1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[Not curable - Virut] no access to anti virus sites(and much more)

Discussion in 'Malware and Virus Removal Archive' started by piyush, 2009/06/28.

  1. 2009/06/28
    piyush

    piyush Inactive Thread Starter

    Joined:
    2009/04/14
    Messages:
    5
    Likes Received:
    0
    hello sir/mam...
    a virus/malware/rootkit infection is presesnt on my computer...bcoz of my previous correspondences with you, i tried running combofix which worked previously...but now even it shows a message saying something like "contents of combofix have been compromised" and "note: u may be infected by a virus named virut "....so im pretty helpless right now...plz help me....i use avast 4.8...
    these are my dds.txt and attach.txt...thnk u!!!!



    DDS (Ver_09-06-26.01) - NTFSx86
    Run by 123 at 10:49:46.35 on Sun 06/28/2009
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.600 [GMT 5.5:30]

    AV: avast! antivirus 4.8.1335 [VPS 090627-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    D:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    D:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\svchost.exe -k imgsvc
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    D:\WINDOWS\system32\igfxtray.exe
    D:\WINDOWS\RTHDCPL.EXE
    D:\WINDOWS\system32\igfxpers.exe
    D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    D:\WINDOWS\system32\igfxsrvc.exe
    D:\Program Files\Google\Google Talk\googletalk.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Registry Mechanic\RegMech.exe
    D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    d:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    d:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\internet explorer\iexplore.exe
    svchost.exe D:\WINDOWS\TEMP\VRTF.tmp
    D:\WINDOWS\System32\reader_s.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\update2112859.exe
    D:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
    svchost.exe D:\WINDOWS\TEMP\VRT28.tmp
    D:\Documents and Settings\123\reader_s.exe
    D:\WINDOWS\system32\update2778062.exe
    D:\Documents and Settings\123\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - d:\program files\askbardis\bar\bin\askBar.dll
    BHO: bignetdaddy: {4a4ce230-64fb-93f0-9af0-e4c8521a0fcd} - d:\windows\system32\nsw1A.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
    BHO: XBTBPos00: {bbbe1c1a-89f7-4af6-abd1-f8fbcfa47408} - XBTBPos00 Class
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - d:\program files\askbardis\bar\bin\askBar.dll
    uRun: [Messenger (Yahoo!)] "d:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [RegistryMechanic] d:\program files\registry mechanic\RegMech.exe /H
    uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
    mRun: [IgfxTray] d:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
    mRun: [Rthdcpl] RTHDCPL.EXE
    mRun: [Persistence] d:\windows\system32\igfxpers.exe
    mRun: [RemoteControl] "d:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [googletalk] d:\program files\google\google talk\googletalk.exe /autostart
    mRun: [Ad-Watch] d:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [avast!] d:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [reader_s] d:\windows\system32\reader_s.exe
    mRun: [servises] d:\windows\system32\servises.exe
    dRun: [reader_s] d:\documents and settings\123\reader_s.exe
    dRun: [servises] d:\windows\system32\servises.exe
    dRunOnce: [RunNarrator] Narrator.exe
    mExplorerRun: [servises] d:\windows\system32\servises.exe
    dExplorerRun: [servises] d:\windows\system32\servises.exe
    StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\24onli~1.lnk - d:\program files\elitecore\cyberoam client for 24online\CyberoamClient.exe
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
    IE: {12F02779-6D88-4958-8AD3-83C12D86ADC7} - {12F02779-6D88-4958-8AD3-83C12D86ADC7}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    TCP: {11AE98C0-DE32-4D7F-98C3-49E731E7CCFD} = 192.168.24.1
    Notify: igfxcui - igfxdev.dll

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2009-5-4 64160]
    R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-6-24 114768]
    R2 ASKUpgrade;ASKUpgrade;d:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-5-29 234888]
    R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-6-24 20560]
    R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast4\ashServ.exe [2009-6-24 138680]
    R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;d:\windows\system32\drivers\l251x86.sys [2008-9-20 30720]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 1005904]
    S3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-24 254040]
    S3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast4\ashWebSv.exe [2009-6-24 352920]

