1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active I have a virus. plz help me

Discussion in 'Malware and Virus Removal Archive' started by the balance, 2010/02/22.

  1. 2010/02/22
    the balance

    the balance Inactive Thread Starter

    Joined:
    2010/02/22
    Messages:
    1
    Likes Received:
    0
    [Active] I have a virus. plz help me

    Well i believe that i have a trojan virus. i have gotten one before and it really messed up my computer. :( Now i believe i have one again. i'm pretty sure that my brother got it from looking at ****.. PLEASE HELP.

    DDS.txt:

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Owner at 11:29:00.12 on Mon 02/22/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.150 [GMT -5:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\lxdccoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://m.www.yahoo.com/?fr=w3i&type=W3i_SP,150,0_0,StartPage,20100208,6636,0,8,0
    uSearch Page =
    uDefault_Page_URL = hxxp://us10.hpwis.com/
    uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
    uSearch Bar =
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearchAssistant =
    uURLSearchHooks: H - No File
    uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Shop to Win 2: {20fec4e7-f7b7-438b-8191-33d2efc5ebea} - c:\program files\shop to win 2\ShoppingBHO.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Smart-Shopper: {4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} - c:\program files\smart-shopper\bin\2.6.71\Smrt-Shpr.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com toolbar\freeze_sa_us.dll
    BHO: TBSB08993 Class: {fd4e08f0-3de7-4014-99c9-a84e5a99a2ad} - c:\program files\hypercam toolbar\tbcore3.dll
    TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - c:\program files\my.freeze.com toolbar\freeze_sa_us.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: SmartShopper: {8bcb5337-ec01-4e38-840c-a964f174255b} - c:\program files\smart-shopper\bin\2.6.71\Smrt-Shpr.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" - "http://www.andkon.com/arcade/adventureaction/paperairplane/ "
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [LXDCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDCtime.dll,_RunDLLEntry@16
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe "
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [sabawusik] Rundll32.exe "c:\windows\system32\fegufula.dll ",a
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {6FAC4823-815E-4361-836E-46D65ED2550B} - c:\program files\smart-shopper\bin\2.6.71\Smrt-Shpr.dll
    IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\smart-shopper\bin\2.6.71\Smrt-Shpr.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
    DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193351204027
    DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxsrvc.dll
    AppInit_DLLs: zivahesu.dll c:\windows\system32\fegufula.dll c:\windows\system32\wusorevo.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: kofegimag - {49a4b0e8-99f1-4058-841d-4592636a4c25} - c:\windows\system32\fegufula.dll
    STS: jugezatag: {49a4b0e8-99f1-4058-841d-4592636a4c25} - c:\windows\system32\fegufula.dll
    SEH: {03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - No File
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
    LSA: Notification Packages = scecli pehirema.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-7 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-7 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-7 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-7 297752]
    R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
    R2 X4HS32Ex;X4HS32Ex;c:\program files\free ride games\X4HS32Ex.sys [2010-2-20 54816]
    S0 ylot;ylot;c:\windows\system32\drivers\ngdr.sys --> c:\windows\system32\drivers\ngdr.sys [?]
    S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
    S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [2005-12-25 36981]
    S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]

