Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system tool error says worm.win.32netsky


  • This topic is locked This topic is locked
2 replies to this topic

#1 rickyb222

rickyb222

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 13 December 2009 - 09:27 AM

wheni turn on my computer, i start receiving messages that my computer is under attack. And that i needed to download the service tool to help remove the 250 or so corrupp files on my computer.. it says that some one is trying to download load al C.C., info.. Then it will evntually turn myscreen blue. And i lose all icons on my dekstop, runs exteamlly slow, i also get various other error messgages. such as you have a worm and am under attack.... smtp file..... worm.win.32netsky



DDS (Ver_09-12-01.01) - NTFSx86
Run by admin at 5:50:48.78 on Sun 12/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.386 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\winhlp32.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uSearch Page =
uWindow Title = Microsoft Internet Explorer
uDefault_Page_URL = hxxp://www.msn.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\blingee plus\tbhelper.dll
mWinlogon: Userinit=c:\windows\system32\winlogon86.exe
uWinlogon: Shell=c:\documents and settings\admin\application data\pc\pc.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} - &Advanced Explorer Editor
BHO: Smart-Shopper: {4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BlingeeTb Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\blingee plus\blingeetb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} -
TB: Blingee Toolbar: {d1121fe0-0145-44c9-aa35-72071ac20a9b} - c:\program files\blingee plus\blingeetb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {71D2CF9E-34E4-4401-8841-F4FC3F3EDC32} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: SmartShopper: {8bcb5337-ec01-4e38-840c-a964f174255b} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [VibeFireAlerts]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NeoChronos] c:\docume~1\admin\locals~1\temp\c.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [Microsoft Windows logon process] c:\documents and settings\admin\application data\microsoft\windows\winlogon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [agent.exe] c:\documents and settings\admin\application data\pc\agent.exe
uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [89081329] c:\documents and settings\all users\application data\89081329\89081329.exe
mRun: [PURegBackup] c:\program files\perfect uninstaller\PU.exe -AUTORUN
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [winupdate86.exe] c:\windows\system32\winupdate86.exe
mRun: [TrayStartup] c:\program files\cox\media store and share backup manager\VaultClientTray.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\$mcreb~1.lnk - c:\windows\system32\cmd.exe
uPolicies-explorer: NoFolderOptions = 00000000
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoDispBackgroundPage =
uPolicies-system: NoDispAppearancePage =
uPolicies-system: NoDispSettingsPage =
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoNetSetup = 0 (0x0)
uPolicies-system: NoNetSetupIDPage = 0 (0x0)
uPolicies-system: NoNetSetupSecurityPage = 0 (0x0)
uPolicies-system: NoWorkgroupContents = 0 (0x0)
uPolicies-system: NoEntireNetwork = 0 (0x0)
uPolicies-system: NoFileSharingControl = 0 (0x0)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoFolderOptions = 00000000
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admin\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: c:\windows\system32\winhelper86.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: real.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5828/mcfscan.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: 344817bc705 - c:\windows\system32\clusapi32.dll
Notify: __c003ADB8 - c:\windows\system32\__c003ADB8.dat
Notify: __c008AC81 - c:\windows\system32\__c008AC81.dat
Notify: __c00C65A1 - c:\windows\system32\__c00C65A1.dat
AppInit_DLLs: ronigofu.dll,c:\windows\system32\clusapi32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli gasowihu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\p4xr3die.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-12-13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-12-13 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-12-13 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090206.001\IDSxpx86.sys [2009-12-13 276344]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091212.038\NAVENG.SYS [2009-12-12 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091212.038\NAVEX15.SYS [2009-12-12 1323568]
S0 0dbefef2c054e3d52a9bd18ebf395542;0dbefef2c054e3d52a9bd18ebf395542;c:\windows\system32\0dbefef2c054e3d52a9bd18ebf395542.sys --> c:\windows\system32\0dbefef2c054e3d52a9bd18ebf395542.sys [?]
S2 fioo32;fioo32;c:\windows\system32\SvchOst.eXE -k fioo32 [2003-4-25 14336]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-27 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-27 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-27 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-27 40552]

