009-10-18 12:06 23,552 a------- c:\windows\system32\39.tmp
2009-10-18 12:06 172 a------- c:\windows\system32\38.tmp
2009-10-18 11:50 40,192 a------- c:\windows\system32\drivers\zaxxbnsvjae1.sys
2009-10-18 11:50 18,944 a------- c:\windows\system32\3A.tmp
2009-10-18 11:50 23,552 a------- c:\windows\system32\37.tmp
2009-10-18 11:50 176,128 a------- c:\windows\system32\36.tmp
2009-10-18 11:50 1 a------- c:\windows\system32\34.tmp
2009-10-18 11:50 264 a------- c:\windows\system32\33.tmp
2009-10-18 11:32 40,192 a------- c:\windows\system32\drivers\zfrduila1.sys
2009-10-18 11:32 18,944 a------- c:\windows\system32\35.tmp
2009-10-18 11:32 23,552 a------- c:\windows\system32\32.tmp
2009-10-18 11:32 176,128 a------- c:\windows\system32\31.tmp
2009-10-18 11:32 1 a------- c:\windows\system32\2F.tmp
2009-10-18 11:32 264 a------- c:\windows\system32\2E.tmp
2009-10-18 11:32 61,440 ---shr-- c:\windows\system32\velplsme.exe
2009-10-18 11:26 40,192 a------- c:\windows\system32\drivers\zlixhsggicab5.sys
2009-10-18 11:26 18,944 a------- c:\windows\system32\30.tmp
2009-10-18 11:26 23,552 a------- c:\windows\system32\2C.tmp
2009-10-18 11:25 176,128 a------- c:\windows\system32\2B.tmp
2009-10-18 11:25 1 a------- c:\windows\system32\26.tmp
2009-10-18 11:25 264 a------- c:\windows\system32\23.tmp
2009-10-18 11:04 237,568 a------- c:\windows\system32\6096853.exe
2009-10-18 11:04 808 a------- c:\windows\system32\50375.exe
2009-10-18 11:04 46,592 ---shr-- c:\windows\system32\iomssls.exe
2009-10-18 11:02 40,192 a------- c:\windows\system32\drivers\zerxpkseieof7.sys
2009-10-18 11:02 18,944 a------- c:\windows\system32\2D.tmp
2009-10-18 11:02 0 a------- c:\windows\sc.exe
2009-10-18 11:02 23,552 a------- c:\windows\system32\2A.tmp
2009-10-18 11:02 176,128 a------- c:\windows\system32\29.tmp
2009-10-18 11:02 1 a------- c:\windows\system32\28.tmp
2009-10-18 11:02 264 a------- c:\windows\system32\25.tmp
2009-10-17 23:26 18,944 a------- c:\windows\system32\D8.tmp
2009-10-17 23:26 40,192 a------- c:\windows\system32\drivers\zdvxqyjaw7.sys
2009-10-17 23:26 23,040 a------- c:\windows\system32\D5.tmp
2009-10-17 23:26 172 a------- c:\windows\system32\D4.tmp
2009-10-17 19:45 40,192 a------- c:\windows\system32\drivers\zqbsqyidsi7.sys
2009-10-17 19:45 18,944 a------- c:\windows\system32\27.tmp
2009-10-17 19:45 172 a------- c:\windows\system32\21.tmp
2009-10-17 18:55 40,192 a------- c:\windows\system32\drivers\zsasphcp9.sys
2009-10-17 18:55 18,944 a------- c:\windows\system32\24.tmp
2009-10-17 18:55 23,552 a------- c:\windows\system32\20.tmp
2009-10-17 18:55 176 a------- c:\windows\system32\1B.tmp
2009-10-17 18:40 40,192 a------- c:\windows\system32\drivers\zbuuulkqcvs5.sys
2009-10-17 18:40 18,944 a------- c:\windows\system32\22.tmp
2009-10-17 18:39 23,552 a------- c:\windows\system32\1E.tmp
2009-10-17 18:39 176 a------- c:\windows\system32\1D.tmp
2009-10-17 18:34 18,944 a------- c:\windows\system32\1F.tmp
2009-10-17 18:34 40,192 a------- c:\windows\system32\drivers\zefhbcjfkl3.sys
2009-10-17 18:34 176 a------- c:\windows\system32\1A.tmp
2009-10-17 18:30 1,073,299,456 a------- c:\windows\MEMORY.DMP
2009-10-17 18:25 40,192 a------- c:\windows\system32\drivers\zrdtblicu5.sys
2009-10-17 18:25 18,944 a------- c:\windows\system32\1C.tmp
2009-10-17 18:25 23,552 a------- c:\windows\system32\18.tmp
2009-10-17 18:25 176 a------- c:\windows\system32\17.tmp
2009-10-17 18:14 40,192 a------- c:\windows\system32\drivers\zvrvhhruslhg5.sys
2009-10-17 18:14 18,944 a------- c:\windows\system32\19.tmp
2009-10-17 18:14 23,552 a------- c:\windows\system32\15.tmp
2009-10-17 18:14 176 a------- c:\windows\system32\13.tmp
2009-10-17 17:52 40,192 a------- c:\windows\system32\drivers\ztmqwvbrqnjgq7.sys
2009-10-17 17:52 18,944 a------- c:\windows\system32\16.tmp
2009-10-17 17:52 23,552 a------- c:\windows\system32\11.tmp
2009-10-17 17:52 176 a------- c:\windows\system32\3.tmp
2009-10-17 17:42 40,192 a------- c:\windows\system32\drivers\zcqmxukh9.sys
2009-10-17 17:42 18,944 a------- c:\windows\system32\14.tmp
2009-10-17 17:42 23,552 a------- c:\windows\system32\10.tmp
2009-10-17 17:41 176 a------- c:\windows\system32\A.tmp
2009-10-17 17:28 40,192 a------- c:\windows\system32\drivers\zstowksmici7.sys
2009-10-17 17:28 18,944 a------- c:\windows\system32\12.tmp
2009-10-17 17:28 23,552 a------- c:\windows\system32\E.tmp
2009-10-17 17:28 176 a------- c:\windows\system32\C.tmp
2009-10-17 17:12 40,192 a------- c:\windows\system32\drivers\zqwbijlp7.sys