    =============== Created Last 30 ================

    2010-02-20 15:31:52 37033 ------w- c:\windows\FRGT.ico
    2010-02-20 15:31:51 64 ----a-w- c:\windows\GPlrLanc.dat
    2010-02-20 15:29:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Free Ride Games
    2010-02-20 15:29:19 53314 ------w- c:\windows\ExentInfo.exe
    2010-02-20 15:28:27 0 d-----w- c:\program files\Free Ride Games
    2010-02-20 15:28:09 0 d-----w- C:\Remote Programs
    2010-02-20 15:16:03 0 d-----w- c:\docume~1\owner\applic~1\Smart-Shopper
    2010-02-20 15:15:56 0 d-----w- c:\program files\Smart-Shopper
    2010-02-20 15:15:47 0 d-----w- c:\program files\My.Freeze.com Toolbar
    2010-02-20 15:15:21 0 d-----w- c:\program files\Microsoft
    2010-02-20 15:15:03 0 d-----w- c:\program files\MSN Toolbar
    2010-02-20 15:05:22 0 d-----w- c:\program files\MSN Toolbar Installer
    2010-02-20 14:56:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-02-20 14:56:44 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-20 14:41:43 0 d-----w- c:\docume~1\owner\applic~1\WeatherBug
    2010-02-20 14:41:35 0 d-----w- c:\program files\AWS
    2010-02-20 14:41:04 0 d-----w- c:\program files\Xobni
    2010-02-20 14:41:01 0 d-----w- c:\docume~1\owner\applic~1\FCSB000062035
    2010-02-20 14:40:46 0 d-----w- c:\program files\Freeze.com
    2010-02-20 14:40:16 0 d-----w- c:\program files\Free Offers from Freeze.com
    2010-02-20 14:40:13 0 d-----w- c:\program files\Shop to Win 2
    2010-02-15 23:26:23 93184 --sh--w- c:\windows\system32\roloropo.dll
    2010-02-15 23:22:45 1 --sh--w- c:\windows\system32\jadebaji.dll
    2010-02-03 21:35:44 0 d-----w- c:\program files\common files\Software Update Utility
    2010-01-26 23:26:34 0 d-----w- c:\docume~1\owner\applic~1\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
    2010-01-26 00:46:56 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2010-01-26 00:46:56 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2010-01-26 00:46:50 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2010-01-26 00:46:50 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2010-01-26 00:46:39 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2010-01-26 00:41:14 0 d-----w- C:\Riot Games

    ==================== Find3M ====================

    2010-02-22 14:51:33 41 ----a-w- c:\documents and settings\owner\jagex_runescape_preferences.dat
    2010-02-22 14:19:17 69 ----a-w- c:\documents and settings\owner\jagex_runescape_preferences2.dat
    2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
    2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-20 19:33:54 3343 ----a-w- c:\windows\UnHyCam.bat
    2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
    2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
    2007-10-23 16:45:34 87400 ----a-w- c:\program files\UnHyCam2.exe
    2007-10-23 16:45:32 882000 ----a-w- c:\program files\HyCam2.exe
    2007-10-22 19:09:39 106496 ----a-w- c:\program files\CamRes2.dll
    2007-09-27 18:31:44 5272 ----a-w- c:\program files\HyCam2.tlb
    2007-08-11 22:15:12 57344 ----a-w- c:\program files\MClick2.dll
    2006-12-14 17:13:53 113628 ----a-w- c:\program files\HyCam2.chm
    2006-12-14 14:18:46 3274 ----a-w- c:\program files\agreement.txt
    2006-07-09 09:13:43 82 ----a-w- c:\program files\HomePage.url
    2004-05-05 16:57:28 2018 ----a-w- c:\program files\readme.txt
    2004-04-16 18:07:26 675 ----a-w- c:\program files\HyCam2.cnt
    1999-06-24 15:49:50 421 ----a-w- c:\program files\8-44100u.wav
    1999-06-24 15:49:16 587 ----a-w- c:\program files\8-44100d.wav
    1999-06-24 15:47:52 225 ----a-w- c:\program files\8-22050u.wav
    1999-06-24 15:47:28 317 ----a-w- c:\program files\8-22050d.wav
    1999-06-24 15:46:30 135 ----a-w- c:\program files\8-11025u.wav
    1999-06-24 15:46:04 183 ----a-w- c:\program files\8-11025d.wav
    1999-06-24 15:44:02 127 ----a-w- c:\program files\8-8000u.wav
    1999-06-24 15:43:36 151 ----a-w- c:\program files\8-8000d.wav
    1999-06-24 15:41:20 220 ----a-w- c:\program files\16-8000u.wav
    1999-06-24 15:40:52 260 ----a-w- c:\program files\16-8000d.wav
    1999-06-24 15:38:30 956 ----a-w- c:\program files\16-44100u.wav
    1999-06-24 15:37:56 1186 ----a-w- c:\program files\16-44100d.wav
    1999-06-24 15:34:48 442 ----a-w- c:\program files\16-22050u.wav
    1999-06-24 15:34:12 652 ----a-w- c:\program files\16-22050d.wav
    1999-06-24 14:54:34 340 ----a-w- c:\program files\16-11025d.wav
    1999-06-24 14:50:14 326 ----a-w- c:\program files\16-11025u.wav
    2004-07-05 20:45:17 32 --sha-w- c:\windows\{BE350E52-7A2A-459D-A440-A7BF872F6B3B}.dat
    2005-02-17 02:33:00 0 --sha-w- c:\windows\sminst\HPCD.sys
    1601-01-01 00:03:28 38912 --sha-w- c:\windows\system32\dupekayi.dll
    1601-01-01 00:03:28 53760 --sha-w- c:\windows\system32\gefuvura.dll
    1601-01-01 00:03:28 47104 --sha-w- c:\windows\system32\juneteyo.dll
    1601-01-01 00:03:28 48128 --sha-w- c:\windows\system32\lumuheze.dll
    1601-01-01 00:03:28 1 --sha-w- c:\windows\system32\matehabu.dll
    1601-01-01 00:03:28 47104 --sha-w- c:\windows\system32\muhoyawa.dll
    1601-01-01 00:03:52 56832 --sha-w- c:\windows\system32\nagefipi.dll
    1601-01-01 00:03:28 100864 --sha-w- c:\windows\system32\nonomaso.dll
    1601-01-01 00:03:28 47616 --sha-w- c:\windows\system32\nufeduta.dll
    1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\pagifali.dll
    1601-01-01 00:03:52 56832 --sha-w- c:\windows\system32\pehirema.dll
    1601-01-01 00:03:28 70144 --sha-w- c:\windows\system32\pezatehe.dll
    1601-01-01 00:03:28 47616 --sha-w- c:\windows\system32\tasurizo.dll
    1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\vatimete.dll
    1601-01-01 00:03:28 56832 --sha-w- c:\windows\system32\venumeho.dll
    1601-01-01 00:03:28 39424 --sha-w- c:\windows\system32\zahuzihi.dll
    2009-01-10 13:42:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011020090111\index.dat

