Thread: Ron tool netupbanner infection
View Single Post
Old 11-28-2008, 03:36 PM   #1 (permalink)
twobsolo
Registered User
 
Join Date: Nov 2008
Posts: 5
OS: xp service pack 3 5.1.2600


Ron tool netupbanner infection
My computer has been infected by the ron tool netupbanner virus. It is keeping me from connecting to any server that can help me such as lavasoft and trend micro housecall. It turns off my firewall and turned off system restore deleting my previous restore points. This is my first time dealing with this virus. I am grateful for any assistance.


DDS (Version 1.0) - NTFSx86
Run by Owner at 14:20:34.35 on Fri 11/28/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.736 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Psuedo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://webmail.peacehealth.org/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AdwareProMFCT] c:\program files\adwarepro\AdwarePro.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~1.lnk - c:\program files\wireless device\wireless keyboard\Magickey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~2.lnk - c:\program files\wireless device\wireless mouse\MouseAp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpzrcv01.lnk - c:\program files\hp\temp\{b94428f6-e93c-4d1d-8580-46d70fa07a9d}\setup\hpzstub.exe
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
AppInit_DLLs: karna.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2005-1-28 12964]
R3 HPFXBULK;HPFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2007-11-11 9344]

=============== Created Last 30 ================

2008-11-28 14:06 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-28 14:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 14:06 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 14:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-28 14:04 <DIR> --d----- c:\program files\Trend Micro
2008-11-28 10:48 <DIR> --d----- c:\windows\system32\appmgmt
2008-11-28 10:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-11-28 10:10 <DIR> --d----- C:\095656869fa05163197b
2008-11-24 18:48 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-12 14:31 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 14:31 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-09 17:28 0 a------- c:\windows\system32\MSVolume.dll
2008-11-09 17:28 <DIR> --d----- c:\program files\AdwarePro
2008-11-09 10:38 <DIR> --d----- c:\windows\pss
2008-11-09 10:37 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-11-09 10:36 21,504 a------- c:\windows\system32\hidserv.dll
2008-11-09 10:36 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2008-11-09 10:36 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-11-06 22:35 114 a------- c:\windows\system32\delself.bat
2008-11-06 22:35 <DIR> --d----- c:\docume~1\owner\applic~1\IUpd721
2008-11-06 22:26 28,672 a------- c:\windows\system32\ceg.sdr
2008-11-06 22:26 32,768 a------- c:\windows\system32\fes.ra
2008-11-06 22:26 32,768 a------- c:\windows\system32\fe.sp
2008-11-06 22:26 28,672 a------- c:\windows\system32\def.help
2008-11-06 22:26 63,488 a------- c:\windows\system32\rgv.xl
2008-11-06 22:26 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2008-11-06 22:26 10,000 a------- c:\windows\system32\jsne87fidgf.dll
2008-11-06 22:26 7,680 a------- C:\sydp.exe
2008-11-06 22:26 20,480 a------- C:\pqggin.exe
2008-11-06 22:25 <DIR> --dsh--- c:\windows\IA
2008-11-06 22:25 <DIR> --d----- c:\docume~1\owner\applic~1\gadcom
2008-11-06 22:25 <DIR> --d----- c:\docume~1\owner\applic~1\NI.GSCNS
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\X5
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\vm
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\r2
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\ert
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\bb
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\QI19

==================== Find3M ====================

2008-11-28 14:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-28 10:53 <DIR> --d----- c:\program files\Yahoo!
2008-11-28 10:52 <DIR> --d----- c:\program files\epson
2008-11-09 12:58 <DIR> --d----- c:\program files\support.com
2008-11-09 12:11 578,560 a------- c:\windows\system32\user32.DLL
2008-10-16 20:26 <DIR> --d----- c:\docume~1\owner\applic~1\Move Networks
2008-10-08 18:15 <DIR> --d----- c:\docume~1\owner\applic~1\Viewpoint
2008-10-05 19:18 <DIR> --d----- c:\program files\Messenger
2008-10-05 19:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-05 19:11 <DIR> --d----- c:\program files\Windows NT
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-06-27 19:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Amazon
2007-07-02 16:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2007-07-02 15:35 <DIR> --d----- c:\docume~1\owner\applic~1\Smart Panel
2007-07-02 15:04 <DIR> --d----- c:\docume~1\owner\applic~1\TrojanHunter
2007-07-02 13:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Geek Squad
2006-12-31 03:08 <DIR> --d----- c:\docume~1\owner\applic~1\MySpace
2005-01-28 19:39 <DIR> --d----- c:\docume~1\owner\applic~1\Symantec
2005-01-24 07:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2005-01-24 07:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2005-01-24 07:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2005-01-28 19:20 0 a--sh--- c:\windows\sminst\HPCD.sys
2007-07-02 15:13 5 a--sh--- c:\windows\system32\cafbdbbee_s.dll

============= FINISH: 14:21:40.85 ===============
Attached Files
File Type: txt Attach.txt (9.7 KB, 2 views)
File Type: txt Gmer.txt (6.0 KB, 2 views)
twobsolo is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here