=============== Created Last 30 ================

2009-12-13 10:13:00 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-12-13 10:12:49 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-13 10:12:49 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-13 10:12:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-13 10:12:49 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-13 10:11:23 0 d-----w- c:\windows\system32\drivers\NIS
2009-12-13 10:11:11 0 d-----w- c:\program files\Norton Internet Security
2009-12-13 10:01:28 28160 ----a-w- c:\windows\system32\__c003ADB8.dat
2009-12-13 10:01:14 615 ----a-w- c:\windows\system32\httJ7UQ.vbs
2009-12-13 10:01:14 193024 ----a-w- c:\windows\system32\chtbrkr32.dll
2009-12-13 09:48:09 0 d-----w- c:\program files\NortonInstaller
2009-12-13 08:05:56 615 ----a-w- c:\windows\system32\DgTyo.vbs
2009-12-13 07:55:56 2854 ----a-w- c:\windows\system32\critical_warning.html
2009-12-13 04:43:45 193024 ----a-w- c:\windows\system32\fxsext3232.dll
2009-12-13 04:43:44 615 ----a-w- c:\windows\system32\ngIImi4XT5Ndo.vbs
2009-12-13 04:01:12 0 ----a-w- c:\windows\system32\2995.exe
2009-12-13 03:41:11 0 ----a-w- c:\windows\system32\491.exe
2009-12-13 03:21:09 0 ----a-w- c:\windows\system32\9961.exe
2009-12-13 03:01:09 0 ----a-w- c:\windows\system32\16827.exe
2009-12-13 02:41:08 0 ----a-w- c:\windows\system32\23281.exe
2009-12-13 02:21:08 0 ----a-w- c:\windows\system32\28145.exe
2009-12-13 02:01:07 0 ----a-w- c:\windows\system32\5705.exe
2009-12-13 01:41:07 0 ----a-w- c:\windows\system32\24464.exe
2009-12-13 01:21:06 0 ----a-w- c:\windows\system32\26962.exe
2009-12-13 01:01:06 0 ----a-w- c:\windows\system32\29358.exe
2009-12-13 00:41:05 0 ----a-w- c:\windows\system32\11478.exe
2009-12-13 00:21:05 0 ----a-w- c:\windows\system32\15724.exe
2009-12-13 00:01:04 0 ----a-w- c:\windows\system32\19169.exe
2009-12-12 23:41:04 0 ----a-w- c:\windows\system32\26500.exe
2009-12-12 23:21:02 0 ----a-w- c:\windows\system32\6334.exe
2009-12-12 23:01:01 0 ----a-w- c:\windows\system32\18467.exe
2009-12-12 22:41:01 0 ----a-w- c:\windows\system32\41.exe
2009-12-12 22:40:45 22528 ----a-w- c:\windows\system32\winhelper86.dll
2009-12-12 22:40:41 1 -c--a-w- C:\s
2009-12-12 22:40:30 35328 ----a-w- c:\windows\system32\winlogon86.exe
2009-12-12 22:40:29 35328 ----a-w- c:\windows\system32\winupdate86.exe
2009-12-12 19:28:46 0 d-----w- c:\docume~1\alluse~1\applic~1\98258739
2009-12-12 19:27:14 28160 ----a-w- c:\windows\system32\__c00B4970.dat
2009-12-12 19:24:55 193024 ----a-w- c:\windows\system32\esent9732.dll
2009-12-12 19:24:53 615 ----a-w- c:\windows\system32\EQnxAmzdgJHwO.vbs
2009-12-12 17:49:53 615 ----a-w- c:\windows\system32\MOCjvf8.vbs
2009-12-12 07:55:00 193024 ----a-w- c:\windows\system32\dnsrslvr32.dll
2009-12-12 07:54:59 615 ----a-w- c:\windows\system32\S6H50iq5ivrlw1f.vbs
2009-12-12 06:14:21 30208 ----a-w- c:\windows\system32\__c007A83F.dat
2009-12-12 05:46:45 0 d-----w- c:\docume~1\alluse~1\applic~1\35558632
2009-12-12 02:54:39 0 dc----w- C:\ca9c455a38682f477adadc
2009-12-12 02:11:39 32256 ----a-w- c:\windows\system32\__c00E9640.dat
2009-12-12 01:00:19 35328 ----a-w- c:\windows\system32\__c00787E7.dat
2009-12-11 23:48:09 192000 ----a-w- c:\windows\system32\dot3dlg32.dll
2009-12-11 23:47:56 615 ----a-w- c:\windows\system32\IJbcot3.vbs
2009-12-11 22:28:35 192000 ----a-w- c:\windows\system32\dpwsock32.dll
2009-12-11 22:28:26 615 ----a-w- c:\windows\system32\EApQthffFCsy9.vbs
2009-12-11 13:20:38 0 d-----w- c:\program files\common files\PC Tools
