Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible BotNet infection?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Myanah

Myanah

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 01 April 2010 - 02:11 PM

Hi,

My Symantec email proxy scanner keeps telling me (every few seconds) it has blocked emails that I'm sending to persons unknown trying to sell them Viagra and the like. Please help!!!

Below are the MalwareBytes & DDS logs. When I ran GMER it crashed with a blue screen of death twice.

MalwareBytes reported 4 infections initially which I clicked to remove but on rebooting and rescanning there are now 5.

Many thanks if you can help


Malwarebytes' Anti-Malware 1.44
Database version: 3746
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/1/2010 8:06:18 PM
mbam-log-2010-04-01 (19-31-29).txt

Scan type: Quick Scan
Objects scanned: 113516
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-7354830662-0896973159-469826082-8224\rundll32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-1024798859-1726635025-236993425-9315\yv8g67.exe,Explorer.exe) Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-1024798859-1726635025-236993425-9315\yv8g67.exe (Worm.Autorun.cool.gif -> No action taken.
C:\RECYCLER\S-1-5-21-7354830662-0896973159-469826082-8224\rundll32.exe (Worm.Autorun.cool.gif -> No action taken.
C:\WINDOWS\system32\config\software.LOG (Trojan.Dropper) -> No action taken.









DDS (Ver_10-03-17.01) - NTFSx86
Run by abac at 19:43:15.46 on Thu 04/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.441 [GMT 1:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
L:\Useful Software\Anti virus & malware\BLEEPINGCOMPUTER\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Taskman=c:\recycler\s-1-5-21-7354830662-0896973159-469826082-8224\rundll32.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [uzk3w] c:\windows\system32\yopu81grsn.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [qlghm86] c:\windows\system32\uka0brx66o.exe
uRun: [kkg1h] c:\windows\system32\dzuva86m8.exe
uRun: [lhcdi] c:\windows\system32\wbmxytz6.exe
uRun: [jevllbh] c:\windows\system32\ytjkfvwrsn.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dit] Dit.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [incognito] c:\windows\system32\incognito.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264499538529
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\abac\applic~1\mozilla\firefox\profiles\8ipad3o1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2010-1-30 75040]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-4-4 2234296]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2010-1-26 945152]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-5-12 1287296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-26 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100401.002\NAVENG.SYS [2010-4-1 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100401.002\NAVEX15.SYS [2010-4-1 1324720]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 133104]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2010-1-26 17408]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2006-3-24 358912]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2010-1-26 16512]

=============== Created Last 30 ================

2010-04-01 16:35:32 44544 --sh--r- c:\windows\system32\ytjkfvwrsn.exe
2010-04-01 16:35:30 41472 --sh--r- c:\windows\system32\wbmxytz6.exe
2010-04-01 16:35:29 44544 --sh--r- c:\windows\system32\dzuva86m8.exe
2010-03-28 11:44:37 0 d-----w- c:\program files\Windows Media Connect 2
2010-03-25 14:32:08 97184 ----a-r- c:\windows\system32\drivers\SE27mdm.sys
2010-03-25 14:32:08 9360 ----a-r- c:\windows\system32\drivers\SE27mdfl.sys
2010-03-25 14:32:08 6240 ----a-r- c:\windows\system32\drivers\SE27cmnt.sys
2010-03-25 14:32:08 6240 ----a-r- c:\windows\system32\drivers\SE27cm.sys
2010-03-25 14:24:39 0 d-----w- c:\docume~1\abac\applic~1\Teleca
2010-03-25 14:14:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2010-03-25 14:14:47 0 d-----w- c:\program files\common files\Teleca Shared
2010-03-25 14:14:46 0 d-----w- c:\program files\Sony Ericsson
2010-03-25 14:14:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Teleca
2010-03-25 14:12:26 54156 ---ha-w- c:\windows\QTFont.qfn
2010-03-25 14:12:26 1409 ----a-w- c:\windows\QTFont.for
2010-03-25 13:23:16 0 d-----w- c:\windows\Downloaded Installations
2010-03-25 13:15:32 61600 ----a-r- c:\windows\system32\drivers\SE27bus.sys
2010-03-25 13:15:32 5872 ----a-r- c:\windows\system32\drivers\SE27whnt.sys
2010-03-25 13:15:32 5872 ----a-r- c:\windows\system32\drivers\SE27wh.sys
2010-03-24 12:10:55 647168 ----a-w- c:\program files\jpegcrop.exe
2010-03-21 19:43:56 0 d-----w- c:\windows\system32\NtmsData
2010-03-10 22:35:40 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-04-01 18:35:08 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-02-27 15:12:46 5005312 ----a-w- c:\program files\Paint.NET.3.5.4.Install.zip
2010-02-27 14:57:31 24185720 ----a-w- c:\program files\AVSImageConverter.exe
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:29:44 5115824 ----a-w- c:\program files\mbam-setup.exe
2010-02-16 12:12:42 7520288 ----a-w- c:\program files\SUPERAntiSpyware.exe
2010-02-12 18:13:50 98180904 ----a-w- c:\program files\iTunesSetup.exe
2010-02-12 16:55:10 564064 ----a-w- c:\program files\googleupdatesetup.exe
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-09 09:32:34 520192 ----a-w- c:\windows\system32\Holding Pattern Coach.scr
2010-02-09 09:31:19 6366181 ----a-w- c:\program files\HPcoach.zip
2010-02-07 19:07:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-30 13:01:14 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-01-26 11:23:55 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-25 20:48:09 315392 ----a-w- c:\windows\HideWin.exe
2010-01-25 20:39:11 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 19:43:54.62 ===============








UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2010 8:43:59 PM
System Uptime: 4/1/2010 7:33:18 PM (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7187
Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 135.917 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is CDROM ()
H: is CDROM (CDFS)
I: is FIXED (NTFS) - 105 GiB total, 104.444 GiB free.
J: is FIXED (NTFS) - 146 GiB total, 69.437 GiB free.
L: is FIXED (NTFS) - 150 GiB total, 83.287 GiB free.
M: is FIXED (FAT32) - 152 GiB total, 152.367 GiB free.
N: is FIXED (NTFS) - 524 GiB total, 524.039 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: USB Device
Device ID: USB\VID_EB1A&PID_2710\5&C0D23BB&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_EB1A&PID_2710\5&C0D23BB&0&2
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1065&SUBSYS_187C1462&REV_01\4&1AF1648C&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1065&SUBSYS_187C1462&REV_01\4&1AF1648C&0&40F0
Service: E100B

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_27DA8086&REV_01\3&2411E6FE&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_27DA8086&REV_01\3&2411E6FE&0&FB
Service:

==== System Restore Points ===================

RP1: 1/25/2010 8:46:16 PM - System Checkpoint
RP2: 1/25/2010 8:48:51 PM - Installed Realtek High Definition Audio Driver
RP3: 1/25/2010 8:49:02 PM - Installed Windows XP KB888111WXPSP2.
RP4: 1/26/2010 10:09:35 AM - Software Distribution Service 3.0
RP5: 1/26/2010 10:23:39 AM - Software Distribution Service 3.0
RP6: 1/26/2010 10:40:34 AM - Software Distribution Service 3.0
RP7: 1/26/2010 11:21:02 AM - Installed Multi-Card Reader & Flash Disk
RP8: 1/26/2010 11:23:02 AM - Installed Symantec Endpoint Protection.
RP9: 1/26/2010 11:25:21 AM - Installed Microsoft Office XP Professional with FrontPage
RP10: 1/26/2010 11:28:28 AM - Installed Nero 7 Essentials
RP11: 1/26/2010 8:31:43 PM - Installed Ralink Wireless LAN
RP12: 1/30/2010 12:50:29 PM - Removed Ralink Wireless LAN
RP13: 1/30/2010 12:51:38 PM - Installed Ralink Wireless LAN
RP14: 1/30/2010 12:57:27 PM - Removed Ralink Wireless LAN
RP15: 1/30/2010 12:59:49 PM - Installed Ralink Wireless LAN
RP16: 1/30/2010 1:00:56 PM - Installed Ralink Wireless LAN
RP17: 1/31/2010 7:38:14 PM - Installed ePhoneTools
RP18: 1/31/2010 7:38:28 PM - Printer Driver CAPTURE FAX BVRP Installed
RP19: 1/31/2010 9:06:34 PM - Software Distribution Service 3.0
RP20: 2/1/2010 10:38:36 PM - System Checkpoint
RP21: 2/2/2010 8:38:34 PM - Installed Adobe Reader 9.3.
RP22: 2/7/2010 5:16:06 PM - System Checkpoint
RP23: 2/7/2010 7:07:38 PM - Installed Java™ 6 Update 18
RP24: 2/7/2010 8:05:50 PM - Installed Compatibility Pack for the 2007 Office system
RP25: 2/9/2010 9:49:23 AM - System Checkpoint
RP26: 2/9/2010 3:24:12 PM - Removed Microsoft Office XP Professional with FrontPage
RP27: 2/9/2010 3:29:24 PM - Installed Microsoft Office Professional Edition 2003
RP28: 2/9/2010 7:35:24 PM - Software Distribution Service 3.0
RP29: 2/11/2010 10:34:22 AM - System Checkpoint
RP30: 2/12/2010 4:48:21 PM - Installed Google Earth
RP31: 2/12/2010 6:18:22 PM - Installed iTunes
RP32: 2/14/2010 9:41:52 AM - System Checkpoint
RP33: 2/15/2010 9:56:47 PM - System Checkpoint
RP34: 2/16/2010 12:15:34 PM - Installed SUPERAntiSpyware Free Edition
RP35: 2/16/2010 5:26:03 PM - Installed iTunes
RP36: 2/18/2010 11:37:45 AM - System Checkpoint
RP37: 2/20/2010 12:29:34 PM - System Checkpoint
RP38: 2/23/2010 10:20:20 AM - System Checkpoint
