Active PC infected

coucoucbm · 2009/04/25

[Active] PC infected

HI,

this is the log generated by DDS, please help me to remove this infection.

DDS LOG

DDS (Ver_09-03-16.01) - NTFSx86
Run by ramroumma at 8:52:56.07 on Sat 04/25/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.279 [GMT -7:00]

AV: Antivirus BitDefender *On-access scanning enabled* (Outdated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Pare-feu BitDefender *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ramroumma\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [cdloader] "c:\documents and settings\ramroumma\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe "
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe "
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ramrou~1\applic~1\mozilla\firefox\profiles\ev4rsjo2.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2009-4-3 3456]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-22 28544]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-24 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\naveng.sys [2009-4-24 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090424.003\navex15.sys [2009-4-24 876144]
S2 Symantec AntiVirus;Symantec AntiVirus; "c:\program files\symantec antivirus\rtvscan.exe" --> c:\program files\symantec antivirus\Rtvscan.exe [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
S3 SavRoam;SAVRoam; "c:\program files\symantec antivirus\savroam.exe" --> c:\program files\symantec antivirus\SavRoam.exe [?]

=============== Created Last 30 ================

2009-04-24 23:14 <DIR> a-dshr-- C:\cmdcons
2009-04-24 23:13 161,792 a------- c:\windows\SWREG.exe
2009-04-24 23:13 98,816 a------- c:\windows\sed.exe
2009-04-24 23:13 <DIR> --d----- C:\ComboFix
2009-04-24 20:45 850 a------- c:\windows\system32\ProductTweaks.xml
2009-04-24 20:45 385 a------- c:\windows\system32\user_gensett.xml
2009-04-24 20:25 121 a------- c:\windows\bdagent.INI
2009-04-24 18:12 <DIR> --d----- c:\docume~1\ramrou~1\applic~1\BitDefender
2009-04-24 18:11 <DIR> --d----- c:\program files\BitDefender
2009-04-24 18:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-04-24 18:09 <DIR> --d----- c:\program files\common files\BitDefender
2009-04-22 20:01 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-22 19:55 <DIR> --d----- c:\program files\Panda Security
2009-04-19 13:22 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-16 10:41 26,112 ac------ c:\windows\system32\dllcache\usbser.sys
2009-04-16 10:41 26,112 a------- c:\windows\system32\drivers\usbser.sys
2009-04-15 19:05 1,388,544 a------- c:\windows\system32\msvbvm60.dll
2009-04-15 19:05 1,077,344 a------- c:\windows\system32\MSCOMCTL.OCX
2009-04-15 19:05 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-04-15 13:32 5,632 a------- c:\windows\system32\ptpusb.dll
2009-04-15 13:32 159,232 a------- c:\windows\system32\ptpusd.dll
2009-04-15 13:32 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-15 13:32 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-15 13:08 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-15 13:08 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-15 13:06 <DIR> --d----- c:\program files\CardRecovery
2009-04-15 06:23 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 06:23 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 06:23 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-12 09:21 <DIR> --d----- c:\program files\GetData
2009-04-12 08:12 <DIR> --d----- c:\docume~1\ramrou~1\applic~1\TeamViewer
2009-04-12 08:12 <DIR> --d----- c:\program files\TeamViewer
2009-04-12 08:10 <DIR> --d----- c:\documents and settings\ramroumma\temp
2009-04-10 04:34 <DIR> --d----- c:\windows\system32\KB905474
2009-04-08 13:00 <DIR> --d----- c:\docume~1\ramrou~1\applic~1\mjusbsp
2009-04-08 13:00 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-04-06 22:10 <DIR> --d----- c:\program files\Movie Rotator
2009-04-06 20:29 116 a------- c:\windows\NeroDigital.ini
2009-04-06 20:24 <DIR> --d----- c:\docume~1\ramrou~1\applic~1\AVS4YOU
2009-04-06 20:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-04-06 20:01 <DIR> --d----- c:\program files\common files\AVSMedia
2009-04-06 19:58 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-04-06 19:58 24,576 a------- c:\windows\system32\msxml3a.dll
2009-04-06 19:58 <DIR> --d----- c:\program files\AVS4YOU
2009-04-05 06:08 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-05 06:08 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-05 06:08 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-04 19:58 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2009-04-04 19:58 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2009-04-04 19:58 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-04-04 19:58 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-04-04 19:58 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-04-04 19:58 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-04-04 19:58 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-04-04 19:58 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-04-04 19:13 175 a------- c:\windows\cdplayer.ini
2009-04-04 19:13 <DIR> --d----- c:\program files\common files\xing shared
2009-04-04 19:12 <DIR> --d----- c:\program files\common files\Real
2009-04-04 10:26 <DIR> --ds---- c:\documents and settings\ramroumma\UserData
2009-04-04 06:25 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-04-04 04:03 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-04 04:02 666,112 -c------ c:\windows\system32\dllcache\wininet.dll
2009-04-04 04:02 619,520 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-04-04 04:02 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-04-04 04:02 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-04 04:01 <DIR> --d----- c:\program files\common files\Logitech
