Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google keeps redirecting


  • This topic is locked This topic is locked
4 replies to this topic

#1 Salduchi

Salduchi

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 30 March 2011 - 11:48 PM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Sal at 19:08:49.43 on Wed 03/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.236 [GMT -7:00]
.
AV: Antivirus *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
.
============== Running Processes ===============
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sal\Local Settings\Temporary Internet Files\Content.IE5\XND9O4N5\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by MSN & Bing
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxps://www.mycccportal.com/r/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Filter: text/html - {45e0a2d1-9f7d-4922-89a4-84250be9db62} -
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sal\applic~1\mozilla\firefox\profiles\bto78uat.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-3-30 67584]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-3-17 723872]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
.
=============== Created Last 30 ================
.
2011-03-31 01:32:25 -------- d-----w- c:\windows\system32\NtmsData
2011-03-31 01:28:08 -------- d-----w- c:\program files\Cobian Backup 10
2011-03-31 01:06:11 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-31 01:06:11 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-31 01:02:25 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-03-31 01:01:25 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-31 01:00:51 -------- d-----w- c:\windows\FEFA34C36C95492A9F300B0B23689389.TMP
2011-03-31 01:00:41 -------- d-----w- c:\windows\6013BB49B1E7475889C1D241184670BA.TMP
2011-03-30 00:20:47 -------- d-----w- c:\docume~1\sal\locals~1\applic~1\AskToolbar
2011-03-30 00:20:16 -------- d-----w- c:\program files\Ask.com
2011-03-27 23:03:10 -------- d-----w- c:\docume~1\sal\locals~1\applic~1\Research In Motion
2011-03-27 05:56:10 110080 ----a-r- c:\docume~1\sal\applic~1\microsoft\installer\{fefa34c3-6c95-492a-9f30-0b0b23689389}\IconF7A21AF7.exe
2011-03-27 05:56:10 110080 ----a-r- c:\docume~1\sal\applic~1\microsoft\installer\{fefa34c3-6c95-492a-9f30-0b0b23689389}\IconD7F16134.exe
2011-03-25 20:02:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Mitchell
2011-03-25 19:45:15 67376 ----a-w- c:\windows\system32\SysInfo.ocx
2011-03-25 19:45:15 438976 ----a-w- c:\windows\system32\MSHFlxGd.ocx
2011-03-25 19:45:15 262328 ----a-w- c:\windows\system32\MSDatGrd.ocx
2011-03-25 19:45:15 203976 ----a-w- c:\windows\system32\RichTx32.ocx
2011-03-25 19:45:15 176648 ----a-w- c:\windows\system32\MSRdc20.ocx
2011-03-25 19:45:15 166408 ----a-w- c:\windows\system32\MSMask32.ocx
2011-03-25 19:45:15 115920 ----a-w- c:\windows\system32\MSInet.ocx
2011-03-25 19:45:15 109248 ----a-w- c:\windows\system32\MSWinSck.ocx
2011-03-25 19:45:15 103744 ----a-w- c:\windows\system32\MSComm32.ocx
2011-03-25 19:44:33 82960 ----a-w- c:\windows\system32\PicClp32.ocx
2011-03-25 19:44:33 232456 ----a-w- c:\windows\system32\MSDatLst.ocx
2011-03-25 19:44:33 209608 ----a-w- c:\windows\system32\TabCtl32.ocx
2011-03-25 19:44:33 137000 ----a-w- c:\windows\system32\MSMapi32.ocx
2011-03-25 19:44:32 198640 ----a-w- c:\windows\system32\MCI32.ocx
2011-03-25 19:44:32 118976 ----a-w- c:\windows\system32\msadodc.ocx
2011-03-25 19:44:32 1009336 ----a-w- c:\windows\system32\MSChrt20.ocx
2011-03-25 19:44:24 77824 ----a-w- c:\windows\system32\msbind.dll
2011-03-25 19:44:24 525352 ----a-w- c:\windows\system32\dbgrid32.ocx
2011-03-25 19:44:24 508928 ----a-w- c:\windows\system32\msde.dll
2011-03-25 19:44:18 89360 ----a-w- c:\windows\system32\Vb5db.dll
2011-03-25 19:44:18 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.DLL
2011-03-25 01:07:20 -------- dc-h--w- c:\windows\ie8
2011-03-21 18:26:46 -------- d-----w- C:\sh4ldr
2011-03-04 23:49:59 67208 ----a-w- c:\windows\UnDeploy.exe
2011-03-04 23:49:59 -------- d-----w- C:\HTE32
.
==================== Find3M ====================
.
2011-03-22 08:51:04 2764 ----a-w- c:\windows\system32\tmp.reg
.
============= FINISH: 19:09:51.29 ===============








Second Log -(would not upload as attachement)


