Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viruses


  • This topic is locked This topic is locked
5 replies to this topic

#1 The Indian Guy

The Indian Guy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 23 December 2009 - 08:09 PM

Hi,
I'm highly convinced that my computer's been affected by some type of virus/worm/trojan.
I just can't figure out what it is. I also have some strange processes running that take up
a lot of my cpu usage. Sometimes I have have boot up problems too.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Eury Hiraga at 17:07:40.95 on Wed 12/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.110 [GMT -8:00]

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Eury Hiraga\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZQfox000&ptb=p4CWr6pM_lm3E0SFGRB8_w
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: MSN Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar\01.01.2607.0\en-us\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Zeldar] c:\docume~1\euryhi~1\locals~1\temp\c.exe
uRun: [4VDD85L8NF] c:\windows\msa.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [<NO NAME>]
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\euryhi~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\AdobeUpdate.jar
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\euryhi~1\applic~1\mozilla\firefox\profiles\dvfqrrzw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={0997FC62-7BE1-0C62-8BAD-ED83E6119432}&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npsoestb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-9-8 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-9-8 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-9-8 482432]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-10 54752]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-9-8 117640]
R2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-3-30 1373480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-30 102448]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2009-9-12 109440]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-6-27 17792]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091102.002\IDSXpx86.sys [2009-10-28 329592]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s defaultinstance --> c:\program files\firebird\firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gunzprodrv;GunZProtect;\??\c:\program files\euro gunz client 8.5.6\gunzprotectdrv.sys --> c:\program files\euro gunz client 8.5.6\GunZProtectDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-17 38160]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091103.007\NAVENG.SYS [2009-11-3 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091103.007\NAVEX15.SYS [2009-11-3 1323568]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-12-28 13:57:03 13642 ----a-w- c:\windows\39815z97d7.cpl
2009-12-28 13:16:36 3548 ----a-w- c:\windows\3508szam9ot382.dll
2009-12-26 10:57:52 12586 ----a-w- c:\windows\5cc95tezl3029.cpl
2009-12-25 09:10:19 14331 ----a-w- c:\windows\529z2spam9ot663.dll
2009-12-23 13:17:30 14028 ----a-w- c:\windows\4599threat21z199.cpl
2009-12-23 13:10:13 5340 ----a-w- c:\windows\system32\4574vizu976a.dll
2009-12-21 06:08:08 11399 ----a-w- c:\windows\system32\5bz3sparse9551.dll
2009-12-21 05:01:31 0 d-----w- c:\program files\Aiseesoft Studio
2009-12-21 04:46:39 214016 ----a-w- c:\windows\msa.exe
2009-12-21 04:46:12 259072 ----a-w- c:\windows\system32\sshnas.dll
2009-12-21 04:42:31 0 d-----w- c:\windows\system32\NtmsData
2009-12-21 04:10:59 0 d-----w- c:\docume~1\euryhi~1\applic~1\BSD
2009-12-21 04:10:54 1518080 ----a-w- c:\windows\bsdsetup.dll
2009-12-21 04:06:37 0 d-----w- c:\program files\common files\eSellerate
2009-12-21 02:23:56 0 d-----w- c:\program files\iPod
2009-12-21 02:23:10 0 d-----w- c:\program files\iTunes
2009-12-21 02:23:10 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-21 02:00:12 0 d-----w- c:\program files\Xilisoft
2009-12-21 01:58:48 0 d-----w- c:\docume~1\euryhi~1\applic~1\GetRightToGo
2009-12-20 14:49:02 13116 ----a-w- c:\windows\system32\z69troj5be.cpl
2009-12-17 00:31:16 0 d-----w- c:\docume~1\alluse~1\applic~1\MSNDynFiles
2009-12-16 22:55:40 0 d-----w- c:\program files\Musicmatch
2009-12-15 14:20:21 2705 ----a-w- c:\windows\system32\9558troj49fz.cpl
2009-12-15 07:23:13 16416 ----a-w- c:\windows\9czste59145.bin
2009-12-14 19:02:25 16790 ----a-w- c:\windows\system32\15494v9rzs215.cpl
2009-12-14 16:26:43 11422 ----a-w- c:\windows\7195spazse1042.ocx
2009-12-13 07:55:37 13826 ----a-w- c:\windows\22bzthie95356.cpl
2009-12-12 23:00:44 16203 ----a-w- c:\windows\32335sza59ot645.cpl
2009-12-12 18:44:40 17661 ----a-w- c:\windows\458wozm159.bin
2009-12-11 03:49:32 0 d-----w- c:\program files\SCAR 3.12
2009-12-10 21:31:53 4324 ----a-w- c:\windows\7849vz51770.bin
2009-12-10 00:12:27 17917 ----a-w- c:\windows\system32\29z62troj755.bin
2009-12-09 19:26:07 13505 ----a-w- c:\windows\system32\9b5zsteal1293.dll
2009-12-08 23:36:26 8787 ----a-w- c:\windows\system32\169669pazbot3a5.ocx
2009-12-08 11:13:09 13769 ----a-w- c:\windows\5c349teal1030z.exe
2009-12-07 15:30:41 5059 ----a-w- c:\windows\system32\45ceaddwzre2596.dll
2009-12-06 17:47:41 14689 ----a-w- c:\windows\system32\695cthreat15z7.bin
2009-12-05 18:06:16 6846 ----a-w- c:\windows\system32\6414zirus5f19.dll
2009-12-05 07:55:10 2717 ----a-w- c:\windows\35619wo9m12z.exe
2009-12-04 03:28:08 12795 ----a-w- c:\windows\99954hacktoolz9c.dll
2009-12-03 11:26:38 6557 ----a-w- c:\windows\z6265pamb9t7c9.ocx
2009-12-01 02:00:59 9298 ----a-w- c:\windows\system32\8929spyz5.cpl
2009-11-28 09:47:27 3266 ----a-w- c:\windows\5c99spywaze2868.cpl
2009-11-27 23:19:25 0 d-----w- c:\program files\Fast Browser Search
2009-11-27 07:02:16 6780 ----a-w- c:\windows\150ca5dwar9z395.exe
2009-11-26 00:55:23 0 d-----w- c:\docume~1\euryhi~1\applic~1\NeopleLauncherDFO
2009-11-26 00:11:09 0 d-----w- c:\docume~1\alluse~1\applic~1\NexonUS
2009-11-25 23:58:13 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2009-11-25 03:40:29 10797 ----a-w- c:\windows\57544z9ambot228.ocx