    ============= FINISH: 11:30:21.96 ===============


    ATTACH.txt:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/22/2005 9:16:19 PM
    System Uptime: 2/22/2010 11:00:24 AM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | Explorer4
    Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2191/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 143 GiB total, 78.49 GiB free.
    D: is FIXED (FAT32) - 6 GiB total, 1.873 GiB free.
    E: is CDROM (UDF)
    H: is Removable
    I: is Removable
    J: is Removable
    M: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1281: 11/24/2009 4:00:21 PM - Software Distribution Service 3.0
    RP1282: 11/26/2009 9:19:18 AM - Avg8 Update
    RP1283: 11/27/2009 11:37:00 AM - Software Distribution Service 3.0
    RP1284: 11/29/2009 8:11:38 AM - System Checkpoint
    RP1285: 11/30/2009 7:54:47 PM - Software Distribution Service 3.0
    RP1286: 12/2/2009 3:51:09 PM - System Checkpoint
    RP1287: 12/3/2009 2:30:28 PM - Software Distribution Service 3.0
    RP1288: 12/4/2009 3:38:43 PM - System Checkpoint
    RP1289: 12/6/2009 1:44:44 PM - System Checkpoint
    RP1290: 12/7/2009 2:33:17 PM - Installed GTA San Andreas
    RP1291: 12/7/2009 2:34:33 PM - Software Distribution Service 3.0
    RP1292: 12/8/2009 8:39:19 PM - Software Distribution Service 3.0
    RP1293: 12/9/2009 8:55:02 AM - Avg8 Update
    RP1294: 12/9/2009 9:11:49 AM - Removed GTA San Andreas
    RP1295: 12/9/2009 9:13:41 AM - Installed GTA San Andreas
    RP1296: 12/10/2009 2:47:31 PM - Software Distribution Service 3.0
    RP1297: 12/10/2009 3:38:55 PM - Removed GTA San Andreas
    RP1298: 12/10/2009 3:44:41 PM - Installed GTA San Andreas
    RP1299: 12/10/2009 3:51:12 PM - Installed GTA San Andreas
    RP1300: 12/11/2009 4:06:31 PM - System Checkpoint
    RP1301: 12/13/2009 5:22:16 PM - System Checkpoint
    RP1302: 12/15/2009 2:19:55 PM - Software Distribution Service 3.0
    RP1303: 12/17/2009 2:42:48 PM - Software Distribution Service 3.0
    RP1304: 12/18/2009 2:15:15 PM - Avg8 Update
    RP1305: 12/18/2009 2:22:40 PM - Avg8 Update
    RP1306: 12/18/2009 4:00:28 PM - Software Distribution Service 3.0
    RP1307: 12/19/2009 8:21:14 AM - Avg8 Update
    RP1308: 12/19/2009 8:24:17 AM - Avg8 Update
    RP1309: 12/20/2009 10:21:07 AM - System Checkpoint
    RP1310: 12/21/2009 2:20:52 PM - Software Distribution Service 3.0
    RP1311: 12/23/2009 4:37:43 PM - System Checkpoint
    RP1312: 12/24/2009 9:36:21 AM - Avg8 Update
    RP1313: 12/24/2009 12:32:29 PM - Software Distribution Service 3.0
    RP1314: 12/25/2009 1:36:43 PM - System Checkpoint
    RP1315: 12/26/2009 1:41:22 PM - System Checkpoint
    RP1316: 12/28/2009 9:45:43 AM - System Checkpoint
    RP1317: 12/29/2009 7:44:59 PM - Software Distribution Service 3.0
    RP1318: 12/31/2009 6:31:51 PM - Software Distribution Service 3.0
    RP1319: 1/1/2010 9:45:17 AM - Avg8 Update
    RP1320: 1/2/2010 1:48:34 PM - System Checkpoint
    RP1321: 1/3/2010 4:08:06 PM - System Checkpoint
    RP1322: 1/4/2010 2:23:57 PM - Avg8 Update