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2009 3:44:34 PM
System Uptime: 3/30/2011 6:06:56 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WG261
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 37.271 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 233 GiB total, 221.709 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP563: 2/22/2011 9:57:50 PM - System Checkpoint
RP564: 2/23/2011 10:58:52 PM - System Checkpoint
RP565: 2/25/2011 10:26:44 AM - System Checkpoint
RP566: 2/26/2011 10:32:58 AM - System Checkpoint
RP567: 2/27/2011 10:45:53 AM - System Checkpoint
RP568: 2/28/2011 12:47:36 PM - System Checkpoint
RP569: 3/1/2011 7:14:22 PM - System Checkpoint
RP570: 3/2/2011 9:06:40 PM - System Checkpoint
RP571: 3/3/2011 9:47:27 PM - System Checkpoint
RP572: 3/4/2011 10:15:33 PM - System Checkpoint
RP573: 3/5/2011 11:05:57 PM - System Checkpoint
RP574: 3/7/2011 6:46:28 PM - System Checkpoint
RP575: 3/8/2011 12:09:04 AM - Software Distribution Service 3.0
RP576: 3/9/2011 9:07:02 AM - System Checkpoint
RP577: 3/9/2011 9:16:10 AM - Removed SpyHunter
RP578: 3/9/2011 9:16:21 AM - Installed SpyHunter
RP579: 3/10/2011 1:40:23 AM - Software Distribution Service 3.0
RP580: 3/11/2011 10:32:36 AM - System Checkpoint
RP581: 3/12/2011 1:36:16 PM - System Checkpoint
RP582: 3/13/2011 2:53:24 PM - System Checkpoint
RP583: 3/14/2011 3:12:59 PM - System Checkpoint
RP584: 3/15/2011 7:40:26 PM - System Checkpoint
RP585: 3/16/2011 9:01:23 PM - System Checkpoint
RP586: 3/17/2011 10:31:06 PM - System Checkpoint
RP587: 3/18/2011 10:43:06 PM - System Checkpoint
RP588: 3/19/2011 11:28:06 PM - System Checkpoint
RP589: 3/20/2011 11:57:22 PM - System Checkpoint
RP590: 3/21/2011 11:26:31 AM - Removed SpyHunter
RP591: 3/21/2011 11:26:45 AM - Installed SpyHunter
RP592: 3/22/2011 1:42:00 AM - Restore Operation
RP593: 3/23/2011 2:24:19 AM - System Checkpoint
RP594: 3/24/2011 5:01:49 PM - TruckEst
RP595: 3/24/2011 5:14:02 PM - TruckEst
RP596: 3/24/2011 5:24:03 PM - Uninstall TruckEst
RP597: 3/24/2011 5:26:37 PM - TruckEst
RP598: 3/24/2011 6:08:17 PM - Installed Windows Internet Explorer 8.
RP599: 3/24/2011 6:09:15 PM - Software Distribution Service 3.0
RP600: 3/24/2011 10:50:23 PM - Software Distribution Service 3.0
RP601: 3/25/2011 12:37:59 PM - Uninstall TruckEst
RP602: 3/25/2011 12:40:02 PM - TruckEst
RP603: 3/25/2011 12:58:40 PM - Uninstall TruckEst
RP604: 3/25/2011 1:00:16 PM - TruckEst
RP605: 3/25/2011 1:22:06 PM - TruckEst
RP606: 3/26/2011 3:05:37 PM - System Checkpoint
RP607: 3/26/2011 10:52:03 PM - Installed SpyHunter
RP608: 3/26/2011 10:55:49 PM - Removed SpyHunter
RP609: 3/26/2011 10:56:05 PM - Installed SpyHunter
RP610: 3/27/2011 3:50:22 PM - Installed BlackBerry Desktop Software 6.0.1.
RP611: 3/27/2011 3:53:45 PM - Removed BlackBerry Desktop Software 5.0.
RP612: 3/27/2011 3:55:39 PM - Removed Roxio Media Manager
RP613: 3/27/2011 4:04:02 PM - Installed Windows XP Wdf01009.
RP614: 3/28/2011 9:31:40 PM - System Checkpoint
RP615: 3/29/2011 2:28:52 AM - Software Distribution Service 3.0
RP616: 3/29/2011 5:20:40 PM - Printer Driver CutePDF Writer Installed
RP617: 3/30/2011 5:30:33 PM - Restore Operation
RP618: 3/30/2011 5:58:42 PM - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Active Disk
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0.1
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.1
Canon MP Navigator EX 2.1
Canon MX330 series MP Drivers
Canon MX330 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Cobian Backup 10
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
eGames GameButler
eGames Toolbar
EOSInfo
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® PRO Network Connections Drivers
IomegaWare 4.0.2
IsysLink
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 17
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MobileMe Control Panel
Mozilla Firefox 4.0 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PowerDVD
Program Files SceneCapture
QuickTime
Safari
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shoot the Roach
SpyHunter
TrackMania
TruckEst
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VoiceOver Kit
vShare Plugin
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
.
==== Event Viewer Messages From Past Week ========
.
3/30/2011 6:36:31 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\D.
3/30/2011 6:36:18 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library SMART G2 Dell Memory Key USB Device.
3/30/2011 3:33:22 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.15.100 with the system having network hardware address 60:FB:42:3D:03:86. Network operations on this system may be disrupted as a result.
3/30/2011 3:32:40 PM, error: Dhcp [1002] - The IP address lease 192.168.15.101 for the Network Card with network address 001372B3B2E8 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
3/29/2011 5:27:29 PM, error: Print [6161] - The document ActiveReports Document owned by Sal failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\SAL-COMPUTER. Win32 error code returned by the print processor: 6 (0x6).
3/29/2011 5:25:24 PM, error: Print [6161] - The document ActiveReports Document owned by Sal failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 71516. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\SAL-COMPUTER. Win32 error code returned by the print processor: 6 (0x6).