==================== Find3M ====================

2009-12-24 00:37:18 69 ----a-w- c:\documents and settings\eury hiraga\jagex_runescape_preferences2.dat
2009-12-24 00:33:14 39 ----a-w- c:\documents and settings\eury hiraga\jagex_runescape_preferences.dat
2009-11-23 04:53:48 3767 ----a-w- c:\windows\system32\180495rz694.dll
2009-11-22 13:34:19 8983 ----a-w- c:\windows\system32\19918sp5mbot652z.bin
2009-11-22 10:23:59 10234 ----a-w- c:\windows\26ff5hre9t22z5.exe
2009-11-20 21:34:17 4392 ----a-w- c:\windows\5z5699orm470.exe
2009-11-17 07:31:43 14957 ----a-w- c:\windows\zeb2ste59892.dll
2009-11-12 00:03:44 12373 ----a-w- c:\windows\system32\db6zownlo9der23795.exe
2009-11-09 18:04:12 12777 ----a-w- c:\windows\6672dow5zoad9r1797.exe
2009-11-09 11:16:28 2634 ----a-w- c:\windows\5z64not-a9virus60b.exe
2009-11-08 02:38:44 16817 ----a-w- c:\windows\51f9backz9or1796.dll
2009-11-03 21:28:56 11175 ----a-w- c:\windows\system32\273225roj59z.bin
2009-11-02 20:18:08 3215 ----a-w- c:\windows\system32\591zvir32345.exe
2009-11-02 18:15:11 5607 ----a-w- c:\windows\55fdbzc9doo5286.bin
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 03:48:21 14169 ----a-w- c:\windows\system32\7e47zir2295.bin
2009-10-26 19:54:40 7085 ----a-w- c:\windows\system32\20139wzr53e1.exe
2009-10-26 05:58:53 4430 ----a-w- c:\windows\system32\19z59acktoold2.exe
2009-10-25 13:46:47 15851 ----a-w- c:\windows\system32\6989spars599z.exe
2009-10-25 02:29:30 12594 ----a-w- c:\windows\16738szambot95f5.bin
2009-10-24 21:47:26 10195 ----a-w- c:\windows\56cz9ackdoor1385.bin
2009-10-24 09:39:44 7308 ----a-w- c:\windows\system32\5ad5downl5aderz9.bin
2009-10-23 14:39:19 13224 ----a-w- c:\windows\system32\294165acktooz784.bin
2009-10-23 00:58:47 5633 ----a-w- c:\windows\system32\57z7dow59oader1362.dll
2009-10-22 16:30:45 7404 ----a-w- c:\windows\system32\3zfathr5at2929.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-18 22:57:32 3634 ----a-w- c:\windows\35beb5zkdoor999.dll
2009-10-14 04:40:49 4751 ----a-w- c:\windows\z1a9s9y5are381.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 07:53:58 6935 ----a-w- c:\windows\3fd0doznl9ade52963.bin
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-11 00:17:31 10089 ----a-w- c:\windows\578z2hacktool595.bin
2009-10-06 02:33:14 15750 ----a-w- c:\windows\2d5zdo5nloader1992.dll
2009-10-05 00:04:36 6304 ----a-w- c:\windows\5z25spyw9re2916.dll
2009-10-03 17:11:42 15526 ----a-w- c:\windows\system32\8e0thiefz593.dll
2009-10-03 11:50:49 6895 ----a-w- c:\windows\system32\5edaspy9are2z92.exe
2009-10-02 12:11:59 4527 ----a-w- c:\windows\system32\17679worm54z5.bin
2009-09-25 23:38:02 12851 ----a-w- c:\windows\system32\6551downlo9zer3062.exe
2009-07-05 05:58:40 8 --sha-r- c:\windows\system32\E5EB649711.sys
2009-08-01 20:56:26 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:08:45.05 ===============

BC AdBot (Login to Remove)

 


#2 The Indian Guy

The Indian Guy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 30 December 2009 - 06:18 PM

Been about a week now, no reply.

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:25 AM

Posted 04 January 2010 - 06:56 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log
Thanks

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:25 AM

Posted 10 January 2010 - 02:52 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:25 AM

Posted 14 January 2010 - 12:47 AM

Topic reopened at OP request.

unite.jpg


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:25 AM

Posted 10 February 2010 - 06:48 PM

Topic closed.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users