Jump to content

Quolli

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, one of my computers has recently been infected with a nasty Trojan (check here for the infected computer: http://forums.malwarebytes.org/index.php?showtopic=111508). This computer is one that I assume is clean, but nevertheless I have been browsing on the aforementioned infected PC for about a week. I would like to confirm that this PC is indeed clean and that the Trojan hasn't managed to travel through the network to this PC. The computers are connected via an Internet router. Both computers have a working Firewall. Thank you for your time. Here are my two DDS logs DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Allan at 22:35:37 on 2012-06-22 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.511.115 [GMT 10:00] . AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Allan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = www.google.com.au BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\allan\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit mRun: [iMJPMIG8.1] c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [soundMan] SOUNDMAN.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [EPSON Stylus Photo R310 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310" mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302403017357 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302403099747 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{66AF9C4C-95F0-40B9-A7F7-278AEF530258} : DhcpNameServer = 192.168.0.1 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ============= SERVICES / DRIVERS =============== . R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-6-17 565552] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-4-10 54760] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-21 08:43:21 -------- d-----w- c:\windows\system32\SoftwareDistribution 2012-06-17 08:48:23 97961 ----a-w- c:\windows\system32\drivers\klick.dat 2012-06-17 08:48:23 115369 ----a-w- c:\windows\system32\drivers\klin.dat 2012-06-17 08:46:34 -------- d-----w- c:\program files\Kaspersky Lab 2012-06-17 08:46:33 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab 2012-06-14 10:47:11 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-02 11:15:32 -------- d-----w- c:\documents and settings\allan\local settings\application data\Nero . ==================== Find3M ==================== . 2012-06-02 05:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 05:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 05:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 05:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 05:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 05:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 05:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 05:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 22:40:25.65 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/04/2011 12:32:07 PM System Uptime: 22/06/2012 5:03:40 PM (5 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | 8IPE1000 Processor: Intel® Pentium® 4 CPU 2.80GHz | Socket 478 | 2813/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 128 GiB total, 35.069 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {36FC9E60-C465-11CF-8056-444553540000} Description: USB Mass Storage Device Device ID: USB\VID_04B8&PID_0803&MI_00\6&3234BB87&0&0000 Manufacturer: Compatible USB storage device Name: USB Mass Storage Device PNP Device ID: USB\VID_04B8&PID_0803&MI_00\6&3234BB87&0&0000 Service: USBSTOR . ==== System Restore Points =================== . RP350: 25/03/2012 8:04:41 PM - System Checkpoint RP351: 28/03/2012 9:26:57 AM - System Checkpoint RP352: 29/03/2012 9:12:15 PM - System Checkpoint RP353: 2/04/2012 9:47:15 AM - System Checkpoint RP354: 3/04/2012 7:32:24 PM - System Checkpoint RP355: 4/04/2012 8:29:00 PM - System Checkpoint RP356: 5/04/2012 8:41:29 PM - System Checkpoint RP357: 7/04/2012 10:04:53 AM - System Checkpoint RP358: 8/04/2012 11:29:01 AM - System Checkpoint RP359: 9/04/2012 7:38:06 PM - System Checkpoint RP360: 11/04/2012 6:53:26 PM - System Checkpoint RP361: 12/04/2012 6:42:22 PM - Software Distribution Service 3.0 RP362: 12/04/2012 9:07:56 PM - Software Distribution Service 