    =============== Created Last 30 ================

    2009-06-28 10:48 52,736 a------- d:\windows\system32\update2778062.exe
    2009-06-28 10:48 153,088 a------- d:\windows\system32\2B.tmp
    2009-06-28 10:48 120 a------- d:\windows\system32\29.tmp
    2009-06-28 10:37 52,224 a------- d:\windows\system32\update2112859.exe
    2009-06-28 10:37 52,736 a------- d:\windows\system32\servises.exe
    2009-06-28 10:37 8 a------- d:\windows\system32\_id.dat
    2009-06-28 10:36 153,088 a------- d:\windows\system32\12.tmp
    2009-06-28 10:36 48,128 a------- d:\windows\system32\reader_s.exe
    2009-06-28 10:36 120 a------- d:\windows\system32\10.tmp
    2009-06-26 15:19 9,200 -------- d:\windows\system32\drivers\cdralw2k.sys
    2009-06-26 15:19 9,072 -------- d:\windows\system32\drivers\cdr4_xp.sys
    2009-06-26 15:19 129,520 -------- d:\windows\system32\pxafs.dll
    2009-06-26 10:08 0 a------- d:\windows\system32\21.tmp
    2009-06-26 10:08 48,128 a------- d:\documents and settings\123\reader_s.exe
    2009-06-26 10:08 120 a------- d:\windows\system32\1D.tmp
    2009-06-26 09:53 140,512 a------- d:\windows\system32\629835d4-4c07-f08c-11f1-d785bfa6c093.exe
    2009-06-24 15:49 1,218,048 a------- d:\windows\system32\nsw1A.dll
    2009-06-23 22:31 <DIR> --d----- d:\program files\ESET
    2009-06-23 21:49 <DIR> -cd----- d:\windows\system32\dllcache\cache
    2009-06-23 21:41 161,792 a------- d:\windows\SWREG.exe
    2009-06-23 21:41 155,136 a------- d:\windows\PEV.exe
    2009-06-23 21:41 98,816 a------- d:\windows\sed.exe
    2009-06-23 20:27 <DIR> --d----- D:\SP12
    2009-06-23 20:25 9,116 a------- D:\rishabh.hex
    2009-06-23 19:28 329,072 a----r-- d:\windows\system32\drivers\windrvr6.sys
    2009-06-23 19:28 110,592 a----r-- d:\windows\system32\wd_utils.dll
    2009-06-23 19:28 2,129,920 a------- d:\windows\system32\BCGCBPRO731.dll
    2009-06-23 19:28 44,544 a----r-- d:\windows\system32\msxml4a.dll
    2009-06-23 19:28 290,904 a----r-- d:\windows\system32\vc6-re200l.dll
    2009-06-23 19:28 69,632 a----r-- d:\windows\system32\RWUXThemeS.dll
    2009-06-23 19:27 <DIR> --d----- d:\program files\Atmel
    2009-06-23 19:21 <DIR> --d----- d:\docume~1\123\applic~1\Echo Software
    2009-06-23 19:18 <DIR> --d----- D:\WinAVR
    2009-06-23 17:58 <DIR> --d----- d:\program files\SP12_AVR
    2009-06-21 15:17 12,160 ac------ d:\windows\system32\dllcache\mouhid.sys
    2009-06-21 15:17 12,160 a------- d:\windows\system32\drivers\mouhid.sys
    2009-06-21 15:17 9,600 ac------ d:\windows\system32\dllcache\hidusb.sys
    2009-06-21 15:17 9,600 a------- d:\windows\system32\drivers\hidusb.sys
    2009-06-13 14:19 <DIR> --d----- D:\NFSUG2
    2009-06-13 12:42 5,923 a------- d:\windows\PSPICEEV.INI
    2009-06-13 12:40 364 a------- d:\windows\XRaster
    2009-06-13 12:32 <DIR> --d--r-- D:\OrCAD 9.1
    2009-06-13 12:25 331,032 a------- d:\windows\system32\threed20.ocx
    2009-06-13 12:25 129,808 a------- d:\windows\system32\comdlg32.ocx
    2009-06-13 12:25 53,248 a------- d:\windows\system32\tegowav3.ocx
    2009-06-13 12:25 41,984 a------- d:\windows\system32\tegosw32.ocx
    2009-06-13 12:25 29,696 a------- d:\windows\system32\vb5stkit.dll
    2009-06-13 12:25 21,504 a------- d:\windows\system32\docobj.dll
    2009-06-13 12:25 <DIR> --d----- d:\windows\Speech
    2009-06-13 12:05 368,912 a------- d:\windows\system32\vbar332.dll
    2009-06-13 12:05 1,037,312 a------- d:\windows\system32\msjet35.dll
    2009-06-13 12:05 251,664 a------- d:\windows\system32\msrd2x35.dll
    2009-06-13 12:05 121,104 a------- d:\windows\system32\msjint35.dll
    2009-06-13 12:05 24,336 a------- d:\windows\system32\msjter35.dll
    2009-06-13 12:04 <DIR> --d----- d:\program files\OrCAD_Demo
    2009-06-13 12:03 <DIR> --d----- d:\program files\OrCAD
    2009-06-13 11:56 299,520 a------- d:\windows\uninst.exe
    2009-06-13 11:56 <DIR> --d----- d:\documents and settings\123\WINDOWS
    2009-06-12 14:15 73 a------- d:\windows\sec23.dat
    2009-06-10 14:19 <DIR> --d----- d:\docume~1\123\applic~1\Reflexivev1001
    2009-06-10 11:37 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Farm Frenzy
    2009-06-09 21:04 <DIR> --d----- D:\WWE Raw2
    2009-06-09 16:50 40,960 a------- d:\windows\system32\Fish Tycoon.scr
    2009-06-09 16:08 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Sandlot Games
    2009-06-09 15:25 <DIR> --d----- d:\program files\ReflexiveArcade
    2009-06-09 11:10 <DIR> --d----- d:\docume~1\alluse~1\applic~1\NFS Underground
    2009-06-09 09:54 52 a------- d:\windows\wininit.ini
    2009-06-08 16:38 975 a------- d:\windows\eReg.dat
    2009-06-05 11:03 <DIR> --d----- d:\program files\Eidos Interactive
    2009-06-01 15:26 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Electronic Arts
    2009-05-29 13:45 <DIR> --d----- d:\program files\AskSearch
    2009-05-29 13:45 <DIR> --d----- d:\program files\AskBarDis