3/29/2011 5:22:11 PM, error: Print [6161] - The document ActiveReports Document owned by Sal failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 71692. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\SAL-COMPUTER. Win32 error code returned by the print processor: 6 (0x6).
3/29/2011 10:09:50 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
3/25/2011 7:40:55 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2011 6:54:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/24/2011 6:32:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/24/2011 6:30:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT prodrv06 RasAcd Rdbss Tcpip
3/24/2011 6:30:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 6:30:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 6:30:36 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 6:30:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 6:30:36 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 6:30:36 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2011 6:30:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/24/2011 6:30:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/24/2011 4:15:38 PM, error: Dhcp [1002] - The IP address lease 192.168.15.100 for the Network Card with network address 001372B3B2E8 has been denied by the DHCP server 76.85.238.65 (The DHCP Server sent a DHCPNACK message).
3/24/2011 4:09:29 PM, error: Dhcp [1002] - The IP address lease 192.168.15.103 for the Network Card with network address 001372B3B2E8 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
3/24/2011 4:08:07 PM, error: Dhcp [1002] - The IP address lease 192.168.16.2 for the Network Card with network address 001372B3B2E8 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
3/24/2011 4:05:46 PM, error: Dhcp [1002] - The IP address lease 76.95.83.78 for the Network Card with network address 001372B3B2E8 has been denied by the DHCP server 192.168.16.1 (The DHCP Server sent a DHCPNACK message).
3/24/2011 3:53:59 PM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 001372B3B2E8 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
3/24/2011 3:53:38 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
3/24/2011 2:32:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the crd service to connect.
3/24/2011 2:32:46 PM, error: Service Control Manager [7000] - The crd service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/24/2011 2:26:33 PM, error: Dhcp [1002] - The IP address lease 192.168.15.100 for the Network Card with network address 001372B3B2E8 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
3/24/2011 2:22:02 PM, error: Dhcp [1002] - The IP address lease 192.168.17.100 for the Network Card with network address 001372B3B2E8 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
3/24/2011 12:27:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
3/24/2011 11:11:19 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office Outlook 2003 (KB2293428).
3/24/2011 11:08:16 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office 2003 (KB976382).
3/24/2011 11:07:21 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office 2003 (KB2289187).
3/24/2011 11:06:16 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office Outlook 2003 (KB980373).
3/24/2011 11:05:20 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Update for Microsoft Office Outlook 2003 (KB2449798).
3/24/2011 11:04:24 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office 2003 (KB975051).
3/24/2011 11:03:28 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office 2003 (KB974554).
3/24/2011 11:02:33 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office Access 2003 (KB981716).
3/24/2011 11:01:27 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office Word 2003 (KB2344911).
3/24/2011 11:00:31 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office PowerPoint 2003 (KB2413304).
3/24/2011 10:59:35 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2508974).
3/24/2011 10:58:38 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Update for Microsoft Office 2003 (KB978551).
3/24/2011 10:57:31 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office 2003 (KB972580).
3/24/2011 10:56:35 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office 2003 (KB2289163).
3/24/2011 10:55:39 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office 2003 (KB2288613).
3/24/2011 10:54:41 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office Publisher 2003 (KB2284695).
3/24/2011 10:52:55 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office Excel 2003 (KB2344893).
3/24/2011 10:51:32 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Security Update for Microsoft Office InfoPath 2003 (KB980923).
3/24/2011 1:22:05 PM, error: Dhcp [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 001372B3B2E8 has been denied by the DHCP server 192.168.17.1 (The DHCP Server sent a DHCPNACK message).
3/23/2011 2:03:46 PM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
3/23/2011 2:03:46 PM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:11 PM

Posted 05 April 2011 - 05:45 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Salduchi

Salduchi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 05 April 2011 - 07:44 PM

My Issue Has Been Resolved. Thank You~!

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:11 PM

Posted 05 April 2011 - 07:48 PM

Thanks for posting back to inform me of such.

I appreciate it.

Cheers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:11 PM

Posted 05 April 2011 - 07:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users