3.0 RP363: 14/04/2012 7:20:28 PM - System Checkpoint RP364: 16/04/2012 10:21:55 AM - System Checkpoint RP365: 17/04/2012 7:45:09 PM - System Checkpoint RP366: 19/04/2012 11:19:02 AM - System Checkpoint RP367: 21/04/2012 7:44:05 PM - System Checkpoint RP368: 23/04/2012 8:00:29 AM - System Checkpoint RP369: 24/04/2012 6:45:51 PM - System Checkpoint RP370: 25/04/2012 7:23:49 PM - System Checkpoint RP371: 27/04/2012 7:30:36 PM - System Checkpoint RP372: 28/04/2012 7:45:01 PM - System Checkpoint RP373: 29/04/2012 8:46:18 PM - System Checkpoint RP374: 1/05/2012 2:21:22 PM - System Checkpoint RP375: 2/05/2012 7:27:48 PM - System Checkpoint RP376: 3/05/2012 7:53:15 PM - System Checkpoint RP377: 4/05/2012 7:53:50 PM - System Checkpoint RP378: 6/05/2012 7:42:28 PM - System Checkpoint RP379: 7/05/2012 7:44:56 PM - System Checkpoint RP380: 8/05/2012 7:56:29 PM - System Checkpoint RP381: 9/05/2012 8:38:21 PM - System Checkpoint RP382: 11/05/2012 4:00:45 PM - Software Distribution Service 3.0 RP383: 12/05/2012 7:17:44 PM - System Checkpoint RP384: 14/05/2012 7:49:42 AM - System Checkpoint RP385: 14/05/2012 9:56:26 AM - Software Distribution Service 3.0 RP386: 15/05/2012 7:37:51 PM - System Checkpoint RP387: 16/05/2012 7:53:38 PM - System Checkpoint RP388: 17/05/2012 10:03:35 PM - System Checkpoint RP389: 19/05/2012 5:22:59 AM - System Checkpoint RP390: 21/05/2012 6:30:49 PM - System Checkpoint RP391: 22/05/2012 7:30:04 PM - System Checkpoint RP392: 22/05/2012 9:14:43 PM - Software Distribution Service 3.0 RP393: 24/05/2012 10:59:00 PM - System Checkpoint RP394: 26/05/2012 6:49:01 PM - System Checkpoint RP395: 27/05/2012 7:16:15 PM - System Checkpoint RP396: 29/05/2012 8:21:59 PM - System Checkpoint RP397: 31/05/2012 7:09:12 PM - System Checkpoint RP398: 2/06/2012 6:58:33 PM - System Checkpoint RP399: 3/06/2012 7:31:15 PM - System Checkpoint RP400: 4/06/2012 7:08:54 PM - Software Distribution Service 3.0 RP401: 5/06/2012 7:20:23 PM - System Checkpoint RP402: 6/06/2012 9:42:46 PM - System Checkpoint RP403: 8/06/2012 4:57:48 PM - System Checkpoint RP404: 9/06/2012 6:38:56 PM - System Checkpoint RP405: 10/06/2012 7:24:38 PM - System Checkpoint RP406: 12/06/2012 5:28:31 PM - System Checkpoint RP407: 13/06/2012 6:31:24 PM - System Checkpoint RP408: 14/06/2012 8:58:29 PM - Software Distribution Service 3.0 RP409: 16/06/2012 7:20:31 PM - System Checkpoint RP410: 17/06/2012 6:34:15 PM - Removed ESET NOD32 Antivirus RP411: 17/06/2012 6:46:22 PM - Installed Kaspersky Internet Security 2012. RP412: 18/06/2012 7:23:38 PM - System Checkpoint RP413: 19/06/2012 7:35:29 PM - System Checkpoint RP414: 20/06/2012 8:10:25 PM - System Checkpoint RP415: 21/06/2012 9:09:12 PM - System Checkpoint . ==== Installed Programs ====================== . "Nero SoundTrax Help Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Advertising Center ArcSoft PhotoStudio 2000 Auslogics BoostSpeed Auslogics Disk Defrag ScreenSaver Bing Bar CCleaner Combined Community Codec Pack 2010-10-10 Compatibility Pack for the 2007 Office system DolbyFiles DVDFab 6.0.2.0 (June 24, 2009) DVDFab Platinum 2.9.8.0 Enable S3 for USB Device EPSON CardMonitor EPSON PhotoQuicker3.5 EPSON PhotoStarter3.1 EPSON Print CD EPSON PRINT Image Framer Tool2.1 EPSON Printer Software ESPR310 Reference Guide ESPR310 Software Guide FileASSASSIN Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB954550-v5) HP USB Disk Storage Format Tool Image Transfer ImageMixer for Sony ImagXpress Junk Mail filter update Kaspersky Internet Security 2012 Malwarebytes Anti-Malware version 1.61.0.1400 Menu Templates - Starter Kit Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Word Viewer 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable MicroStaff WINASPI Movie Templates - Starter Kit MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Nero BurningROM Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Nero InfoTool Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress neroxml NVIDIA Display Driver OmniPage Pro 9.0 PCI SoftV92 Modem PIF DESIGNER2.1 PMB Realtek AC'97 Audio RTLSetup Scan Manager 5.2 ScanToWeb Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB923789) Segoe UI Sony USB Driver SoundTrax SUPERAntiSpyware Unity Web Player Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR 4.00 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 17/06/2012 9:57:42 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0050FCCF0CEF has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 16/06/2012 5:02:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 16/06/2012 5:02:28 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
