|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
PC has W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm virus - need help removing
Hello to all,
For the past few days my computer has been bogged down with slow load times on everything from operations to Internet browsing - including random pop-ups from IE7 when I solely use Firefox 3.5.3. As of two days ago, I got a pop-up that said: While I have tried to run my anti-virus software it's seemingly not working. I cannot get Trend Micro PC-cillin Internet Security to quit, which means I cannot uninstall it either, despite several attempts (it's just says 'Loading...'). I use MS Vista and I also keep getting the error message that the b.exe has stopped working. I have hopped around forums looking for guidance, but haven't found a helpful string yet and I was hoping someone could help me identify how to fix this issue. The only action I've taken was uninstall Viewpoint Media Player from my programs, as I saw that recommended a few times in other forum threads. If possible, please help. |
#2
|
||||
|
||||
Hello asee and welcome to CTH
We need to get a comprehensive report of what is present in your system. Please download DDS: Here to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. There are details for disabling many programmes Here When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Before you provide them, we ask that you remove any P2P/file sharing programs if you have any, and this includes Torrent software, before we clean your computer. |
#3
|
|||
|
|||
DDS (Ver_09-10-26.01) - NTFSX64
Run by nate at 6:45:33.95 on Thu 10/29/2009 Internet Explorer: 8.0.6001.18828 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4057.2407 [GMT -4:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_cce24a4c\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\taskeng.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_cce24a4c\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe C:\Program Files (x86)\McAfee\MSK\MskSrver.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\RUNDLL32.EXE C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\iPod\bin\iPodService.exe C:\Windows\System32\alg.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.ex e C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\nate\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\FMCH0U2M\dds[1].scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.facebook.com/home.php uDefault_Page_URL = hxxp://www.msn.com mLocal Page = c:\windows\syswow64\blank.htm BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.1203.0\msneshellx.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.1203.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Desktop Software] "c:\program files (x86)\common files\supportsoft\bin\bcont.exe" /ini "c:\program files (x86)\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [TomTomHOME.exe] "c:\program files (x86)\tomtom home 2\TomTomHOMERunner.exe" uRun: [RegistryMechanic] c:\program files (x86)\registry mechanic\RMTray.exe /S uRun: [PopRock] c:\users\nate\appdata\local\temp\b.exe uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell.exe" /mode2 mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll Trusted Zone: internet Trusted Zone: mcafee.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL BHO-X64: McAfee Phishing Filter - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO-X64: scriptproxy - No File TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe mRun-x64: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe" ============= SERVICES / DRIVERS =============== R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHl pa64.sys [2009-3-7 53488] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filereposi tory\stwrt64.inf_cce24a4c\AESTSr64.exe [2009-3-7 88576] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648] R2 SeaPort;SeaPort;c:\program files (x86)\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?] R3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw4v64.sys [2007-9-26 3196416] R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 159840] R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 311296] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2009-3-7 392192] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework6 4\v2.0.50727\mscorsvw.exe [2009-5-3 93184] S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw3v64.sys [2008-1-20 3154432] S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968] S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB64.sys [2007-4-3 1418112] ============== File Associations =============== JSEFile=c:\windows\syswow64\WScript.exe "%1" %* =============== Created Last 30 ================ 2009-10-21 03:04:59 2621440 ----a-w- c:\windows\system32\wucltux.dll 2009-10-21 03:04:17 98816 ----a-w- c:\windows\system32\wudriver.dll 2009-10-21 03:04:17 87552 ----a-w- c:\windows\syswow64\wudriver.dll 2009-10-21 03:04:16 575704 ----a-w- c:\windows\syswow64\wuapi.dll 2009-10-21 03:04:16 35552 ----a-w- c:\windows\syswow64\wups.dll 2009-10-21 03:03:36 36864 ----a-w- c:\windows\system32\wuapp.exe 2009-10-21 03:03:36 