Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

live security platinum infection


  • This topic is locked This topic is locked
1 reply to this topic

#1 fastsigns

fastsigns

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 16 September 2012 - 04:49 PM

sorry but originally posted here:

http://www.bleepingcomputer.com/forums/topic468702.html

Running win xp. Of course, I could not run anything in std win mode, as the virus would not allow. As soon as I boot up, the virus pops up, and when I tried to run Defogger, the virus says that it is infected and will not run it. Did all logs, and ran Defogger, in safe mode.

Thanks in advance for all you help. You guys are the best! Tom

Attached attach.txt and ark.txt

per instructions, see logs:

dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 7:39:38 on 2012-09-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1784 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRunOnce: [6F63A5762B17D9791AC1BC137B07D287] c:\documents and settings\all users\application data\6f63a5762b17d9791ac1bc137b07d287\6F63A5762B17D9791AC1BC137B07D287.exe
mRun: [Breakaway] "c:\program files\breakaway\breakaway.exe" force
mRun: [MSIAfterburner] "c:\program files\msi afterburner\MSIAfterburner.exe" /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [patshc] "c:\windows\system32\rundll32.exe" "c:\documents and settings\administrator\application data\patshc.dll",DelItem
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoLogoff = 01000000
uPolicies-explorer: NoActiveDesktop = 01000000
uPolicies-explorer: NoSMMyDocs = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
uPolicies-explorer: NoNetworkConnections = 01000000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266196479593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{2D99D413-EA81-4042-840B-45E902CAD5BD} : NameServer = 205.171.3.25,205.171.2.25
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\pvysjy3u.default\
FF - prefs.js: browser.startup.homepage - hxxp://forum.simjunkies.org/index.php?action=unread
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\pvysjy3u.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
S2 NProtectService;Norton Unerase Protection;c:\program files\norton utilities\NPROTECT.EXE [2009-8-16 135168]
S3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);c:\windows\system32\drivers\vaclcskd.sys [2009-12-5 50016]
S3 jatmlano;jatmlano;\??\c:\docume~1\admini~1\locals~1\temp\jatmlano.sys --> c:\docume~1\admini~1\locals~1\temp\jatmlano.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-15 114144]
.
=============== Created Last 30 ================
.
2012-09-16 01:13:22 -------- d-----w- c:\documents and settings\all users\application data\6F63A5762B17D9791AC1BC137B07D287
2012-09-16 01:13:12 -------- d-----w- c:\documents and settings\administrator\local settings\application data\{ADB8278F-FF9B-11E1-8271-B8AC6F996F26}
2012-09-16 01:13:10 431104 ----a-w- c:\documents and settings\administrator\application data\patshc.dll
2012-09-15 16:09:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-15 16:09:06 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-15 16:09:05 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-09-15 16:09:05 68576 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-09-15 16:09:05 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-09-15 16:09:05 2288608 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-09-15 16:09:05 192600 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-09-15 16:09:05 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-09-15 21:50:07 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-09-07 23:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 7:40:21.25 ===============

Attached Files


Edited by fastsigns, 17 September 2012 - 12:53 PM.


BC AdBot (Login to Remove)

 


#2 fastsigns

fastsigns
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 17 September 2012 - 05:28 PM

Got it taken care of. Until next time, and have a great week all!

http://forums.malwarebytes.org/index.php?showtopic=110630

Edited by fastsigns, 17 September 2012 - 05:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users