  2. Thank you very much for your help. I have decided to take the reinstall Windows route of my PC. You have been incredibly helpful and patient. I am a bit paranoid about the current computer that I have been using as my computers are connected via an Internet router. Do you have any recommendations of what I should do? This computer uses Kaspersky Internet Security Trial as well as Malware Bytes and SUPER Anti Spyware. Would I need to open up a new topic for this, or would it be better to continue with the same topic?
  3. Thank you for your help, I have read them, but am still a bit unsure. Could you possibly answer the HDD questions in simpler terms? I don't really understand what the content in the links are saying. In regards to the Format link you have sent me, I was hoping for a step by step guide that details what I should do right from the beginning (ie, what options to select from the disk etc) If I do decide to continue with the cleaning, would it be safe to use a USB to transfer the relevant scanning programs?
  4. Hello Maniac, thank you for the fast reply. I should tell you that about a week ago I was also infected by several trojans which were able to cleaned successfully. I gave it the benefit of the doubt and thought that I was clean, nevertheless I created a topic for my suspicions but forgot all about it. You may find the logs in it useful. Here is the topic: http://forums.malwarebytes.org/index.php?showtopic=111140&st=0&p=560638entry560638 I have uninstalled uTorrent and disconnected my PC from the Internet like you have asked. There are a few questions I would like to ask you before I move onto the next steps. 1. My HDD is partitioned (let's call them C:/ and A:/). The main drive (ie the one that is infected) is C:/. Will my I:/ be "untouched"? 2. This leads on from the previous question. If I decide to take the easy route out and do a fresh install on Windows, will I:/ need to be wiped? (I've got some important files on that drive, hence why they are stored in the partition). 3. If Yes is the answer to 1. I would like to proceed and do a fresh install of Windows. Will you be posting a guide on how I can most effectively (or correctly I should say) reinstall Windows?
  5. DDS Log . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 Run by Sakura at 21:14:08 on 2012-06-22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2946 [GMT 10:00] . AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Soluto\SolutoService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com.au/ mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Oryxaqr] "c:\documents and settings\sakura\application data\neaf\owni.exe" mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [iaptrf] rundll32.exe "c:\documents and settings\sakura\application data\iaptrf.dll",HrByteToStream mRun: [arisr] "c:\windows\system32\rundll32.exe" "c:\documents and settings\sakura\application data\arisr.dll",FileHandleToInstanceNameA mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\sakura\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1339847077390 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276944085828 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {BAD4FE2C-503B-45CC-88CD-4B0574057D11} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI_v490.