2009-04-04 04:00 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-04 04:00 <DIR> --d-h--- c:\windows\$hf_mig$
2009-04-04 03:56 <DIR> --d----- c:\program files\Skype
2009-04-04 03:45 144,896 -c------ c:\windows\system32\dllcache\schannel.dll
2009-04-04 03:44 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-03 23:18 69,632 a------- c:\windows\system32\bcmwlpkt.dll
2009-04-03 23:18 33,664 a------- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-04-03 23:18 44,544 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2009-04-03 23:18 3,096,576 a------- c:\windows\system32\BCMWLCPL.CPL
2009-04-03 23:18 757,760 a------- c:\windows\system32\bcm1xsup.dll
2009-04-03 23:18 1,347,584 a------- c:\windows\system32\WLTRAY.EXE
2009-04-03 23:18 44,032 a------- c:\windows\system32\wltrynt.dll
2009-04-03 23:18 18,944 a------- c:\windows\system32\WLTRYSVC.EXE
2009-04-03 23:18 2,129,920 a------- c:\windows\system32\WLBCGCBPRO731.DLL
2009-04-03 23:18 86,016 a------- c:\windows\system32\preflib.dll
2009-04-03 23:18 <DIR> --d----- c:\program files\Broadcom
2009-04-03 23:18 1,200,128 a------- c:\windows\system32\BCMWLTRY.EXE
2009-04-03 23:18 253,952 a------- c:\windows\system32\bcmwlu00.exe
2009-04-03 23:17 28,544 a------- c:\windows\system32\drivers\rimmptsk.sys
2009-04-03 23:16 3,456 a------- c:\windows\system32\drivers\atiide.sys
2009-04-03 23:16 <DIR> --d----- C:\dell
2009-04-03 23:16 <DIR> --d----- c:\windows\system32\vmm32
2009-04-03 23:16 <DIR> --d----- c:\program files\Dell
2009-04-03 23:15 0 a------- c:\windows\VPC32.INI
2009-04-03 23:14 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-03 23:14 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-03 23:14 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-03 23:14 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-03 23:14 <DIR> --d----- c:\windows\RegisteredPackages
2009-04-03 23:14 <DIR> --d----- c:\program files\Symantec
2009-04-03 23:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-04-03 23:13 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-04-03 23:13 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-03 23:10 <DIR> --ds---- c:\windows\system32\Microsoft
2009-04-03 22:59 316,640 a------- c:\windows\WMSysPr9.prx
2009-04-03 22:59 239,616 -------- c:\windows\system32\wstrenderer.ax
2009-04-03 22:59 164,352 -------- c:\windows\system32\wstpager.ax
2009-04-03 22:59 53,248 -------- c:\windows\system32\vbicodec.ax
2009-04-03 22:59 46,592 -------- c:\windows\system32\drivers\irbus.sys
2009-04-03 22:59 9,728 -------- c:\windows\system32\comsdupd.exe
2009-04-03 22:57 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-03 22:55 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-04-03 22:53 19,528 a------- c:\windows\002258_.tmp
2009-04-03 22:53 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-04-03 22:53 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-03 22:51 <DIR> --d----- c:\windows\EHome
2009-04-03 21:15 <DIR> --dsh--- c:\windows\Installer
2009-04-03 21:15 <DIR> --d----- c:\documents and settings\ramroumma
2009-04-03 21:03 8,192 a------- c:\windows\REGLOCS.OLD
2009-04-03 21:01 5,632 ac------ c:\windows\system32\dllcache\kbdinhin.dll
2009-04-03 21:00 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-04-03 20:59 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-03 20:59 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-04-03 20:59 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-04-03 20:59 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-04-03 20:59 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-03 20:59 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-04-03 20:59 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-04-03 20:58 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-03 20:56 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-03 20:56 <DIR> --d----- c:\program files\Online Services
2009-04-03 20:56 <DIR> --d----- c:\program files\Messenger
2009-04-03 20:56 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-03 20:55 <DIR> --d----- c:\program files\Windows NT
2009-04-03 19:49 <DIR> --d----- c:\program files\CONEXANT
2009-04-03 19:34 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-03 19:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-03 19:32 <DIR> --d----- c:\program files\Synaptics
2009-04-03 19:32 <DIR> --d----- c:\program files\AMD
2009-04-03 19:27 <DIR> --d----- c:\program files\SigmaTel
2009-04-03 19:26 <DIR> --d----- c:\program files\ATI Technologies
2009-04-03 12:47 <DIR> --d----- c:\program files\common files\ODBC
2009-04-03 12:47 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-04-03 12:47 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-04-25 08:19 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-04-24 18:23 90,112 a------- c:\windows\DUMP71d4.tmp
2009-04-03 21:00 558,142 a------- c:\windows\java\packages\135ZXBLN.ZIP
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\XNXZV3LR.DAT
2009-04-03 21:00 155,995 a------- c:\windows\java\packages\E3B1FZLB.ZIP
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\4YIKD7B9.DAT
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\PRZ7BN97.DAT
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\MKAC0UAU.DAT
2009-04-03 21:00 2,678 a------- c:\windows\java\packages\data\7PZNHF1R.DAT
2009-04-03 20:57 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-03 20:14 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-03 19:34 5 a------- c:\windows\system32\drivers\DELL_INS_1501.MRK
2009-04-03 19:34 5 a------- c:\windows\system32\drivers\1028_DELL_INS_1501.MRK
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 01:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 01:10 81,920 -------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll

============= FINISH: 8:53:19.64 ===============

Attach Log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/3/2009 9:02:50 PM
System Uptime: 4/25/2009 5:37:22 AM (3 hours ago)

Motherboard: Dell Inc. | | Inspiron 1501
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1596/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 53.416 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AMD Processor Driver
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BitDefender Total Security 2009
Broadcom 440x 10/100 Integrated Controller
CardRecovery 5.20
Conexant HDA D110 MDC V.92 Modem
Dell Resource CD
Dell Wireless WLAN Card
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 6
LiveUpdate 3.1 (Symantec Corporation)
Logitech Audio Echo Cancellation Component
Logitech Video Enumerator
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Movie Rotator 1.2
Mozilla Firefox (3.0.9)
MSXML 4.0 SP2 (KB954430)
MVision
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Panda ActiveScan 2.0
QuickSet
QuickTime
RealPlayer
Recover My Files
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SigmaTel Audio
Skypeâ„¢ 3.8
Spybot - Search & Destroy
Symantec AntiVirus
Synaptics Pointing Device Driver
TeamViewer 4
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
Windows Media Format 11 runtime
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

4/24/2009 9:06:44 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 9:06:40 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 9:06:40 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 9:06:40 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/24/2009 9:06:38 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 8:55:45 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 8:55:37 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
4/24/2009 8:50:16 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 ee1ade67, parameter3 ba781428, parameter4 00000000.
4/24/2009 7:12:39 PM, error: AmdK8 [2] - The Acpi 2.0 _PCT object returned an invalid value of 3
4/24/2009 6:42:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/24/2009 6:41:19 PM, error: SRService [104] - The System Restore initialization process failed.
4/24/2009 6:41:19 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
4/24/2009 6:25:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 APPDRV eeCtrl Fips pavboot SAVRT SAVRTPEL SPBBCDrv SYMTDI
4/24/2009 6:17:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 APPDRV eeCtrl Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SAVRT SAVRTPEL SPBBCDrv SYMTDI Tcpip
4/24/2009 6:17:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2009 6:17:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2009 6:17:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2009 6:17:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/24/2009 6:17:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/24/2009 4:36:12 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 ee45be67, parameter3 f793198c, parameter4 f7931688.
4/24/2009 4:35:40 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eddc9e67, parameter3 ba6caeec, parameter4 00000000.
4/24/2009 4:35:31 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eddc9e67, parameter3 eb22f668, parameter4 00000000.
4/24/2009 4:35:28 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 eddc9e67, parameter3 f7043668, parameter4 00000000.
4/24/2009 4:35:26 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 edc18e67, parameter3 eb6d5eec, parameter4 00000000.
4/24/2009 4:35:13 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 edc18e67, parameter3 ee9ed368, parameter4 00000000.
4/24/2009 11:18:14 PM, error: Service Control Manager [7000] - The BitDefender Virus Shield service failed to start due to the following error: The system cannot find the file specified.
4/24/2009 11:05:08 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
4/22/2009 8:25:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 APPDRV eeCtrl Fips SAVRT SAVRTPEL SPBBCDrv SYMTDI
4/22/2009 8:24:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/22/2009 8:24:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/22/2009 7:12:41 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 ed8a7e67, parameter3 bab713fc, parameter4 00000000.
4/22/2009 4:14:21 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 edbe7e67, parameter3 f697c368, parameter4 00000000.
4/22/2009 10:40:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LiveUpdate with arguments " " in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
4/20/2009 10:10:16 AM, error: Service Control Manager [7000] - The Process Monitor service failed to start due to the following error: The system cannot find the file specified.
4/18/2009 6:20:52 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

==== End Of File ===========================

mickzer · 2009/04/25

You need to post in the Malware and Virus Removal forum here:
http://www.windowsbbs.com/malware-virus-removal/

mickzer.

Admin. · 2009/04/25

Moved to the Malware Removal forum.

Geri · 2009/05/13

Hi
If you still need help, I see you have Combofix installed Please post the log it created.

It can be found here.
C:\combofix.txt

Geri

Log in or Sign up

Active PC infected

coucoucbm Inactive Thread Starter

mickzer Well-Known Member

Admin. Administrator Administrator Staff

Geri Inactive Alumni

Share This Page

Log in or Sign up

Active PC infected

coucoucbm Inactive Thread Starter

mickzer Well-Known Member

Admin. Administrator Administrator Staff

Geri Inactive Alumni

Share This Page

Useful Searches