33792 ----a-w- c:\windows\syswow64\wuapp.exe 2009-10-21 03:03:36 185416 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-21 03:03:36 171608 ----a-w- c:\windows\syswow64\wuwebv.dll 2009-10-21 01:24:06 0 d-----w- c:\programdata\Roxio 2009-10-19 16:43:32 418 ----a-w- c:\users\nate\Documents - Shortcut.lnk 2009-10-16 21:40:52 4682824 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-16 21:32:42 818688 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-16 21:32:42 604672 ----a-w- c:\windows\syswow64\WMSPDMOD.DLL 2009-10-16 05:30:00 268800 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-16 05:29:59 213504 ----a-w- c:\windows\syswow64\msv1_0.dll 2009-10-16 05:29:54 174592 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-16 05:29:51 82944 ----a-w- c:\windows\system32\msasn1.dll 2009-10-16 05:29:50 61440 ----a-w- c:\windows\syswow64\msasn1.dll 2009-10-07 06:50:32 0 d---a-w- c:\programdata\TEMP 2009-10-07 06:50:29 506368 ----a-w- c:\windows\syswow64\msxml.dll 2009-10-07 06:50:28 24576 ----a-w- c:\windows\syswow64\STKIT432.DLL 2009-10-07 06:50:28 1081616 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX 2009-10-06 23:51:45 0 d-----w- c:\users\nate\appdata\roaming\Malwarebytes 2009-10-06 23:51:37 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-06 23:51:37 0 d-----w- c:\programdata\Malwarebytes 2009-10-06 22:19:21 65536 --sha-w- c:\users\nate\ntuser.dat{26d929e6-b2bb-11de-b2f8-0023ae21a93a}.TM.blf 2009-10-06 22:19:21 524288 --sha-w- c:\users\nate\ntuser.dat{26d929e6-b2bb-11de-b2f8-0023ae21a93a}.TMContainer00000000000000000002.regt rans-ms 2009-10-06 22:19:21 524288 --sha-w- c:\users\nate\ntuser.dat{26d929e6-b2bb-11de-b2f8-0023ae21a93a}.TMContainer00000000000000000001.regt rans-ms 2009-10-06 10:34:27 0 d-sh--w- C:\found.000 2009-10-05 23:38:18 411368 ----a-w- c:\windows\syswow64\deploytk.dll 2009-10-05 23:38:17 149280 ----a-w- c:\windows\syswow64\javaws.exe 2009-10-05 23:38:17 145184 ----a-w- c:\windows\syswow64\javaw.exe 2009-10-05 23:38:17 145184 ----a-w- c:\windows\syswow64\java.exe 2009-10-05 22:48:59 0 d-----w- c:\users\nate\appdata\roaming\McAfee 2009-10-05 21:29:04 238960 ------w- c:\windows\system32\MpSigStub.exe 2009-10-05 21:22:17 0 d-----w- c:\windows\system32\EventProviders 2009-10-04 04:14:16 65536 --sha-w- c:\users\nate\ntuser.dat{61d5fca2-b099-11de-88f6-0023ae21a93a}.TM.blf 2009-10-04 04:14:16 524288 --sha-w- c:\users\nate\ntuser.dat{61d5fca2-b099-11de-88f6-0023ae21a93a}.TMContainer00000000000000000002.regt rans-ms 2009-10-04 04:14:16 524288 --sha-w- c:\users\nate\ntuser.dat{61d5fca2-b099-11de-88f6-0023ae21a93a}.TMContainer00000000000000000001.regt rans-ms 2009-10-04 03:49:04 0 d-----w- c:\programdata\Xerox 2009-10-04 03:37:23 0 d-----w- c:\users\nate\appdata\roaming\Reallusion 2009-10-04 03:36:26 0 d-----w- c:\programdata\Creative ==================== Find3M ==================== 2009-10-20 21:05:52 51200 ----a-w- c:\windows\inf\infpub.dat 2009-10-20 21:05:52 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-10-20 21:05:50 86016 ----a-w- c:\windows\inf\infstor.dat 2009-10-05 23:05:56 80 ----a-w- c:\users\nate\appdata\roaming\wklnhst.dat 2009-09-16 14:22:40 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 14:22:40 308296 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 14:22:40 102472 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 14:15:38 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-08-31 14:03:21 375808 ----a-w- c:\windows\system32\psisdecd.dll 2009-08-31 14:03:20 558592 ----a-w- c:\windows\system32\EncDec.dll 2009-08-31 13:55:09 293376 ----a-w- c:\windows\syswow64\psisdecd.dll 2009-08-31 13:55:05 428544 ----a-w- c:\windows\syswow64\EncDec.dll 2009-08-28 12:51:05 32256 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 12:39:07 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll 2009-08-28 10:39:32 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-28 10:15:30 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll 2009-08-27 05:52:18 1147904 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:47:24 132096 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 05:47:23 77312 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:22:28 916480 ----a-w- c:\windows\syswow64\wininet.dll 2009-08-27 05:22:15 1208832 ----a-w- c:\windows\syswow64\urlmon.dll 2009-08-27 05:20:52 206848 ----a-w- c:\windows\syswow64\occache.dll 2009-08-27 05:18:40 5940224 ----a-w- c:\windows\syswow64\mshtml.dll 2009-08-27 05:18:37 594432 ----a-w- c:\windows\syswow64\msfeeds.dll 2009-08-27 05:18:37 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2009-08-27 05:18:00 25600 ----a-w- c:\windows\syswow64\jsproxy.dll 2009-08-27 05:17:43 71680 ----a-w- c:\windows\syswow64\iesetup.dll 2009-08-27 05:17:43 1985536 ----a-w- c:\windows\syswow64\iertutil.dll 2009-08-27 05:17:43 164352 ----a-w- c:\windows\syswow64\ieui.dll 2009-08-27 05:17:43 109056 ----a-w- c:\windows\syswow64\iesysprep.dll 2009-08-27 05:17:42 55808 ----a-w- c:\windows\syswow64\iernonce.dll 2009-08-27 05:17:42 184320 ----a-w- c:\windows\syswow64\iepeers.dll 2009-08-27 05:17:41 11069440 ----a-w- c:\windows\syswow64\ieframe.dll 2009-08-27 05:17:35 