1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[Not curable - Virut] unable to update antivirus software

Discussion in 'Malware and Virus Removal Archive' started by Wellies, 2009/08/02.

  1. 2009/08/02
    Wellies

    Wellies Inactive Thread Starter

    Joined:
    2009/08/02
    Messages:
    4
    Likes Received:
    0
    Hi , Well I got a bit o trouble here and wondering if you can help. 2 days ago my pc showed a few new processes running that i had no idea about, with help from a friend we managed to seemingly get rid of them through superantispyware and malwarebytes , it seemed that a virus had got into my pc somehow, dropped my firewall and then ripped apart nod32. fun huh ? the problem is that i cannot access any antivirus websites to update the antivirus software i have now ( superantispyware ) or any other for that fact. i will enclose the 2 documents you required.

    Thankyou for any help..


    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/03/2007 20:53:02
    System Uptime: 08/02/2009 22:33:11 (4201 hours ago)

    Motherboard: | | 939NF4G-SATA2
    Processor: AMD Athlon(tm) 64 Processor 3500+ | CPUSocket | 2210/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 214.637 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
    Description: Floppy disk drive
    Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&12C619AD&0&0
    Manufacturer: (Standard floppy disk drives)
    Name: Floppy disk drive
    PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&12C619AD&0&0
    Service: flpydisk

    ==== System Restore Points ===================

    RP1: 02/08/2009 12:21:35 - System Checkpoint
    RP2: 02/08/2009 13:22:39 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP3: 02/08/2009 14:10:44 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP4: 02/08/2009 14:11:08 - Removed Skypeâ„¢ 3.8
    RP5: 02/08/2009 14:11:51 - Removed Call of Duty(R) 4 - Modern Warfare(TM)
    RP6: 02/08/2009 21:35:52 - Installed Panda Antivirus 2007
    RP7: 02/08/2009 21:48:35 - Removed Test Drive Unlimited
    RP8: 02/08/2009 21:49:32 - Removed Sweex Motion Tracking Webcam
    RP9: 02/08/2009 21:49:55 - Removed Samsung New PC Studio
    RP10: 02/08/2009 21:55:09 - Removed AGEIA PhysX v7.05.17

    ==== Installed Programs ======================

    Ad-Aware SE Personal
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 7.0.5
    Adobe Shockwave Player
    Apple Software Update
    Athlon 64 Processor Driver
    Attribute Changer 5.23
    AutoUpdate
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Belarc Advisor 7.2
    BT Broadband Help
    Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Eusing Free Registry Cleaner
    EVE-ONLINE (remove only)
    Free Download Manager 2.5
    Gadwin PrintScreen
    Google Toolbar for Firefox
    GSC
    Hotfix for Windows XP (KB926239)
    J2SE Runtime Environment 5.0 Update 5
    Logitech GamePanel Software 2.00
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WinUsb 1.0
    MozBackup 1.4.3
    Mozilla Firefox (3.0.12)
    Mozilla Thunderbird (1.5)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 Parser and SDK
    MSXML4 Parser
    NVIDIA Drivers
    NVIDIA Photoshop Plug-ins
    QuickTime
    Real Alternative 1.45
    Realtek AC'97 Audio
    RegShot 1.7
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    SUPERAntiSpyware Free Edition
    Switch Sound File Converter
    System Requirements Lab
    TaskSwitchXP
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB931836)
    Ventrilo Client
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB895316
    WinRAR archiver
    Xfire (remove only)
    Yahoo! Browser Services

    ==== Event Viewer Messages From Past Week ========

    31/07/2009 18:54:57, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    31/07/2009 18:54:57, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t1sxdg5m.default\extensions\{35a52c64-8cc6-46c7-a38b-7653c5743163}\components\FFAlert.dll. Reference error message: The operation completed successfully. .
    31/07/2009 18:54:57, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    02/08/2009 17:44:43, error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
    02/08/2009 17:21:17, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    02/08/2009 15:19:29, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 BANTExt Fips IPSec MRxSmb NetBIOS NetBT prodrv06 RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    02/08/2009 15:19:29, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    02/08/2009 15:19:29, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    02/08/2009 15:19:29, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    02/08/2009 15:18:33, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    02/08/2009 14:10:09, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
    02/08/2009 13:14:06, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    02/08/2009 09:39:28, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00138F5EE07C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    01/08/2009 21:57:51, error: Service Control Manager [7000] - The USB-USB Network Bridge service failed to start due to the following error: The system cannot find the file specified.
    01/08/2009 21:47:37, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00138F5EE07C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    01/08/2009 20:43:37, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service usnjsvc with arguments " " in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

    ==== End Of File ===========================


    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Administrator at 23:10:19.53 on 02/08/2009
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.586 [GMT 1:00]