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C38FFE6C-21E4-4CE1-83D7-21562F34FE98} : DhcpNameServer = 192.168.0.1 Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608] R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-4-24 584224] S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-2-5 51144] S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 DAZContentManagementService;DAZ Content Management Service; [x] S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-3-24 810120] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-9-3 66560] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 1262400] S2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2010-6-19 35840] S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-5-21 135584] S3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2009-12-19 111464] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2010-6-19 28416] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2010-6-19 17408] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-06-22 05:28:21 -------- d-----w- c:\documents and settings\all users\application data\B7E858890004734F000ABA83D151FC4E 2012-06-22 05:28:14 -------- d-----w- c:\documents and settings\sakura\application data\Tikiwu 2012-06-22 05:28:14 -------- d-----w- c:\documents and settings\sakura\application data\Sasiot 2012-06-22 05:28:14 -------- d-----w- c:\documents and settings\sakura\application data\Neaf 2012-06-16 12:19:19 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-16 12:18:30 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-06-16 12:18:30 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-06-16 12:18:30 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-16 12:18:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-16 12:18:29 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-16 12:18:29 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-06-16 12:18:29 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2012-06-16 12:03:11 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-06-16 11:55:05 2192640 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2012-06-16 11:55:05 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2012-06-16 11:55:04 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2012-06-16 11:53:46 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-06-16 09:33:58 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe 2012-06-16 09:32:59 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll 2012-06-16 09:31:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2012-06-16 09:31:07 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe 2012-06-16 08:49:25 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2012-06-16 08:49:25 24661 ----a-w- c:\windows\system32\spxcoins.dll 2012-06-16 08:49:25 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2012-06-16 08:49:25 13312 ----a-w- c:\windows\system32\irclass.dll 2012-06-16 08:49:00 16535 ----a-r- c:\windows\SET142.tmp 2012-06-16 08:48:57 1088840 ----a-r- c:\windows\SET136.tmp 2012-06-16 08:48:56 1296669 ----a-r- c:\windows\SET133.tmp 2012-06-16 08:05:49 370688 ----a-w- c:\documents and settings\sakura\application data\arisr.dll 2012-06-16 00:33:34 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2012-06-16 00:33:34 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2012-06-16 00:33:34 -------- d-----w- c:\program files\OpenAL 2012-06-15 10:19:25 -------- d-sh--w- c:\documents and settings\sakura\IECompatCache 2012-06-15 08:30:50 -------- d-----w- c:\program files\WinASO 2012-06-14 02:59:09 132608 ----a-w- c:\documents and settings\sakura\application data\iaptrf.dll 2012-06-12 06:25:35 -------- d-----w- c:\program files\Long Live The Queen 2012-06-10 01:27:58 -------- d-----w- c:\program files\Winter Wolves 2012-06-10 01:27:47 -------- d-----w- c:\windows\system32\2055 2012-05-29 04:08:47 -------- d-----w- C:\Downloads . ==================== Find3M ==================== . 2012-06-17 23:18:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-17 23:18:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-16 08:55:34 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-06-16 08:55:34 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-06-16 08:55:10 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-06-15 03:15:03 72748 ----a-w- c:\windows\unins000.exe 2012-06-02 05:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 05:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 05:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 05:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 05:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 05:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 05:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 05:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-24 07:13:24 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-04-20 