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll 2009-08-27 04:10:33 162816 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-27 03:42:29 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe 2009-08-27 03:42:23 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe 2009-08-27 03:41:45 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe 2009-08-14 17:29:27 141312 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 17:29:26 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 16:29:41 17920 ----a-w- c:\windows\syswow64\netevent.dll 2009-08-14 16:29:41 104960 ----a-w- c:\windows\syswow64\netiohlp.dll 2009-08-14 15:13:04 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 15:13:02 21504 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 15:13:01 12800 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 15:12:59 32256 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 15:12:59 23040 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 15:12:58 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 15:12:57 11264 ----a-w- c:\windows\system32\finger.exe 2009-08-14 14:16:55 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE 2009-08-14 14:16:55 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE 2009-08-14 14:16:52 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE 2009-08-14 14:16:51 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE 2009-08-14 14:16:50 19968 ----a-w- c:\windows\syswow64\ARP.EXE 2009-08-14 14:16:49 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE 2009-08-14 14:16:49 10240 ----a-w- c:\windows\syswow64\finger.exe 2009-03-07 16:40:13 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini 2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini 2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-03-07 15:17:16 76 --sh--r- c:\windows\CT4CET.bin 2009-03-07 16:00:49 8192 --sha-w- c:\windows\users\default\NTUSER.DAT ============= FINISH: 6:47:09.27 =============== |
#4
|
|||
|
|||
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-26.01) Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 3/7/2009 3:50:32 AM System Uptime: 10/29/2009 6:25:12 AM (0 hours ago) Motherboard: Dell Inc. | | 0G848F Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | Microprocessor | 1000/166mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 283 GiB total, 212.531 GiB free. E: is FIXED (NTFS) - 15 GiB total, 5.648 GiB free. F: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: ADS Instant HDTV PCI Device ID: ROOT\MEDIA\0000 Manufacturer: ADS Technologies Name: ADS Instant HDTV PCI PNP Device ID: ROOT\MEDIA\0000 Service: Ph3xIB64 Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Intel(R) PRO/Wireless 3945ABG Network Connection Device ID: ROOT\NET\0000 Manufacturer: Intel Corporation Name: Intel(R) PRO/Wireless 3945ABG Network Connection PNP Device ID: ROOT\NET\0000 Service: NETw4v64 ==== System Restore Points =================== ==== Installed Programs ====================== Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9 Adobe Shockwave Player 11.5 Advanced Audio FX Engine Apple Software Update Choice Guard Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Cozi Dell Getting Started Guide Dell Video Chat (remove only) Dell Webcam Central DELL0604 EDocs Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java(TM) 6 Update 15 Java(TM) 6 Update 7 Junk Mail filter update LimeWire 5.1.2 Live! Cam Avatar Creator McAfee SecurityCenter Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Works MSN Toolbar MSVCRT PowerDVD QuickTime Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Update for Microsoft .NET Framework 3.5 SP1 (KB963707) WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer ==== End Of File =========================== |
#5
|
||||
|
||||
Download The Avenger by Swandog46 from:here
Unzip/extract it to a folder on your desktop. Double click on avenger.exe to run The Avenger. Click OK. Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it. Copy all of the text in the below codebox to the clibpboard by highlighting it and then pressing Ctrl+C. Code:
Files to delete:c:\users\nate\appdata\local\temp\b.exe Click the Execute button. You will be asked Are you sure you want to execute the current script?. Click Yes. You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes. Your PC will now be rebooted. This log file will be located at C:\avenger.txt Update malwarebyte, run a complete scan and have it to fix what if find. Please post that log along with C:\avenger.txt |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Possible W32/Gaobot.worm......virus infection | Ianthe | Malware Removal | 18 | November 12th, 2009 01:49 PM |
Help needed Re: W32/Gaobot.worm.gen.u virus ? | vincemann | Malware Removal | 12 | November 2nd, 2009 05:14 AM |
w32/Gaobot.worm.gen.u-win32/Rbot.3eu!worm | MeYankee | Malware Removal | 13 | July 29th, 2009 05:52 AM |
worm.win32.netbooster2 virus | 99714 | Malware Removal | 18 | May 24th, 2008 04:39 PM |
Need Help Removing Either Win Fixer Virus or Welchia Worm! | bradmiska | Malware Removal | 1 | January 8th, 2006 09:56 AM |
All times are GMT +1. The time now is 05:36 PM.