    ============== Running Processes ===============

    C:\windows\system32\svchost -k DcomLaunch
    svchost.exe
    C:\windows\System32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\spoolsv.exe
    C:\windows\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\windows\System32\svchost.exe -k HTTPFilter
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uStart Page = hxxp://track.moreniche.com/hit.php?w=155970&s=147
    mDefault_Search_URL = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    mSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    mStart Page = hxxp://www.ngohq.com
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    mSearchAssistant = hxxp://www.google.com/ie_rsearch.html
    uURLSearchHooks: Yahoo! ¤u¨Ã£¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
    TB: Yahoo! ¤u¨Ã£¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
    mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe "
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
    dRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
    dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll "
    dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    uPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    mPolicies-explorer: DisableCAD = 1 (0x1)
    mPolicies-system: DisableCAD = 1 (0x1)
    dPolicies-explorer: NoInstrumentation = 1 (0x1)
    dPolicies-explorer: NoSMHelp = 1 (0x1)
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\t1sxdg5m.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/weather/forecast/20?&search=machynlleth&itemsPerPage=10&region=uk&area=Machynlleth
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\t1sxdg5m.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
    FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

    ============= SERVICES / DRIVERS ===============

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
    S2 PCLinkBridge;USB-USB Network Bridge;c:\windows\system32\drivers\pro2000.sys --> c:\windows\system32\drivers\pro2000.sys [?]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-14 36608]
    S3 NIC2000;USB-USB Network Bridge Adapter;c:\windows\system32\drivers\nic2000.sys --> c:\windows\system32\drivers\NIC2000.sys [?]
    S3 SQTECH930B;Sweex Motion Tracking Webcam;c:\windows\system32\drivers\capt930b.sys --> c:\windows\system32\drivers\Capt930b.sys [?]
    S3 UCORESYS;UCORESYS;\??\c:\documents and settings\administrator\desktop\afuwin939nf4g-sata2_1.30\ucoresys.sys --> c:\documents and settings\administrator\desktop\afuwin939nf4g-sata2_1.30\UCORESYS.SYS [?]
    S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [2007-6-18 37484]

    ============== File Associations ===============

    inffile=c:\windows\system32\NOTEPAD2.EXE %1
    inifile=c:\windows\system32\NOTEPAD2.EXE %1

    =============== Created Last 30 ================

    2009-08-02 22:14 0 a------- c:\windows\system32\7.tmp
    2009-08-02 22:03 40 a------- c:\windows\system32\2.tmp
    2009-08-02 21:35 <DIR> --d----- c:\program files\Panda Software
    2009-08-02 17:22 <DIR> --d----- c:\windows\ERUNT
    2009-08-02 17:17 <DIR> --d----- C:\SDFix
    2009-08-02 13:27 504 a------- c:\windows\system32\drivers\kgpcpy.cfg
    2009-08-02 13:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
    2009-08-02 13:22 <DIR> --d----- c:\program files\common files\iS3
    2009-08-02 13:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
    2009-08-02 12:50 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
    2009-08-02 12:50 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-02 12:50 19,096 a------- c:\windows\system32\drivers\mbam.sys
    2009-08-02 12:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-08-02 12:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-08-01 23:55 0 a------- c:\windows\SC.INS
    2009-08-01 23:55 360,576 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
    2009-08-01 23:16 8,256 a------- c:\windows\n
    2009-08-01 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-08-01 22:42 <DIR> --d----- c:\program files\SUPERAntiSpyware
    2009-08-01 22:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
    2009-08-01 22:35 <DIR> --d----- c:\docume~1\admini~1\applic~1\Uniblue
    2009-08-01 22:23 <DIR> --d----- c:\docume~1\admini~1\applic~1\AVG8
    2009-07-30 20:33 <DIR> --d----- c:\program files\NCH Software
    2009-07-30 20:32 <DIR> --d----- c:\program files\NCH Swift Sound
    2009-07-24 02:57 41,872 a------- c:\windows\system32\xfcodec.dll
    2009-07-14 17:43 109,704 a------- c:\windows\system32\drivers\ss_mdm.sys
    2009-07-14 17:43 83,592 a------- c:\windows\system32\drivers\ss_bus.sys
    2009-07-14 17:43 15,112 a------- c:\windows\system32\drivers\ss_mdfl.sys
    2009-07-14 17:43 12,424 a------- c:\windows\system32\drivers\ss_whnt.sys
    2009-07-14 17:43 12,424 a------- c:\windows\system32\drivers\ss_wh.sys
    2009-07-14 17:43 12,424 a------- c:\windows\system32\drivers\ss_cmnt.sys
    2009-07-14 17:43 12,424 a------- c:\windows\system32\drivers\ss_cm.sys
    2009-07-14 17:43 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
    2009-07-14 17:42 253,952 a------- c:\windows\system32\FsUsbExService.Exe
    2009-07-14 17:42 110,592 a------- c:\windows\system32\FsUsbExDevice.Dll
    2009-07-14 17:42 36,608 a------- c:\windows\system32\FsUsbExDisk.Sys
    2009-07-14 17:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\Samsung
    2009-07-14 17:42 <DIR> --d----- c:\program files\Samsung
    2009-07-13 16:38 <DIR> --d----- c:\program files\Atari
    2009-07-09 22:21 1,206,272 a------- c:\windows\system32\PTxSCP.ocx
    2009-07-09 22:21 647,168 a------- c:\windows\system32\CDWriterXP.ocx
    2009-07-09 22:21 626,688 a------- c:\windows\system32\DVDProX2.dll
    2009-07-09 22:21 608,448 a------- c:\windows\system32\comctl32.ocx
    2009-07-09 22:21 415,176 a------- c:\windows\system32\COMCT332.OCX
    2009-07-09 22:21 380,928 a------- c:\windows\system32\CDRipperX.ocx
    2009-07-09 22:21 339,968 a------- c:\windows\system32\MP3EncX.dll
    2009-07-09 22:21 233,472 a------- c:\windows\system32\SmartMenuXP.ocx
    2009-07-09 22:21 139,264 a------- c:\windows\system32\voltoCDX.dll
    2009-07-09 22:21 89,360 a------- c:\windows\system32\VB5DB.DLL
    2009-07-09 22:21 40,960 a------- c:\windows\system32\CapacityMeter.ocx
    2009-07-09 22:21 28,672 a------- c:\windows\system32\SmartMenuXP.dll

