Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Protection Center malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 Chaos123

Chaos123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 03 June 2010 - 12:38 AM

i got this malware that tells me that i need to protect my computer from virus and what not (its a virus itself). i have tried MBAM but it crashes when i click ok right after a scan is done. the malware locked me out of the taskmanager but i have worked around that by changing the reg key for that. i am going to post my dds and hijackthis logs first then hopefully the gmer log. it seems that my comp resets itself once in a while since i got this.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Taylor at 22:49:55.29 on Wed 06/02/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.802 [GMT -6:00]

AV: Protection Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

E:\WINDOWS\system32\nvsvc32.exe
e:\windows\system32\svchost -k dcomlaunch
svchost.exe
e:\windows\system32\svchost.exe -k netsvcs
e:\windows\system32\svchost.exe -k wudfservicegroup
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
E:\WINDOWS\Explorer.EXE
E:\DOCUME~1\Taylor\LOCALS~1\Temp\mscdexnt.exe
E:\Program Files\Razer\Tarantula\razerhid.exe
E:\Program Files\NavNT\vptray.exe
E:\DOCUME~1\Taylor\LOCALS~1\Temp\wscsvc32.exe
E:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Razer\Lachesis\razerhid.exe
E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
E:\Program Files\Logitech\QuickCam\Quickcam.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Documents and Settings\Taylor\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\NavNT\defwatch.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
e:\windows\system32\svchost.exe -k hpz12
E:\Program Files\NavNT\rtvscan.exe
e:\windows\system32\svchost.exe -k hpz12
e:\windows\system32\svchost.exe -k imgsvc
E:\WINDOWS\system32\devldr32.exe
E:\Program Files\Razer\Lachesis\OSD.exe
E:\Program Files\Razer\Tarantula\razertra.exe
E:\Program Files\Razer\Lachesis\razertra.exe
E:\Program Files\Razer\Lachesis\razerofa.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\WINDOWS\system32\MsgSys.EXE
E:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\DOCUME~1\Taylor\LOCALS~1\Temp\mscdexnt.exe
E:\Documents and Settings\Taylor\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SansaDispatch] e:\documents and settings\taylor\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [updateMgr] "e:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [msnmsgr] "e:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [vptray] e:\program files\navnt\vptray.exe
mRun: [Tarantula] e:\program files\razer\tarantula\razerhid.exe
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVMixerTray] "e:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroCheck] e:\windows\system32\NeroCheck.exe
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "e:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Lachesis] e:\program files\razer\lachesis\razerhid.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [RoxioDragToDisc] "e:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "e:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [LogitechCommunicationsManager] "e:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] "e:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [DAEMON Tools-1033] "e:\program files\d-tools\daemon.exe" -lang 1033
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-disallowrun: New Value #2 = isamini.exe
uPolicies-disallowrun: <NO NAME> = isamonitor.exe
uPolicies-disallowrun: New Value #1 = mscdexnt.exe
uPolicies-disallowrun: New Value #3 = wscsvc32.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://e:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - e:\windows\system32\NavLogon.dll
Notify: WB - e:\program files\stardock\object desktop\thememanager\fastload.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\taylor\applic~1\mozilla\firefox\profiles\z5z37u0k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blizzard.com/
FF - component: e:\documents and settings\taylor\application data\mozilla\firefox\profiles\z5z37u0k.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: e:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: e:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: e:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: e:\program files\octoshape streaming services\taylor\octoprogram-l03-n00-u00-c00_0712211_000\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Stealth;Stealth;e:\windows\system32\drivers\stealth.sys [2002-6-21 80896]
R2 NAVAPEL;NAVAPEL;e:\program files\navnt\Navapel.sys [2000-12-22 7888]
R2 Norton AntiVirus Server;Norton AntiVirus Client;e:\program files\navnt\rtvscan.exe [2000-12-22 430080]
R3 HidMouse;HidMouse;e:\windows\system32\drivers\HidMouse.sys [2006-1-2 33049]
R3 LachesisFltr;Lachesis Mouse Driver;e:\windows\system32\drivers\Lachesis.sys [2008-5-8 12032]
R3 NAVAP;NAVAP;e:\program files\navnt\navap.sys [2000-12-22 171872]
R3 NAVENG;NAVENG;e:\progra~1\common~1\symant~1\virusd~1\20100512.005\NAVENG.sys [2010-5-14 85552]
R3 NAVEX15;NAVEX15;e:\progra~1\common~1\symant~1\virusd~1\20100512.005\NAVEX15.sys [2010-5-14 1347504]
R3 TarFltr;Razer Tarantula USB Keyboard;e:\windows\system32\drivers\UsbFltr.sys [2008-5-8 45440]
S3 cpuz130;cpuz130;\??\e:\docume~1\taylor\locals~1\temp\cpuz130\cpuz_x32.sys --> e:\docume~1\taylor\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 RTL8192u;Realtek RTL8192U Wireless LAN 802.11n USB 2.0 Network Adapter;e:\windows\system32\drivers\RTL8192u.sys [2009-6-12 439680]
S4 akjsgtwn;akjsgtwn;e:\windows\system32\drivers\vfrav.sys [2010-6-2 54016]
S4 wtcwk;wtcwk;e:\windows\system32\drivers\dhmi.sys [2010-6-2 54016]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-06-03 04:48:52 0 ----a-w- e:\documents and settings\taylor\defogger_reenable
2010-06-03 04:16:28 54156 ---ha-w- e:\windows\QTFont.qfn
2010-06-03 04:16:28 1409 ----a-w- e:\windows\QTFont.for
2010-06-03 03:28:13 0 d-----w- e:\program files\Trend Micro
2010-06-02 18:44:34 54016 ----a-w- e:\windows\system32\drivers\dhmi.sys
2010-06-02 10:23:52 54016 ----a-w- e:\windows\system32\drivers\vfrav.sys
2010-06-02 10:07:26 0 d-----w- e:\docume~1\taylor\applic~1\Malwarebytes
2010-06-02 10:07:17 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 10:07:16 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-06-02 10:07:16 0 d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-06-02 10:07:16 0 d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-02 09:23:43 0 d-----w- e:\program files\Protection Center
2010-06-01 10:31:56 0 d-----w- e:\program files\common files\Futuremark Shared
2010-06-01 10:25:31 0 d-----w- e:\program files\Futuremark
2010-05-18 17:55:14 0 d-----w- e:\docume~1\alluse~1\applic~1\PassMark
2010-05-18 17:55:13 0 d-----w- e:\program files\PerformanceTest