2009-10-17 17:12 18,944 a------- c:\windows\system32\F.tmp
2009-10-17 17:12 176 a------- c:\windows\system32\7.tmp
2009-10-17 15:36 40,192 a------- c:\windows\system32\drivers\zccjunur7.sys
2009-10-17 15:36 18,944 a------- c:\windows\system32\B.tmp
2009-10-17 15:36 23,552 a------- c:\windows\system32\6.tmp
2009-10-17 15:36 176 a------- c:\windows\system32\4.tmp
2009-10-17 14:59 40,192 a------- c:\windows\system32\drivers\zdwmhheod5.sys
2009-10-17 14:59 18,944 a------- c:\windows\system32\D.tmp
2009-10-17 14:58 176 a------- c:\windows\system32\8.tmp
2009-10-17 14:38 245 a------- c:\windows\wininit.ini
2009-10-17 13:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-17 13:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-17 13:35 40,192 a------- c:\windows\system32\drivers\zplagebvu5.sys
2009-10-17 13:35 18,944 a------- c:\windows\system32\9.tmp
2009-10-17 13:35 176 a------- c:\windows\system32\5.tmp
2009-10-17 13:06 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-10-17 13:06 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-17 13:06 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-17 13:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 11:01 808 a------- c:\windows\system32\9341699.exe
2009-10-17 11:01 0 a------- c:\windows\system32\8D.tmp
2009-10-17 11:01 18,944 a------- c:\windows\system32\8B.tmp
2009-10-17 11:01 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-10-17 11:01 176 a------- c:\windows\system32\83.tmp
2009-10-16 20:45 <DIR> --d----- c:\docume~1\owner\applic~1\Apowersoft
2009-10-16 19:49 <DIR> --d----- c:\program files\Conduit
2009-10-16 19:49 <DIR> --d----- c:\program files\Hotspot_Shield
2009-10-16 16:18 133,632 a------- c:\windows\SC.INS
2009-10-03 16:19 <DIR> --d----- c:\program files\CAPCOM
2009-10-03 16:19 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-10-03 16:19 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-10-03 16:19 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-10-03 16:19 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-10-03 16:19 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-10-03 16:19 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-10-03 16:18 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-10-03 16:18 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-10-03 16:18 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-10-03 16:18 <DIR> --d----- c:\windows\system32\xlive
2009-10-03 16:18 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-10-02 18:18 <DIR> --d----- c:\program files\Microsoft Hardware
2009-10-02 17:10 14,848 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-10-02 17:10 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-10-02 17:10 2,688 ac------ c:\windows\system32\dllcache\hidswvd.sys
2009-10-02 17:10 2,688 a------- c:\windows\system32\drivers\HIDSwvd.sys
2009-10-02 17:10 59,136 ac------ c:\windows\system32\dllcache\gckernel.sys
2009-10-02 17:10 59,136 a------- c:\windows\system32\drivers\GcKernel.sys
2009-09-26 23:19 <DIR> --d----- c:\program files\common files\DivX Shared
2009-09-20 01:09 <DIR> --d----- c:\docume~1\owner\applic~1\ScummVM

==================== Find3M ====================

2009-10-17 11:01 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-09-25 16:56 662,016 a------- c:\windows\system32\wininet.dll
2009-09-25 16:56 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-16 07:04 32,768 a------- c:\windows\system32\drivers\taphss.sys
2009-09-12 01:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-05 07:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-28 23:41 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-28 23:41 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-26 19:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-10 00:03 29,672 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2009-08-05 20:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 00:58 2,136,064 a------- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:13 2,015,744 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-30 20:32 804,368 a------- c:\windows\GlbNMUpdater.exe

============= FINISH: 20:43:02.25 ===============

(sorry if i didnt do this right its my first post and i tried 2 follow the guidelines from grindler) thanks again.

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:36 PM

Posted 29 October 2009 - 05:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:36 PM

Posted 04 November 2009 - 12:24 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users