Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent


  • Please log in to reply
5 replies to this topic

#1 xneoangel

xneoangel

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 09 February 2011 - 03:28 PM

I have some problem with spyware, the following file c:\RECYCLER\iexplore.exe (Trojan.Agent), is detected by MalwareBytes AntiSpyware and it supposedly removes it but it always reappears after the "clean-up" and i dont know how to clean the infection.

Theres some more info on this thread
http://www.bleepingcomputer.com/forums/topic374680.html

And here's the DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Papi Bonito at 15:54:32,07 on 09/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.58.3082.18.2047.1491 [GMT -4,5:30]

AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\UCharge\UCManSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Raxco\PerfectDisk\PDSched.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\RECYCLER\iexplore.exe
C:\Documents and Settings\Papi Bonito\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell=C:\:.exe -s explorer.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: &Referencia: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
uRun: [updateMgr] "c:\archivos de programa\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [MSMSGS] "c:\archivos de programa\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [nod32kui] "c:\archivos de programa\eset\nod32kui.exe" /WAITSERVICE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\archivos de programa\archivos comunes\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\archivos de programa\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\archivos de programa\creative\sblive\program\ADGJDet.exe"
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UpdateReminder] c:\archivos de programa\eset\UpdateReminder.exe
mRun: [Shell] c:\recycler\iexplore.exe -e
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\adober~1.lnk - c:\archivos de programa\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\interv~1.lnk - c:\archivos de programa\intervideo\common\bin\WinCinemaMgr.exe
IE: Download with GetRight - c:\archivos de programa\getright\GRdownload.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\archivos de programa\getright\GRbrowse.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212962868453
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
TCP: {B533EB38-9FA4-4FE3-B70E-F01F455D031C} = 200.44.32.12,200.11.248.12
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\papibo~1\datosd~1\mozilla\firefox\profiles\s5n3z9pa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\archivos de programa\virtools\3d life player\npvirtools.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-19 64160]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2008-6-8 61184]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2008-6-8 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2008-6-8 5248]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2006-2-23 11264]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-6-8 15424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 NOD32krn;NOD32 Kernel Service;c:\archivos de programa\eset\nod32krn.exe [2008-6-8 552064]
R2 PDSched;PDScheduler;c:\archivos de programa\raxco\perfectdisk\PDSched.exe [2005-11-29 241731]
R2 StarWindService;StarWind iSCSI Service;c:\archivos de programa\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]
R2 UCManSvc;UCManSvc;c:\windows\ucharge\UCManSvc.exe [2003-6-17 159744]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2006-10-31 35840]
S0 gsxstun;gsxstun;c:\windows\system32\drivers\pxhh.sys --> c:\windows\system32\drivers\pxhh.sys [?]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2010-8-30 36048]

=============== Created Last 30 ================

2011-02-09 19:22:02 -------- d-----w- C:\TDSSKiller_Quarantine
2011-02-07 02:09:56 -------- d-----w- c:\archivos de programa\SexGamesBox

==================== Find3M ====================

2010-12-29 03:57:49 151560 ----a-w- c:\windows\system32\SARCheck.dll
2010-12-20 16:13:00 615936 ------w- c:\windows\eiunin21.exe

============= FINISH: 15:55:37,98 ===============


Thanks for your attention

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:43 PM

Posted 15 February 2011 - 06:01 PM

hi xneoangel,

Your post is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 xneoangel

xneoangel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 24 February 2011 - 12:17 PM

Yes i still need some assistance to fix this issue.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:43 PM

Posted 24 February 2011 - 06:50 PM

ok. Since its been awhile please post a new DDS log and tell me if anything has changed.

How Can I Reduce My Risk to Malware?


#5 xneoangel

xneoangel
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 26 February 2011 - 12:44 PM

Here's the new DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Papi Bonito at 13:08:27,65 on 26/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.58.3082.18.2047.748 [GMT -4,5:30]

AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\RECYCLER\iexplore.exe
svchost.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\UCharge\UCManSvc.exe
C:\Archivos de programa\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Archivos de programa\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\DAEMON Tools Lite\DTLite.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Archivos de programa\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\eMule\emule.exe
C:\Archivos de programa\uTorrent\uTorrent.exe
C:\Archivos de programa\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Archivos de programa\Ahead\nero\nero.exe
C:\WINDOWS\explorer.exe
C:\RECYCLER\iexplore.exe
C:\Documents and Settings\Papi Bonito\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell=C:\:.exe -s explorer.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: &Referencia: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
uRun: [updateMgr] "c:\archivos de programa\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [MSMSGS] "c:\archivos de programa\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\archivos de programa\daemon tools lite\DTLite.exe" -autorun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [nod32kui] "c:\archivos de programa\eset\nod32kui.exe" /WAITSERVICE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\archivos de programa\quicktime\qttask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\archivos de programa\archivos comunes\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\archivos de programa\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\archivos de programa\creative\sblive\program\ADGJDet.exe"
mRun: [SunJavaUpdateSched] "c:\archivos de programa\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UpdateReminder] c:\archivos de programa\eset\UpdateReminder.exe
mRun: [Shell] c:\recycler\iexplore.exe -e
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\adober~1.lnk - c:\archivos de programa\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\interv~1.lnk - c:\archivos de programa\intervideo\common\bin\WinCinemaMgr.exe
IE: Download with GetRight - c:\archivos de programa\getright\GRdownload.htm
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\archivos de programa\getright\GRbrowse.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212962868453
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
TCP: {B533EB38-9FA4-4FE3-B70E-F01F455D031C} = 200.44.32.12,200.11.248.12
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\papibo~1\datosd~1\mozilla\firefox\profiles\s5n3z9pa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\archivos de programa\virtools\3d life player\npvirtools.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de programa\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\archivos de programa\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-19 64160]
R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [2008-6-8 61184]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2008-6-8 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2008-6-8 5248]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2006-2-23 11264]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-6-8 15424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 NOD32krn;NOD32 Kernel Service;c:\archivos de programa\eset\nod32krn.exe [2008-6-8 552064]
R2 PDSched;PDScheduler;c:\archivos de programa\raxco\perfectdisk\PDSched.exe [2005-11-29 241731]
R2 StarWindService;StarWind iSCSI Service;c:\archivos de programa\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]
R2 UCManSvc;UCManSvc;c:\windows\ucharge\UCManSvc.exe [2003-6-17 159744]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2006-10-31 35840]
S0 gsxstun;gsxstun;c:\windows\system32\drivers\pxhh.sys --> c:\windows\system32\drivers\pxhh.sys [?]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2010-8-30 36048]

=============== Created Last 30 ================

2011-02-19 16:21:03 -------- d-----w- C:\[JinJin - HCGs] JinJin CG Collection (OK)
2011-02-18 00:41:31 -------- d-----w- C:\[Delta - Route2] Futanari Kanon-Chan (Incluye HCGs) (2008-12-05) (OK)
2011-02-18 00:41:02 -------- d-----w- C:\[Hobibox - Clockup] Rinjoku No Shiro Kairai No Ou (Incluye HCGs) (2008-05-30) ()
2011-02-18 00:40:02 -------- d-----w- C:\[Blue Gale] Naisho No Tin-Tin Time (Incluye HCGs) (2006-08-11) (Bajando)
2011-02-18 00:32:11 -------- d-----w- C:\[Behind Moon - HCGs] Behind Moon CG Collection VOL.2 (OK)
2011-02-18 00:32:08 -------- d-----w- C:\[Behind Moon - HCGs] Behind Moon CG Collection VOL.1 (OK)
2011-02-15 06:29:54 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-02-15 06:29:38 -------- d-----w- c:\archivos de programa\DAEMON Tools Lite
2011-02-15 06:14:07 -------- d-----w- c:\archivos de programa\UnH Solutions
2011-02-09 19:22:02 -------- d-----w- C:\TDSSKiller_Quarantine
2011-02-07 02:09:56 -------- d-----w- c:\archivos de programa\SexGamesBox

==================== Find3M ====================

2011-01-21 14:44:08 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:03:41 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-29 03:57:49 151560 ----a-w- c:\windows\system32\SARCheck.dll
2010-12-22 12:34:22 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:51:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:51:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:51:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25:43 734720 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 16:13:00 615936 ------w- c:\windows\eiunin21.exe
2010-12-20 12:55:37 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:17 742912 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:13:50 2029568 ------w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:13:49 2151424 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:29:50 33280 ----a-w- c:\windows\system32\csrsrv.dll

============= FINISH: 13:09:45,68 ===============


Thanks for your help.

Attached File  Attach.txt   15.04KB   0 downloads

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:43 PM

Posted 26 February 2011 - 06:20 PM

We will get another download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine:

Guide to using Combofix

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users