19:29:52 81920 ------w- c:\windows\system32\ieencode.dll 2012-04-04 05:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 21:15:07.14 =============== Attatch Log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 16/06/2012 7:34:36 PM System Uptime: 22/06/2012 9:12:16 PM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3 Processor: Intel Pentium III Xeon processor | Socket 775 | 2833/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 293 GiB total, 92.406 GiB free. D: is Removable E: is Removable G: is Removable H: is Removable I: is FIXED (NTFS) - 639 GiB total, 529.801 GiB free. J: is CDROM () K: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} Description: HID Non-User Input Data Filter (KB 911895) Device ID: HID\VID_045E&PID_00F9&MI_01&COL01\7&9A390B8&0&0000 Manufacturer: Microsoft Name: HID Non-User Input Data Filter (KB 911895) PNP Device ID: HID\VID_045E&PID_00F9&MI_01&COL01\7&9A390B8&0&0000 Service: NuidFltr . Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} Description: HID Non-User Input Data Filter (KB 911895) Device ID: HID\VID_045E&PID_00F9&MI_01&COL03\7&9A390B8&0&0002 Manufacturer: Microsoft Name: HID Non-User Input Data Filter (KB 911895) PNP Device ID: HID\VID_045E&PID_00F9&MI_01&COL03\7&9A390B8&0&0002 Service: NuidFltr . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_50011458&REV_00\3&13C0B0C5&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_50011458&REV_00\3&13C0B0C5&0&FB Service: . ==== System Restore Points =================== . RP1: 16/06/2012 9:44:22 PM - System Checkpoint RP2: 16/06/2012 10:05:49 PM - Software Distribution Service 3.0 RP3: 16/06/2012 10:30:00 PM - Software Distribution Service 3.0 RP4: 16/06/2012 10:34:24 PM - Software Distribution Service 3.0 RP5: 18/06/2012 12:28:54 PM - System Checkpoint RP6: 19/06/2012 6:08:40 PM - System Checkpoint RP7: 20/06/2012 7:24:28 PM - System Checkpoint RP8: 22/06/2012 6:05:31 PM - System Checkpoint . ==== Installed Programs ====================== . "Nero SoundTrax Help µTorrent ƒ}ƒWƒJƒ‹ƒoƒgƒ‹ƒAƒŠ
  6. Hi, I need some help cleaning my computer of a variant of Win32/Spy.Zbot.ZR Trojan. So far I have done a full scan with Malware Bytes and SUPER Anti Spyware but they have not picked it up. After rebooting my computer after a full scan, ESET showed a warning that there was a Trojan on my PC but it is "unable to clean". I have scanned using Malware Bytes on Safe Mode. SUPER Anti Spyware was scanned on Normal mode. I am currently scanning using ESET NOD32 on Normal mode. The current scan says "Number of infiltrations: 1" and lists the Zbot.ZR Trojan as "unable to clean" Unfortunately the Trojan appears to have partially hijacked my browser (it redirects me to my Homepage [Google] if I attempt to go to the Malware Bytes forum). I am not sure how I am to get my antivirus logs onto the forum without a USB (I'm a bit paranoid it may decide to travel via USB and infect the current computer I am using). Please help, thank you for your time.
  7. I'm quite sure it's a registry error, but if someone could help me confirm that it's actually a registry error and not some nasty virus that would be great.
  8. I've recently been infected by several trojans. I managed to remove them all but I'm still a bit paranoid that there may be traces or something left. I have scanned using Malware Bytes' Free and SuperAntiSpyware free twice. Once in "normal" mode and once in Safe Mode with both programs. Why? Because my Desktop items don't "save". I move them in the order that I want, but every time I refresh my desktop they snap back into the default Alphabetical Order. Here is my MBAM log (This is from the Normal Mode scan. The Safe Mode scan picked up nothing but SuperAntiSpyware did): Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.14.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Sakura :: DORAEMON [administrator] 14/06/2012 1:16:46 PM mbam-log-2012-06-14 (13-16-46).