    ==================== Find3M ====================

    2009-06-13 11:00 23,424 a------- d:\windows\system32\drivers\boriavuh.sys
    2009-06-08 16:38 12,464 a------- d:\windows\system32\drivers\secdrv.sys
    2009-06-07 10:49 15,688 a------- d:\windows\system32\lsdelete.exe
    2009-05-27 16:05 4,096 a------- d:\windows\d3dx.dat
    2009-05-19 13:56 64,160 a------- d:\windows\system32\drivers\Lbd.sys
    2009-05-18 10:00 43,520 a------- d:\windows\system32\CmdLineExt03.dll
    2009-04-23 01:19 106,496 ac------ d:\windows\system32\cobppib.dll
    2008-09-26 01:02 8 ---shr-- d:\windows\system32\ABE16357DF.sys
    2008-09-26 01:02 1,682 ac-sh--- d:\windows\system32\KGyGaAvL.sys

    ============= FINISH: 10:49:53.37 ===============









    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-06-26.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/20/2008 4:11:29 PM
    System Uptime: 6/28/2009 10:02:14 AM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | LGA 775 | 1999/200mhz
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | LGA 775 | 1999/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (FAT32) - 19 GiB total, 4.983 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.611 GiB free.
    E: is FIXED (NTFS) - 7 GiB total, 0.332 GiB free.
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
    Service:

    ==== System Restore Points ===================

    RP1: 5/1/2009 2:55:05 PM - System Checkpoint
    RP2: 5/3/2009 10:22:25 AM - Installed GTAIII
    RP3: 5/11/2009 5:38:46 PM - Removed GTAIII
    RP4: 5/15/2009 10:57:38 AM - Installed GTAIII
    RP5: 5/18/2009 9:57:20 AM - Hitman: Contracts
    RP6: 5/27/2009 12:23:23 PM - Removed GTAIII
    RP7: 5/27/2009 12:24:26 PM - Uninstall Hitman: Contracts
    RP8: 5/27/2009 10:55:25 PM - Installed FIFA 09
    RP9: 6/13/2009 10:56:14 AM - ComboFix created restore point
    RP10: 6/16/2009 5:11:30 PM - gr8888888
    RP11: 6/23/2009 7:27:40 PM - Installed AVRStudio4
    RP12: 6/23/2009 10:31:09 PM - Installed ESET NOD32 Antivirus
    RP13: 6/24/2009 6:47:24 PM - Removed ESET NOD32 Antivirus

    ==== Installed Programs ======================

    ¾©Ãú¿Ã†¼¼-Grand Theft Auto: Vice City
    Ad-Aware
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.2
    Adobe Shockwave Player 11.5
    Ask Toolbar
    Atheros Communications Inc.(R) L2 Fast Ethernet Driver
    avast! Antivirus
    AVRStudio4
    Contextual Application Bignetdaddy
    Cyberoam Client for 24Online
    Dragon NaturallySpeaking Components
    FIFA 09
    Fish Tycoon
    Google Photos Screensaver
    Google Talk (remove only)
    High Definition Audio Driver Package - KB888111
    Hornet Leader Demo
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Intel(R) Graphics Media Accelerator Driver
    Java(TM) 6 Update 10
    Machine World
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.11)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser
    OrCAD 9.1
    Picasa 3
    PowerDVD
    PSpice Student 9.1
    Realtek High Definition Audio Driver
    Rediff Bol
    Rediff Toolbar
    Registry Mechanic 8.0
    Sallys Spa
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB960714)
    SP12 AVR Programmer 2.0.7
    Update for Windows XP (KB898461)
    Update for Windows XP (KB955839)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Winamp
    Windows Installer 3.1 (KB893803)
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    6/28/2009 10:05:59 AM, error: Service Control Manager [7031] - The ASKUpgrade service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/28/2009 10:05:51 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    6/27/2009 8:21:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    6/27/2009 8:21:45 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/26/2009 3:26:40 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    6/24/2009 9:43:32 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    6/24/2009 9:00:11 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
    6/23/2009 9:42:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
    6/23/2009 7:16:20 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
    6/23/2009 5:39:23 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
    6/22/2009 12:57:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    6/22/2009 12:42:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    ==== End Of File ===========================
     
    piyush,
    #1
  2. 2009/06/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Delete your Combofix file.

    Please download ComboFix from HERE to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.
     
    Last edited: 2009/06/30
    broni,
    #2


  3. to hide this advert.

  4. 2009/06/30
    piyush

    piyush Inactive Thread Starter

    Joined:
    2009/04/14
    Messages:
    5
    Likes Received:
    0
    the link doesnt start any download!!!!!

    the link doesnt seem to be working...it opens the homepage of filedropper.com.....plz plz help me asap....
     
    piyush,
    #3
  5. 2009/06/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I checked your DDS report one more time, and unfortunately...

    You are infected with a polymorphic file infector (Virut in your case). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

    * Backup all your documents and important items only.
    * DO NOT backup any executable files (,exe .scr .html or .htm)
    * Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files


    I suggest you do the following immediately:

    * Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    * From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    * DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
     
    broni,
    #4
  6. 2009/07/08
    piyush

    piyush Inactive Thread Starter

    Joined:
    2009/04/14
    Messages:
    5
    Likes Received:
    0
    plz tell me the best way to back up my documents and all....using the pen drive will be comfortable but is it safe????....i dnt have a DVD writer....thnx
     
    piyush,
    #5
  7. 2009/07/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If you don't have much data to back up, surely pen drive can be used.
    Before you use it, install Panda USB and AutoRun Vaccine on it: http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx, so nothing will get infected, even if copy some bad file onto the drive.
    Then, remember NOT TO back up any file with any extension listed in my previous reply.
    Lastly, when you plug USB drive into good computer, make sure you scan it well with antivirus program.
     
    broni,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...