==================== Find3M ====================

2010-06-01 16:27:42 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2010-06-01 16:27:41 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2010-04-04 01:23:18 278120 ----a-w- e:\windows\system32\nvmccs.dll
2010-04-04 01:23:16 154216 ----a-w- e:\windows\system32\nvsvc32.exe
2010-04-04 01:23:16 145000 ----a-w- e:\windows\system32\nvcolor.exe
2010-04-04 01:23:16 13670504 ----a-w- e:\windows\system32\nvcpl.dll
2010-04-04 01:23:16 110696 ----a-w- e:\windows\system32\nvmctray.dll
2010-04-04 01:22:54 81920 ----a-w- e:\windows\system32\nvwddi.dll
2010-04-03 22:55:31 6432128 ----a-w- e:\windows\system32\nv4_disp.dll
2010-04-03 22:55:31 61440 ----a-w- e:\windows\system32\OpenCL.dll
2010-04-03 22:55:31 600680 ----a-w- e:\windows\system32\nvudisp.exe
2010-04-03 22:55:31 4075520 ----a-w- e:\windows\system32\nvcuda.dll
2010-04-03 22:55:31 2646632 ----a-w- e:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:31 227944 ----a-w- e:\windows\system32\nvcodins.dll
2010-04-03 22:55:31 227944 ----a-w- e:\windows\system32\nvcod.dll
2010-04-03 22:55:31 2183470 ----a-w- e:\windows\system32\nvdata.bin
2010-04-03 22:55:31 2030184 ----a-w- e:\windows\system32\nvcuvid.dll
2010-04-03 22:55:31 14757888 ----a-w- e:\windows\system32\nvoglnt.dll
2010-04-03 22:55:31 11647592 ----a-w- e:\windows\system32\nvcompiler.dll
2010-04-03 22:55:31 1097728 ----a-w- e:\windows\system32\nvapi.dll
2010-04-02 22:54:38 600680 ----a-w- e:\windows\system32\NVUNINST.EXE
2010-03-29 07:17:56 110592 ------w- e:\windows\system32\imm32.dll
2010-03-24 08:37:40 32738 ----a-w- e:\windows\scunin.dat
2010-03-24 08:37:39 94208 ----a-w- e:\windows\ScUnin.exe
2010-03-24 08:09:16 17798 ----a-w- e:\windows\DIIUnin.dat
2010-03-11 12:38:54 832512 ----a-w- e:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- e:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- e:\windows\system32\corpol.dll
2010-03-11 04:57:05 85783 ----a-w- e:\windows\War3Unin.dat
2010-03-09 11:09:18 430080 ----a-w- e:\windows\system32\vbscript.dll
2009-09-07 06:50:12 32768 --sha-w- e:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009090720090908\index.dat

