Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ytbb.exe with browsers crashing


  • This topic is locked This topic is locked
2 replies to this topic

#1 Stili

Stili

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 01 February 2010 - 01:40 AM

[My Fix!]

K well, knowing me I can't just sit here while there's malware/virus's/trojan agents and whatever infecting
my computer
so what I did was I loaded
SuperAntiSpyware did a memory and registry scan
now ytbb.exe isn't a regular trojan, it actually blocked me from doing things
so i had to cancle almost every single Administrator process and then load SuperAntiSpyware with those options
then it started to work and it updated I ran a scan it caught about 4-6 TJ-Agent/Gen
and a bunch of other things...
So I quickly deleted them and looked at Avira Antivirus Free Edition, Cause it was still running in my background
and it turned out this Trojan or whatever it was actually prevented me from updating Avira and it said
Schedual not loaded failed update...
So I went into Administrator tools and I looked at the services all the way down to avira
I turned it on to Prompt for both Avira services and I updated did a full scan overnight
Next I turned to malware bytes , did a full scan and it blocked a lot of my infected applications
So then I had a bunch of antivirus scans and everything and I re-ran SuperAntiSpyware for a full scan this time
I deleted/Quarantine'd as much as I could then restarted
I then got a bunch of errors and I knew right then and there , their were still infections/bad sectors on my pc
Here's where the Almighty ComboFix come's in to finish this whole procedure up
I ran combofix and went afk to shuvle my driveway I came back and my pc had restarted
so combofix had done its job and restarted my pc
I then logged in and lo behold there's combofix saying NOT to launch ANY programs =)
I looked at the log and found what it had repaired and gotten rid of..
Now I have absolutely no problems and no errors and no stupid process's downloading things
and also GoogleChrome is fully working again with all my other browsers
and this is where I conclude my report.
thanks to anyone who tried to help me!!!!!




[My Problem]



Okay... So Let's go from the start
My computer has recently been acting up with lag and delays, so I installed a bunch of updates from Update Manager
and I thought everything was good.. Well I was wrong
Everytime I try to download a security update using mozilla or internet explorer
they close instantly
I tried going to majorgeeks.com for some antivirus but it the browsers shut down on me, I followed a tut on the Preperation Guide
and I'm ganna post everything now.
All I know is that ytbb.exe Loads here and then two iexplorer.exe's load
everytime I try to kill the process it just keeps coming back over and over...
Also I noticed that my My Computer icon is messed up on the Start Menu
and browsing menu...

Also I know that its doing something in the background because my curser keeps having the loading icon when Im not doing anything.
and when I go to Microsoft's site to download a security update or anything from microsoft my browser crash's
and googlechrome stopped loading pages too when this happened. Now googlechrome won't work at all, I reinstalled every single browser too

IE8
Mozilla Firefox
GoogleChrome

I hope someone can help me cause this thing is scaring me, I think its using Iexplorer.exe's to download more stuff
could it be a rootkit/TJDownloader, I have no clue.
well here's the logs.

Thanks for helping means a lot to me!!!



----------------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 0:52:53.56 on 01/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2633 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\explorer.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\Xfire.exe
c:\program files\daemon tools lite\daemon .exe
c:\program files\aim6\aim6 .exe
c:\program files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uWinlogon: Shell=explorer.exe "c:\documents and settings\administrator\sdjuei.exe"
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSof1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download all links with IDM - c:\documents and settings\administrator\my documents\downloads\ad\idman5.18.4.full.rox1234\IEGetAll.htm
IE: Download FLV video content with IDM - c:\documents and settings\administrator\my documents\downloads\ad\idman5.18.4.full.rox1234\IEGetVL.htm
IE: Download with IDM - c:\documents and settings\administrator\my documents\downloads\ad\idman5.18.4.full.rox1234\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-ca\msntabres.dll.mui/229?10694ff5e1514a49868931c22a557432
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-ca\msntabres.dll.mui/230?10694ff5e1514a49868931c22a557432
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\0033.DLL
SSODL: qhYDQFAzB - {98F5AE57-325F-04FD-5ADF-B15E9610D9FD} - c:\windows\system32\gpm.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\nvh7c9yx.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-30 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-19 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-19 41424]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 17408]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-30 56816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-29 24652]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2009-10-7 27136]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-8-5 99472]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-6-21 17792]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admini~1\locals~1\temp\hzia.tmp --> c:\docume~1\admini~1\locals~1\temp\HZIA.tmp [?]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-5-28 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-5-28 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-5-28 81288]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-19 91472]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-8-19 32016]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-30 108289]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-30 185089]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-28 356920]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-28 1079176]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2009-12-22 682232]