    RP1323: 1/4/2010 2:28:15 PM - Software Distribution Service 3.0
    RP1324: 1/5/2010 4:08:05 PM - System Checkpoint
    RP1325: 1/7/2010 3:54:26 PM - Software Distribution Service 3.0
    RP1326: 1/8/2010 5:01:25 PM - System Checkpoint
    RP1327: 1/11/2010 2:51:52 PM - System Checkpoint
    RP1328: 1/11/2010 3:01:22 PM - Software Distribution Service 3.0
    RP1329: 1/12/2010 3:16:06 PM - Software Distribution Service 3.0
    RP1330: 1/13/2010 3:41:03 PM - System Checkpoint
    RP1331: 1/14/2010 2:45:22 PM - Software Distribution Service 3.0
    RP1332: 1/15/2010 2:58:47 PM - System Checkpoint
    RP1333: 1/18/2010 10:14:36 AM - System Checkpoint
    RP1334: 1/19/2010 3:01:05 PM - Software Distribution Service 3.0
    RP1335: 1/19/2010 4:00:47 PM - Software Distribution Service 3.0
    RP1336: 1/20/2010 6:34:59 PM - System Checkpoint
    RP1337: 1/22/2010 7:29:07 AM - Software Distribution Service 3.0
    RP1338: 1/22/2010 10:24:38 AM - Software Distribution Service 3.0
    RP1339: 1/24/2010 8:21:14 AM - System Checkpoint
    RP1340: 1/25/2010 4:04:01 PM - System Checkpoint
    RP1341: 1/25/2010 7:41:12 PM - Installed League of Legends
    RP1342: 1/27/2010 3:20:44 PM - Software Distribution Service 3.0
    RP1343: 1/28/2010 2:58:03 PM - Software Distribution Service 3.0
    RP1344: 1/28/2010 3:28:35 PM - Removed League of Legends
    RP1345: 1/30/2010 11:41:46 AM - System Checkpoint
    RP1346: 2/3/2010 4:09:05 PM - Avg8 Update
    RP1347: 2/3/2010 4:13:57 PM - Software Distribution Service 3.0
    RP1348: 2/4/2010 4:17:16 PM - Software Distribution Service 3.0
    RP1349: 2/7/2010 11:08:45 AM - System Checkpoint
    RP1350: 2/8/2010 3:34:19 PM - Software Distribution Service 3.0
    RP1351: 2/11/2010 3:29:16 PM - Software Distribution Service 3.0
    RP1352: 2/11/2010 4:00:37 PM - Software Distribution Service 3.0
    RP1353: 2/13/2010 8:59:49 AM - System Checkpoint
    RP1354: 2/14/2010 11:20:35 AM - System Checkpoint
    RP1355: 2/16/2010 8:00:24 AM - System Checkpoint
    RP1356: 2/17/2010 3:00:08 PM - System Checkpoint
    RP1357: 2/19/2010 5:57:03 PM - Installed DirectX
    RP1358: 2/20/2010 9:55:41 AM - Installed Java(TM) 6 Update 18
    RP1359: 2/20/2010 9:58:48 AM - Installed MSN Toolbar Setup
    RP1360: 2/20/2010 10:28:03 AM - Installed Free Ride Games Player
    RP1361: 2/21/2010 11:13:06 AM - System Checkpoint
    RP1362: 2/21/2010 6:41:21 PM - Removed Windows Live ID Sign-in Assistant
    RP1363: 2/21/2010 6:43:23 PM - Removed TurboTax ItsDeductible 2005
    RP1364: 2/21/2010 6:58:26 PM - Uninstall Studio 10 Update
    RP1365: 2/21/2010 6:58:37 PM - Removed Studio 10.5 Patch
    RP1366: 2/21/2010 7:00:37 PM - Configured Studio 10
    RP1367: 2/21/2010 7:00:52 PM - Removed Studio 10
    RP1368: 2/21/2010 7:01:08 PM - Removed Instant DVD Recorder
    RP1369: 2/21/2010 7:03:13 PM - Configured PRODUCT_NAME
    RP1370: 2/21/2010 7:10:55 PM - Installed Free Ride Games Player
    RP1371: 2/21/2010 7:11:37 PM - Installed Free Ride Games Player
    RP1372: 2/21/2010 7:12:09 PM - Configured Hallmark Card Studio 2004