    ==================== Find3M ====================

    2009-08-01 23:55 360,576 a------- c:\windows\system32\drivers\TCPIP.SYS
    2009-08-01 22:07 420,352 a------- c:\windows\system32\mstsc.exe
    2009-06-02 20:42 103,736 a------- c:\windows\system32\PnkBstrB.exe
    2009-06-02 20:37 66,872 a------- c:\windows\system32\PnkBstrA.exe
    2009-06-02 20:33 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys

    ============= FINISH: 23:10:30.67 ===============
     
    Wellies,
    #1
  2. 2009/08/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/08/03
    Wellies

    Wellies Inactive Thread Starter

    Joined:
    2009/08/02
    Messages:
    4
    Likes Received:
    0
    combofix wont run, reports that it has been compromised and i have the patching virus " virut " ???

    hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:47:58, on 03/08/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\windows\system32\ms18_word.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\reader_s.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://track.moreniche.com/hit.php?w=155970&s=147
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ngohq.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe "
    O4 - HKLM\..\Run: [ms18_word] C:\windows\system32\ms18_word.exe
    O4 - HKLM\..\Run: [reader_s] C:\windows\System32\reader_s.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\windows\system32\shdocvw.dll
    O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 6958 bytes
     
    Last edited: 2009/08/03
    Wellies,
    #3
  5. 2009/08/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oh boy...

    Upload following files to http://www.virustotal.com/ for security check:
    - explorer.exe located @ C:\Windows
    - userinit.exe and svchost.exe located @ C:\Windows\System32
    Post scans results.
     
    broni,
    #4
  6. 2009/08/03
    Wellies

    Wellies Inactive Thread Starter

    Joined:
    2009/08/02
    Messages:
    4
    Likes Received:
    0
    Yup......... Going to reinstall I think,, it seems to be working on its own at the moment lol... Thanks guys your site helped me loads with working out whats up.
     
    Wellies,
    #5
  7. 2009/08/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you scan those files?
     
    broni,
    #6
  8. 2009/08/03
    Wellies

    Wellies Inactive Thread Starter

    Joined:
    2009/08/02
    Messages:
    4
    Likes Received:
    0
    cant access that webpage . and i'm not taking them over to my other pc. so what do i do now?

    also scanning with superantispyware reboots my pc..lol what on earth is going on here!!!!!!
     
    Last edited: 2009/08/03
    Wellies,
    #7
  9. 2009/08/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, don't worry about other scans, because, if you're infected with Virut, the game is over.
    The only thing, I need to know, if this IS Virut.
    Seeing this entry:
    - O4 - HKLM\..\Run: [reader_s] C:\windows\System32\reader_s.exe
    I'm 99.9% sure it's Virut.
    Said that, I can only say with 99.9% being sure...

    You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

    * Backup all your documents and important items only.
    * DO NOT backup any executable files (,exe .scr .html or .htm)
    * Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files


    I suggest you do the following immediately:

    * Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    * From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    * DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
     
    broni,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...