=============== Created Last 30 ================

2010-02-01 05:30:14 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-02-01 05:30:01 59904 ----a-w- c:\windows\system32\app_dll.dll
2010-02-01 05:27:47 0 d-sh--w- c:\documents and settings\administrator\IETldCache
2010-02-01 05:22:00 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-01 05:21:44 0 d-----w- c:\windows\ie8updates
2010-02-01 05:21:39 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-01 05:21:39 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-01 05:21:39 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-01 05:21:39 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-01 05:21:39 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-01 05:21:39 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-01 05:20:20 0 dc-h--w- c:\windows\ie8
2010-02-01 05:11:13 0 d-----w- c:\windows\ServicePackFiles
2010-02-01 03:42:10 6144 ---ha-w- c:\documents and settings\administrator\sdjuei.exe
2010-02-01 03:42:10 42496 ---h--w- c:\windows\system32\secupdat.dat
2010-02-01 03:42:10 42496 ---h--w- c:\documents and settings\administrator\secupdat.dat
2010-02-01 03:38:55 0 ---ha-w- c:\windows\system32\wupd.dat
2010-02-01 03:38:25 25600 ----a-w- c:\windows\system32\0033.DLL
2010-02-01 03:38:24 41216 ---ha-w- c:\windows\system32\wexe.exe
2010-02-01 03:37:50 39440 ----a-w- c:\documents and settings\administrator\rundll32.exe
2010-02-01 03:37:50 39440 ----a-w- c:\documents and settings\administrator\rundll32 .exe
2010-02-01 02:04:52 57856 ---h--w- c:\documents and settings\administrator\udcltc.exe
2010-02-01 02:04:52 57856 ----a-w- c:\windows\system32\fljiged .exe
2010-02-01 02:04:52 39440 ----a-w- c:\windows\system32\fljiged.exe
2010-02-01 02:04:48 6863 ----a-w- c:\windows\system32\WORK.DAT
2010-02-01 02:04:48 25088 ----a-w- c:\windows\system32\0023.DLL
2010-02-01 02:04:36 10 ----a-w- c:\windows\system32\kr_done1
2010-01-31 06:24:06 0 d-----w- c:\program files\World of Warcraft Trial
2010-01-30 22:58:49 0 d-----w- c:\program files\ZD Soft
2010-01-30 22:50:51 0 d-----w- C:\VideoSec
2010-01-30 22:42:29 12288 ----a-w- c:\windows\system32\drivers\EIO.sys
2010-01-30 22:39:23 0 d-----w- c:\program files\My Company Name
2010-01-30 22:38:07 12416 ----a-w- c:\windows\system32\drivers\asusgsb32.sys
2010-01-29 20:22:23 49 ----a-w- c:\windows\dc_nemesis.INI
2010-01-29 20:15:13 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-01-29 20:15:13 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-01-29 20:15:10 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-01-29 20:15:09 5672 ----a-w- c:\windows\system32\quartz.vxd
2010-01-29 20:15:09 194320 ----a-w- c:\windows\system32\qcut.dll
2010-01-29 20:15:09 11776 ----a-w- c:\windows\system32\mciqtz.drv
2010-01-29 20:15:09 10240 ----a-w- c:\windows\system32\vidx16.dll
2010-01-29 20:15:08 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-01-29 20:15:08 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-01-29 08:20:28 1613 ----a-w- C:\res+psx.nri
2010-01-29 05:51:29 0 d-----w- c:\program files\Delta
2010-01-26 00:33:40 0 d-----w- c:\program files\Xplosiv
2010-01-25 22:16:59 241628 ----a-w- C:\mistake1.reg
2010-01-23 03:53:17 0 d-----w- c:\program files\Xvid
2010-01-22 01:33:06 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-18 21:59:34 199 ----a-w- C:\DARE.INI
2010-01-18 20:48:02 78784 ----a-w- c:\windows\system32\ISUSPM.cpl
2010-01-15 01:24:56 0 d-----w- c:\docume~1\admini~1\applic~1\Xfire
2010-01-15 01:24:54 0 d-----w- c:\program files\Xfire
2010-01-10 21:11:25 2412 ----a-w- C:\UDF1.nru
2010-01-10 06:31:46 1400 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-10 06:30:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-01-10 06:30:17 0 d-----w- c:\program files\common files\iS3
2010-01-10 06:30:17 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-01-09 23:09:54 0 d-----w- C:\nDoors
2010-01-09 22:50:08 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2010-01-09 22:49:37 0 d-----w- c:\program files\Pando Networks
2010-01-09 22:43:04 0 d-----w- c:\program files\Pcsx2

==================== Find3M ====================

2010-02-01 04:31:13 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-01-30 22:38:18 737280 ----a-w- c:\windows\iun6002.exe
2010-01-10 21:50:52 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-25 16:50:54 9984 ----a-w- c:\windows\system32\drivers\scncap.sys
2009-12-25 16:50:54 13184 ----a-w- c:\windows\system32\scncap.dll
2009-12-22 05:42:45 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-15 22:21:32 427008 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2009-12-10 03:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-11-14 22:17:28 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-14 22:17:28 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-11 21:33:23 129784 ------w- c:\windows\system32\pxafs.dll
2009-06-07 07:34:32 2 --shatr- c:\windows\winstart.bat
2009-09-28 20:19:10 113952 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-28 20:00:02 1824 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 0:53:10.17 ===============

Attached Files


Edited by Stili, 01 February 2010 - 03:29 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:45 AM

Posted 08 February 2010 - 12:13 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:45 AM

Posted 13 February 2010 - 03:39 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users