    ==== Installed Programs ======================


    Adobe AIR
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.0
    AiO_Scan
    AIOMinimal
    AiOSoftware
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG Free 8.5
    Bonjour
    CameraDrivers
    CCleaner (remove only)
    Compatibility Pack for the 2007 Office system
    Copy
    CreativeProjects
    Critical Update for Windows Media Player 11 (KB959772)
    Director
    DocProc
    Download Updater (AOL LLC)
    Fax
    Free Ride Games Player
    GTA San Andreas
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Deskjet Preloaded Printer Drivers
    HP Image Zone 3.5
    HP Image Zone Plus 3.5
    HP Instant Support
    HP Organize
    HP Photo & Imaging 3.5 - HP Devices
    HP PSC & OfficeJet 3.0
    HP Software Update
    hpg2436
    hpg3970
    hpg4600
    hpg5530
    hpg8200
    HPIZ350
    hpmdtab
    HpSdpAppCoreApp
    HPSystemDiagnostics
    HyperCam
    HyperCam 2
    HyperCam Toolbar
    InstantShare
    iTunes
    J2SE Runtime Environment 5.0 Update 5
    Java Auto Updater
    Java(TM) 6 Update 18
    KBD
    League of Legends
    Lexmark 1300 Series
    Lexmark Toolbar
    LiveUpdate 1.90 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Plus! Digital Media Edition
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MotionDV STUDIO 5.3E LE for DV
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Multimedia Card Reader
    Musicmatch® Jukebox
    My.Freeze.com NetAssistant
    My.Freeze.com Toolbar
    Neffy 1,2,1,4
    Norton Security Scan
    NVIDIA Display Driver
    NVIDIA Drivers
    NVIDIA Ethernet Driver
    NVIDIA GART Driver
    Pando Media Booster
    PC-Doctor for Windows
    Perfect Optimizer 5.2
    PhotoGallery
    Photosmart 140,240,7200,7600,7700,7900 Series
    Pinnacle Instant DVD Recorder
    Pinnacle Studio DC10plus
    PrintScreen
    PS7600
    PSShortcutsP
    PSShortP
    QFolder
    QuickProjects
    QuickTime
    Readme
    RealPlayer
    RecordNow!
    Registry Repair 1.44
    Roblox for Owner
    Robotics Invention System 2.0
    San Andreas Mod Installer
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Shop to Win 2
    SkinsHP1
    SkinsHP2
    SmartShopper
    SpamSubtract
    SPOREâ„¢
    The Simsâ„¢ Life Stories
    Toolkit View(HP)
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Updates from HP
    Video Stream Driver for Panasonic DVC
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    WeatherBug
    WebFldrs XP
    WebReg
    Windows Defender
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 9 Hotfix [See KB885492 for more information]
    Windows XP Service Pack 3
    Yahoo! Install Manager

    ==== Event Viewer Messages From Past Week ========

    2/21/2010 6:41:41 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    2/21/2010 10:50:26 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    2/20/2010 4:41:33 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    2/20/2010 10:16:54 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    ==== End Of File ===========================
     
    the balance,
    #1
  2. 2010/02/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...