============= FINISH: 22:50:53.75 ===============


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:42 PM, on 6/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
E:\WINDOWS\Explorer.EXE
E:\DOCUME~1\Taylor\LOCALS~1\Temp\mscdexnt.exe
E:\Program Files\NavNT\vptray.exe
E:\Program Files\Razer\Tarantula\razerhid.exe
E:\DOCUME~1\Taylor\LOCALS~1\Temp\wscsvc32.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Razer\Lachesis\razerhid.exe
E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
E:\Program Files\Logitech\QuickCam\Quickcam.exe
E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Documents and Settings\Taylor\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\devldr32.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\NavNT\defwatch.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\NavNT\rtvscan.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Razer\Lachesis\OSD.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Razer\Tarantula\razertra.exe
E:\Program Files\Razer\Lachesis\razertra.exe
E:\Program Files\Razer\Lachesis\razerofa.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
E:\WINDOWS\system32\MsgSys.EXE
E:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\Documents and Settings\Taylor\Desktop\gmer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\msiexec.exe
E:\DOCUME~1\Taylor\LOCALS~1\Temp\mscdexnt.exe
E:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [vptray] E:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Tarantula] E:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVMixerTray] "E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Lachesis] E:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "E:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SansaDispatch] E:\Documents and Settings\Taylor\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - E:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - E:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9063 bytes




BC AdBot (Login to Remove)

 


#2 Chaos123

Chaos123
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 03 June 2010 - 01:28 AM

here is my gmer scan so far. I sat and waited for the comp to force reboot and a window poped up and said my system has been damaged and needs to restart this action was started by (computer name)/ (user name). you have 30 seconds to save progress.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-03 00:20:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: E:\DOCUME~1\Taylor\LOCALS~1\Temp\uftdipod.sys


---- System - GMER 1.0.15 ----

Code 89FC7238 ZwEnumerateKey
Code 8A111A90 ZwFlushInstructionCache
Code 89FC726E IofCallDriver
Code 8A02428E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37D5 5 Bytes JMP 89FC7273
.text ntoskrnl.exe!IofCompleteRequest 804E3C06 5 Bytes JMP 8A024293
PAGE ntoskrnl.exe!ZwEnumerateKey 80570F41 5 Bytes JMP 89FC723C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577873 5 Bytes JMP 8A111A94
init E:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xB8751A0C]
.text E:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5EA3380, 0x566445, 0xE8000020]
PAGE HTTP.sys A3B2296F 1 Byte [87]
PAGE HTTP.sys A3B22977 1 Byte [46]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Stealth \Device\Scsi\Stealth1Port0Path0Target0Lun0 8A45B00C
Device \Driver\Stealth \Device\Scsi\Stealth1 8A45B00C

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs A372F400

---- Modules - GMER 1.0.15 ----

Module \systemroot\PRAGMAiymxtbvorn\PRAGMAd.sys (*** hidden *** ) AD690000-AD6B5000 (151552 bytes)