RP39: 2/23/2010 8:00:13 PM - Software Distribution Service 3.0
RP40: 2/24/2010 10:11:45 PM - Software Distribution Service 3.0
RP41: 2/26/2010 6:21:49 PM - System Checkpoint
RP42: 2/27/2010 3:18:21 PM - Paint.NET v3.5.4
RP43: 2/28/2010 1:26:01 PM - Software Distribution Service 3.0
RP44: 2/28/2010 3:56:32 PM - Printer Driver Microsoft XPS Document Writer Installed
RP45: 3/1/2010 8:08:34 PM - System Checkpoint
RP46: 3/1/2010 9:07:06 PM - Software Distribution Service 3.0
RP47: 3/2/2010 10:39:38 PM - System Checkpoint
RP48: 3/4/2010 8:33:39 AM - System Checkpoint
RP49: 3/6/2010 3:36:12 PM - System Checkpoint
RP50: 3/7/2010 7:15:16 PM - System Checkpoint
RP51: 3/8/2010 7:51:23 PM - System Checkpoint
RP52: 3/10/2010 9:02:31 AM - System Checkpoint
RP53: 3/10/2010 1:35:09 PM - Software Distribution Service 3.0
RP54: 3/10/2010 11:08:54 PM - Software Distribution Service 3.0
RP55: 3/15/2010 6:28:47 PM - System Checkpoint
RP56: 3/16/2010 7:20:34 PM - System Checkpoint
RP57: 3/18/2010 10:38:42 PM - System Checkpoint
RP58: 3/20/2010 2:22:26 PM - System Checkpoint
RP59: 3/21/2010 5:25:51 PM - System Checkpoint
RP60: 3/22/2010 5:55:00 PM - System Checkpoint
RP61: 3/23/2010 6:25:03 PM - System Checkpoint
RP62: 3/25/2010 10:57:11 AM - System Checkpoint
RP63: 3/25/2010 2:13:43 PM - Unsigned driver install
RP64: 3/25/2010 2:14:41 PM - Installed Sony Ericsson PC Suite 1.20.224
RP65: 3/25/2010 2:32:07 PM - Unsigned driver install
RP66: 3/27/2010 6:48:48 PM - System Checkpoint
RP67: 3/28/2010 12:40:58 PM - Installed Windows Media Player 11
RP68: 3/28/2010 12:41:52 PM - Software Distribution Service 3.0
RP69: 3/29/2010 5:28:47 PM - System Checkpoint
RP70: 3/29/2010 8:00:14 PM - Software Distribution Service 3.0
RP71: 3/31/2010 12:20:06 PM - System Checkpoint
RP72: 3/31/2010 1:37:58 PM - Software Distribution Service 3.0

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
C-Media High Definition Audio Driver
Compatibility Pack for the 2007 Office system
FaxTools
Generic USB CardReader 2.0
Google Earth
Google Gears
Google Update Helper
High Definition Audio Driver Package - KB888111
Holding Pattern Coach Screen Saver
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel® PRO Network Connections Drivers
iTunes
Java Auto Updater
Java™ 6 Update 18
Lexmark X1100 Series
LiveUpdate 3.3 (Symantec Corporation)
LSI PCI Soft Modem
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Paint.NET v3.5.4
PowerDVD
QuickTime
Ralink RT2870 Wireless LAN Card
Ralink RT7x Wireless LAN Card
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sony Ericsson PC Suite 1.20.224
SUPERAntiSpyware Free Edition
Symantec Endpoint Protection
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

4/1/2010 7:34:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/30/2010 12:10:07 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 000810731DF8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/28/2010 12:45:10 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Media Player 11.
3/26/2010 8:54:22 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000810731DF8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/26/2010 8:39:06 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.

==== End Of File ===========================


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:51 AM

Posted 05 April 2010 - 12:05 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:51 PM

Posted 10 April 2010 - 11:13 AM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users