2009-12-11 12:33:30 869 -csha-r- C:\menu.lst
2009-12-11 12:33:29 1474560 -csha-r- C:\dos.img
2009-12-11 12:33:28 212 -csha-r- C:\boot.bakpu
2009-12-11 12:33:28 171136 -csha-r- C:\GRLDR
2009-12-11 12:24:48 0 dc----w- C:\Rbackup
2009-12-11 12:17:57 42 ----a-w- c:\windows\system32\AK083E209605E394C.lie
2009-12-11 12:17:43 0 d-----w- c:\program files\Perfect Uninstaller
2009-12-11 08:44:22 0 dc-h--w- c:\windows\ie8
2009-12-11 08:08:58 741888 --sha-w- c:\windows\system32\87.tmp
2009-12-11 06:57:24 0 d-----w- c:\windows\McAfee.com
2009-12-11 02:37:48 0 dc----w- c:\docume~1\admin\applic~1\PC
2009-12-10 23:55:21 0 d-----w- c:\docume~1\alluse~1\applic~1\81799337
2009-12-10 23:54:44 0 dc----w- C:\ProgramData
2009-12-10 23:54:44 0 d-----w- c:\program files\Angle Interactive
2009-12-10 21:32:44 190464 ----a-w- c:\windows\system32\encapi32.dll
2009-12-10 21:32:32 615 ----a-w- c:\windows\system32\YQCFA.vbs
2009-12-10 21:31:57 190464 ----a-w- c:\windows\system32\GEARAspi32.dll
2009-12-10 21:31:52 615 ----a-w- c:\windows\system32\uvnTHJr.vbs
2009-12-10 21:30:23 190464 ----a-w- c:\windows\system32\dmserver32.dll
2009-12-10 21:30:22 190464 ----a-w- c:\windows\system32\dmocx32.dll
2009-12-10 21:30:20 615 ----a-w- c:\windows\system32\ruXvjdC.vbs
2009-12-10 21:30:16 615 ----a-w- c:\windows\system32\IdOD48gDpvOJ6xE.vbs
2009-12-09 06:22:40 0 -c--a-w- C:\testwma.raw
2009-12-08 22:01:45 483328 ----a-w- c:\windows\system32\actskn45.ocx
2009-12-08 12:36:56 190464 ----a-w- c:\windows\system32\hnetwiz32.dll
2009-12-08 12:36:52 615 ----a-w- c:\windows\system32\fz2e9fYQm3OMD.vbs
2009-12-08 12:36:46 190464 ----a-w- c:\windows\system32\fontext32.dll
2009-12-08 12:36:36 615 ----a-w- c:\windows\system32\4yL6U.vbs
2009-12-08 09:26:21 656 -c--a-w- C:\xcrashdump.dat
2009-12-08 03:39:30 192000 ----a-w- c:\windows\system32\dsuiext32.dll
2009-12-08 03:39:23 615 ----a-w- c:\windows\system32\b9RPGfxzFVqxO.vbs
2009-12-07 22:25:48 32768 ----a-w- c:\windows\system32\__c00A3980.dat
2009-12-07 12:58:56 0 d-----w- c:\docume~1\alluse~1\applic~1\89081329
2009-12-07 12:45:47 192000 ----a-w- c:\windows\system32\hsfcisp232.dll
2009-12-07 12:45:32 615 ----a-w- c:\windows\system32\VCNcDj0hoP2fmaY.vbs
2009-12-07 12:20:47 190464 ----a-w- c:\windows\system32\dskquoui32.dll
2009-12-07 12:20:27 615 ----a-w- c:\windows\system32\nZ6Row4.vbs
2009-12-07 12:19:44 4779 ----a-w- c:\windows\GnuHashes.ini
2009-12-07 12:11:55 1184 --sha-w- c:\windows\system32\1679312876
2009-12-07 12:10:34 0 d-sh--w- c:\windows\system32\SysWoW32
2009-12-07 12:09:28 190464 ----a-w- c:\windows\system32\davclnt32.dll
2009-12-07 12:09:01 190464 ----a-w- c:\windows\system32\cards32.dll
2009-12-07 12:08:56 615 ----a-w- c:\windows\system32\41IKY.vbs
2009-12-07 12:08:35 615 ----a-w- c:\windows\system32\VOuOR.vbs
2009-12-07 12:05:02 190464 ----a-w- c:\windows\system32\browsewm32.dll
2009-12-07 12:05:01 615 ----a-w- c:\windows\system32\hmRaABWvDJgFG.vbs
2009-12-07 12:04:09 615 ----a-w- c:\windows\system32\yjFYyUx.vbs
2009-12-07 12:03:17 817 ----a-w- c:\windows\system32\877139900
2009-12-07 12:03:13 190464 ----a-w- c:\windows\system32\clbcatex32.dll
2009-12-07 12:02:58 615 ----a-w- c:\windows\system32\Po3nhf2dKMpspcn.vbs
2009-12-07 12:01:40 203776 --sh--w- c:\windows\system32\unrar.exe
2009-12-07 12:01:40 0 d-----w- c:\windows\system32\108687579
2009-12-07 12:01:31 190464 ----a-w- c:\windows\system32\d3d932.dll
2009-12-07 12:01:30 615 ----a-w- c:\windows\system32\WhOE0hEatQ4eqh9.vbs
2009-12-07 12:01:19 741888 --sha-w- c:\windows\system32\CF.tmp
2009-12-07 12:01:19 190464 ----a-w- c:\windows\system32\cnetcfg32.dll