---- Services - GMER 1.0.15 ----

Service E:\WINDOWS\PRAGMAiymxtbvorn\PRAGMAd.sys (*** hidden *** ) [SYSTEM] PRAGMAiymxtbvorn <-- ROOTKIT !!!
Service E:\WINDOWS\PRAGMAmqxvjikbpf\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMAmqxvjikbpf <-- ROOTKIT !!!
Service E:\WINDOWS\PRAGMApfyfvksmiq\PRAGMAd.sys (*** hidden *** ) [DISABLED] PRAGMApfyfvksmiq <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAiymxtbvorn
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAiymxtbvorn@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAiymxtbvorn@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAiymxtbvorn@imagepath \systemroot\PRAGMAiymxtbvorn\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAiymxtbvorn\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAiymxtbvorn\modules@PRAGMAd \systemroot\PRAGMAiymxtbvorn\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAiymxtbvorn\modules@PRAGMAc \systemroot\PRAGMAiymxtbvorn\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAmqxvjikbpf
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAmqxvjikbpf@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAmqxvjikbpf@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAmqxvjikbpf@imagepath \systemroot\PRAGMAmqxvjikbpf\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAmqxvjikbpf\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAmqxvjikbpf\modules@PRAGMAd \systemroot\PRAGMAmqxvjikbpf\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAmqxvjikbpf\modules@PRAGMAc \systemroot\PRAGMAmqxvjikbpf\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMApfyfvksmiq
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMApfyfvksmiq@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMApfyfvksmiq@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMApfyfvksmiq@imagepath \systemroot\PRAGMApfyfvksmiq\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMApfyfvksmiq\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMApfyfvksmiq\modules@PRAGMAd \systemroot\PRAGMApfyfvksmiq\PRAGMAd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMApfyfvksmiq\modules@PRAGMAc \systemroot\PRAGMApfyfvksmiq\PRAGMAc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMApfyfvksmiq\modules@pragmaserf pragmaserf
Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMApfyfvksmiq\modules@pragmabbr pragmabbr
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAiymxtbvorn (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAiymxtbvorn@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAiymxtbvorn@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAiymxtbvorn@imagepath \systemroot\PRAGMAiymxtbvorn\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAiymxtbvorn\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAiymxtbvorn\modules@PRAGMAd \systemroot\PRAGMAiymxtbvorn\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAiymxtbvorn\modules@PRAGMAc \systemroot\PRAGMAiymxtbvorn\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAmqxvjikbpf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAmqxvjikbpf@start 4
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAmqxvjikbpf@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAmqxvjikbpf@imagepath \systemroot\PRAGMAmqxvjikbpf\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAmqxvjikbpf\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAmqxvjikbpf\modules@PRAGMAd \systemroot\PRAGMAmqxvjikbpf\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAmqxvjikbpf\modules@PRAGMAc \systemroot\PRAGMAmqxvjikbpf\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMApfyfvksmiq (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMApfyfvksmiq@start 4
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMApfyfvksmiq@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMApfyfvksmiq@imagepath \systemroot\PRAGMApfyfvksmiq\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMApfyfvksmiq\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMApfyfvksmiq\modules@PRAGMAd \systemroot\PRAGMApfyfvksmiq\PRAGMAd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMApfyfvksmiq\modules@PRAGMAc \systemroot\PRAGMApfyfvksmiq\PRAGMAc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMApfyfvksmiq\modules@pragmaserf pragmaserf
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMApfyfvksmiq\modules@pragmabbr pragmabbr
Reg HKLM\SOFTWARE\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}
Reg HKLM\SOFTWARE\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{32938C78-0ADD-0425-F608A7371C76BC8C}\{E8D2B0F9-E0D3-8AE2-20991F1161E4F2DF}\{7995BC84-47FD-8A94-D99080701E7E0878}
Reg HKLM\SOFTWARE\Classes\CLSID\{32938C78-0ADD-0425-F608A7371C76BC8C}\{E8D2B0F9-E0D3-8AE2-20991F1161E4F2DF}\{7995BC84-47FD-8A94-D99080701E7E0878}@SE4K5INHHR1EDZYY15BVZC6TKG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}
Reg HKLM\SOFTWARE\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}@SE4K5INHHR1EDZYY15BVZC6TKG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{959CDFD9-242F-9381-450EBA075CF8D1EA}\{E4126DDE-B1CF-F46E-6FBC1229E79DA1E8}\{36374683-3A91-E5DA-C1D5F9EB3706FEB8}
Reg HKLM\SOFTWARE\Classes\CLSID\{959CDFD9-242F-9381-450EBA075CF8D1EA}\{E4126DDE-B1CF-F46E-6FBC1229E79DA1E8}\{36374683-3A91-E5DA-C1D5F9EB3706FEB8}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...

---- Files - GMER 1.0.15 ----

File E:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll 1191 bytes
File E:\Documents and Settings\Taylor\Local Settings\Temp\PRAGMA3d62.tmp 107008 bytes executable
File E:\Documents and Settings\Taylor\Local Settings\Temp\PRAGMA48bc.tmp 343040 bytes executable
File E:\Documents and Settings\Taylor\Local Settings\Temp\PRAGMAbc2.tmp 343040 bytes executable
File E:\Documents and Settings\Taylor\Local Settings\Temp\PRAGMAcf52.tmp 343040 bytes executable
File E:\Documents and Settings\Taylor\Local Settings\Temp\pragmamainqt.dll 10376 bytes
File E:\Documents and Settings\Taylor\Local Settings\Temp\pragmapdconf.ini 34 bytes


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 06 June 2010 - 01:39 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 09 June 2010 - 03:28 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 AM

Posted 12 June 2010 - 11:00 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users