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 399972 Time elapsed: 58 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bad: (C:\Documents and Settings\Sakura\Local Settings\Application Data\{49081aa4-08d4-bff3-6b2e-67656aee082c}\n.) Good: (%SystemRoot%\system32\shdocvw.dll) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 8 C:\Documents and Settings\Sakura\Local Settings\Application Data\{49081aa4-08d4-bff3-6b2e-67656aee082c}\n (Trojan.Agent.MRGGen) -> Delete on reboot. C:\Documents and Settings\Sakura\Local Settings\Application Data\{49081aa4-08d4-bff3-6b2e-67656aee082c}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Documents and Settings\Sakura\Local Settings\Application Data\{49081aa4-08d4-bff3-6b2e-67656aee082c}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1FABC993-CAF4-4E0D-90EB-9C7372F68EF9}\RP729\A0102268.ini (Trojan.0access) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1FABC993-CAF4-4E0D-90EB-9C7372F68EF9}\RP729\A0102258.ini (Trojan.0access) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{1FABC993-CAF4-4E0D-90EB-9C7372F68EF9}\RP729\A0102280.ini (Trojan.0access) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msvcrrt20.dll (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot. (end) And here is my SuperAntiSpyware scan (From Safe Mode): SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/15/2012 at 00:30 AM Application Version : 5.0.1150 Core Rules Database Version : 8732 Trace Rules Database Version: 6544 Scan type : Complete Scan Total Scan Time : 09:35:54 Operating System Information Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 307 Memory threats detected : 0 Registry items scanned : 33354 Registry threats detected : 0 File items scanned : 181698 File threats detected : 35 Adware.Tracking Cookie C:\Documents and Settings\Sakura\Cookies\XLGLUDQW.txt [ /doubleclick.net ] C:\Documents and Settings\Sakura\Cookies\HEHPB15V.txt [ /questionmarket.com ] C:\Documents and Settings\Sakura\Cookies\FEKIY76C.txt [ /statcounter.com ] C:\Documents and Settings\Sakura\Cookies\Q4C8S4HP.txt [ /revsci.net ] C:\Documents and Settings\Sakura\Cookies\M36WD5F6.txt [ /adxpose.com ] C:\Documents and Settings\Sakura\Cookies\NPMV9VZS.txt [ /traffic.34556y5n.info ] C:\Documents and Settings\Sakura\Cookies\5HRGR38I.txt [ /ads.adoptimized.com ] C:\Documents and Settings\Sakura\Cookies\GNOOA2BR.txt [ /overture.com ] C:\Documents and Settings\Sakura\Cookies\G4QWF8K8.txt [ /realmedia.com ] C:\Documents and Settings\Sakura\Cookies\XVRR40UD.txt [ /ad.yieldmanager.com ] C:\Documents and Settings\Sakura\Cookies\XU74T9Q7.txt [ /ox-d.fondnessmedia.com ] C:\Documents and Settings\Sakura\Cookies\S7VJK2VE.txt [ /imrworldwide.com ] C:\Documents and Settings\Sakura\Cookies\BACYFPCB.txt [ /cdn.jemamedia.com ] C:\Documents and Settings\Sakura\Cookies\XM3D6PHA.txt [ /serving-sys.com ] C:\Documents and Settings\Sakura\Cookies\ZFGWGNKJ.txt [ /in.getclicky.com ] C:\Documents and Settings\Sakura\Cookies\M2LMCWIN.txt [ /advertising.ezanga.com ] C:\Documents and Settings\Sakura\Cookies\XJ3WZ1BZ.txt [ /atdmt.com ] C:\Documents and Settings\Sakura\Cookies\KORQAMSX.txt [ /ru4.com ] C:\Documents and Settings\Sakura\Cookies\8CCDF1IL.txt [ /mediaplex.com ] C:\Documents and Settings\Sakura\Cookies\0A67HHU5.txt [ /adserver.adtechus.com ] C:\Documents and Settings\Sakura\Cookies\8UI4TEO3.txt [ /dc.tremormedia.com ] C:\Documents and Settings\Sakura\Cookies\FSLLJG21.txt [ /stat.onestat.com ] C:\Documents and Settings\Sakura\Cookies\QLJ31XLX.txt [ /bs.serving-sys.com ] C:\Documents and Settings\Sakura\Cookies\L4Z7JHUE.txt [ /media6degrees.com ] C:\Documents and Settings\Sakura\Cookies\L3WGR5ON.txt [ /lucidmedia.com ] C:\Documents and Settings\Sakura\Cookies\V0KKZDZI.txt [ /apmebf.com ] C:\Documents and Settings\Sakura\Cookies\G2VSNSG6.txt [ /invitemedia.com ] C:\Documents and Settings\Sakura\Cookies\FG3RA9EK.txt [ /statse.webtrendslive.com ] ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ] media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ] objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ] s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ] secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\SAKURA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZWMDNNKT ] Trojan.Agent/Gen-Sirefef C:\DOCUMENTS AND SETTINGS\SAKURA\LOCAL SETTINGS\APPLICATION DATA\{49081AA4-08D4-BFF3-6B2E-67656AEE082C}\U\80000032.@ Trojan.Agent/Gen-Nullo[short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{1FABC993-CAF4-4E0D-90EB-9C7372F68EF9}\RP730\A0102315.INI
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.