Tech Support Forum - View Single Post - [SOLVED] Malware download from Dailykeys.com

cchapline · 12-01-2008, 08:55 PM

I recently downloaded a file from dailykeys.com and believe my computer has been infected with malware.

I have a Sony Vaio VGC-RB30 and run the symantec internet security.
After the file was downloaded I was able to still run system scan and I think that helped. After that it would not allow me to open Norton again till I removed and reinstalled it. The virus also made it so I was not able to do things like view Folder Options in the Control Panel, run regedit, and I am now getting a stop: C000021A fatal system error upon shutdown. I have been able to fix most of the issues I've found except the stop error.

When my Norton would not open I ran the Microsoft Live OneCare, and the file that it keeps pointing to is C:\WINDOWS\system32\winrvc32.dll, but no matter what I try it will not delete.

Hopefully the attached info will lead you to my problem.

Please HELP!!!

DDS (Version 1.0) - NTFSx86
Run by Craig Chapline at 19:22:27.85 on Mon 12/01/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.137 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Common Files\AOL\1175477631\ee\AOLSoftware.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Craig Chapline\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.hotkobs.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
TB: {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [HostManager] c:\program files\common files\aol\1175477631\ee\AOLSoftware.exe
mRun: [VMConsole.exe] "c:\program files\sony\vaio media integrated server\platform\VMConsole.exe" /windowmin
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax42~1.lnk - c:\program files\efax messenger 4.2\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: winrvc32 - winrvc32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2006-9-3 105632]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2006-9-3 105632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-11-30 99376]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081201.006\NAVENG.SYS [2008-12-1 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081201.006\NAVEX15.SYS [2008-12-1 876112]
S1 f391e39d;f391e39d;c:\windows\system32\drivers\f391e39d.sys []
S3 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" [2008-11-30 1251720]

=============== Created Last 30 ================

2008-12-01 19:03 250 a------- c:\windows\gmer.ini
2008-11-30 22:45 <DIR> --d----- c:\program files\Norton Internet Security
2008-11-30 22:44 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-30 22:44 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-11-30 22:43 <DIR> --d----- c:\program files\Symantec
2008-11-30 18:26 4,946 a------- c:\windows\system32\tmp.reg
2008-11-30 18:20 <DIR> --d----- C:\!KillBox
2008-11-30 18:09 <DIR> --d----- c:\program files\Trend Micro
2008-11-30 16:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2008-11-29 23:12 <DIR> --d----- C:\Autoruns
2008-11-28 23:32 <DIR> --d----- c:\docume~1\craigc~1\applic~1\AdwareAlert
2008-11-28 22:38 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2008-11-28 09:55 39,424 -------- c:\windows\system32\winrvc32.dll
2008-11-11 18:21 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 18:20 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-10 13:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SonicStage
2008-11-10 12:55 <DIR> --d----- c:\program files\Pricedex Software Inc

==================== Find3M ====================

2008-12-01 19:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-12-01 19:00 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-28 20:59 <DIR> --d----- c:\docume~1\craigc~1\applic~1\RipIt4Me
2008-11-28 11:42 <DIR> --d----- c:\docume~1\craigc~1\applic~1\Vso
2008-11-10 13:06 <DIR> --d----- c:\docume~1\craigc~1\applic~1\Sony Corporation
2008-10-19 19:18 <DIR> --d----- c:\program files\AVS4YOU
2008-10-19 19:18 <DIR> --d----- c:\program files\common files\AVSMedia
2008-10-19 18:44 <DIR> --d----- c:\docume~1\craigc~1\applic~1\AVS4YOU
2008-10-19 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2008-10-19 17:44 <DIR> --d----- c:\program files\WinAVI Video Converter
2008-10-19 10:36 <DIR> --d----- c:\program files\Xvid
2008-10-03 14:34 625,032 a------- c:\windows\system32\SymNeti.dll
2008-10-03 14:34 242,056 a------- c:\windows\system32\SymRedir.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-05-22 19:29 <DIR> --d----- c:\docume~1\craigc~1\applic~1\Viewpoint
2008-04-19 15:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2008-02-05 17:50 <DIR> --d----- c:\docume~1\craigc~1\applic~1\ESS
2006-10-18 17:39 <DIR> --d----- c:\docume~1\craigc~1\applic~1\eFax Messenger
2006-10-18 17:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\eFax Messenger 4.2 Setup
2005-10-16 09:36 <DIR> --d----- c:\docume~1\craigc~1\applic~1\DeepBurner
2005-10-16 09:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2005-10-14 19:05 <DIR> --d----- c:\docume~1\craigc~1\applic~1\vlc
2005-08-08 15:59 <DIR> --d----- c:\docume~1\craigc~1\applic~1\FaxCtr
2005-06-27 20:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Innotech Solutions
2005-02-26 00:02 <DIR> --d----- c:\docume~1\craigc~1\applic~1\AOL
2005-02-26 00:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2004-11-16 19:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\VAIO Media Platform
2004-11-16 19:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2004-11-16 19:04 <DIR> --d----- c:\docume~1\craigc~1\applic~1\Intuit
2004-11-16 18:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation
2004-11-15 13:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 19:22:56.76 ===============