2009-12-07 12:01:16 120832 ----a-w- c:\windows\system32\clusapi32.dll
2009-12-07 12:01:12 615 ----a-w- c:\windows\system32\uwd4N4oY6mlcFBG.vbs
2009-12-06 17:58:26 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-12-06 15:55:32 0 d-----w- c:\program files\LizardTech
2009-12-06 12:47:04 0 d-----w- c:\program files\S3
2009-12-06 10:31:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2009-12-06 10:30:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2009-12-06 10:29:51 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-06 10:12:59 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-12-06 10:12:59 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-12-06 10:12:58 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-12-06 10:12:58 317952 ------w- c:\windows\system32\imapi2.dll
2009-12-06 06:01:03 0 dc----w- c:\docume~1\admin\applic~1\LimeWire
2009-12-06 05:11:30 0 dc----w- C:\OutputFolder
2009-12-04 14:43:05 0 dc----w- c:\documents and settings\admin\Volume_1
2009-12-01 17:33:10 69 ----a-w- c:\windows\NeroDigital.ini
2009-12-01 09:23:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2009-12-01 05:57:50 0 d-----w- c:\windows\system32\URTTEMP
2009-12-01 05:37:51 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-01 05:37:12 0 dc----w- c:\docume~1\admin\applic~1\DVD Flick
2009-11-29 00:02:48 0 d-----w- c:\program files\Blingee Plus
2009-11-28 11:43:19 0 d-----w- c:\docume~1\alluse~1\applic~1\LightScribe
2009-11-28 10:12:03 2097152 -c--a-w- c:\temp\autorun.bin
2009-11-28 10:12:02 1570816 -c--a-w- c:\temp\TSDNWIN.exe
2009-11-28 10:12:02 0 dc----w- C:\Temp
2009-11-28 04:23:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-28 04:23:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-28 04:23:46 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-28 04:22:06 0 d-----w- c:\program files\common files\McAfee
2009-11-28 04:22:00 0 d-----w- c:\program files\McAfee.com
2009-11-28 04:14:29 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-11-26 18:29:35 0 d-----w- c:\program files\iPod
2009-11-25 10:00:56 0 d-----w- c:\program files\MSXML 4.0
2009-11-25 01:13:09 0 dc----w- c:\docume~1\admin\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-24 13:58:32 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-11-24 13:58:32 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2009-11-24 13:58:31 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2009-11-24 12:37:02 0 d-----w- c:\program files\GetData
2009-11-23 23:49:22 0 d-----w- c:\program files\Bonjour
2009-11-23 23:48:00 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-23 23:47:34 0 d-----w- c:\windows\EDCD4CE3DE9249A987F9FE09B2FBA16C.TMP
2009-11-23 01:59:14 0 d-----w- c:\program files\MyWebSearch
2009-11-23 01:12:51 0 dc----w- c:\docume~1\admin\applic~1\alot
2009-11-22 07:37:49 0 d-----w- c:\windows\49FA793C785E47E993DFBD442B0B45D1.TMP
2009-11-22 06:19:14 0 dc----w- c:\docume~1\admin\applic~1\ArmorSurf
2009-11-22 06:08:09 0 dc----w- c:\docume~1\admin\applic~1\Heatseek
2009-11-21 18:22:08 0 d-----w- c:\program files\iTunes
2009-11-20 09:49:54 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-11-20 09:19:00 0 dcsh--w- C:\USMT.TMP
2009-11-18 10:07:42 0 dc----w- c:\docume~1\admin\applic~1\Windows Live Writer
2009-11-18 07:50:17 0 dc----w- c:\docume~1\admin\applic~1\Uniblue
2009-11-18 07:41:39 0 d-----w- c:\windows\SxsCaPendDel
2009-11-18 06:04:13 0 d-----w- c:\documents and settings\all users\My Pictures
2009-11-15 23:28:15 0 dc----w- C:\BABYBOY DODGER #1

==================== Find3M ====================

2009-11-24 11:25:12 18030130 ----a-w- c:\docume~1\alluse~1\applic~1\vlc-1.0.3-win32.exe
2009-11-24 08:47:09 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-24 08:47:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-04 23:54:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-29 12:59:15 7175 ----a-w- c:\program files\export.ofx
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 -c--a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 -c--a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 -c----w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 11:17:27 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-10-04 06:04:11 20272 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-09-30 23:45:44 61224 -c--a-w- c:\documents and settings\admin\GoToAssistDownloadHelper.exe
2009-09-16 00:25:41 1033728 ----a-w- c:\windows\explorer.exe

============= FINISH: 5:56:14.40 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/16/2008 10:53:36 PM
System Uptime: 12/13/2009 2:35:11 AM (3 hours ago)

Motherboard: | | KM266-8235
Processor: AMD Athlon™ XP 2400+ | Socket A | 1994/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 9.931 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100+ Management Adapter
Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_000C8086&REV_08\3&61AAA01&0&40
Manufacturer: Intel
Name: Intel® PRO/100+ Management Adapter
PNP Device ID: PCI\VEN_8086&DEV_1229&SUBSYS_000C8086&REV_08\3&61AAA01&0&40
Service: E100B

==== System Restore Points ===================

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 24 December 2009 - 09:50 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 AM

Posted 29 December 2009 - 09:52 AM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users