Thread: Help with recent Malware causing pop-ups and slow performance
View Single Post
Old 12-07-2008, 07:23 AM   #5 (permalink)
emt1976
Registered User
 
Join Date: Dec 2008
Posts: 5
OS: Windows XP


Re: Help with recent Malware causing pop-ups and slow performance
I've removed suggested programs and attached logs as requested.


DDS (Version 1.0) - NTFSx86
Run by Administrator at 8:19:17.23 on Sun 12/07/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1529 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Administrator\Desktop\trojan.vundo\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mExplorerRun: [ZboardTray] "c:\program files\ideazon\zboard software\driver\ZboardTray.exe" /autolaunch
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\silent hunter wolves of the pacific\registrationreminder\RegistrationReminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - d:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - d:\program files\microtek\scanwizard 5\ScannerFinder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - d:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - d:\program files\sony corporation\picture package\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - d:\program files\microsoft office\office\1033\OLFSNT40.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: Zboard - Winlognotif.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2005-4-8 161392]
R2 PfDetNT;PfDetNT;\??\c:\windows\system32\drivers\PfModNT.sys [2005-12-8 8192]
R2 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\Rtvscan.exe" [2005-4-17 1706176]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081205.008\naveng.sys [2008-12-5 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081205.008\navex15.sys [2008-12-5 876112]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccPwdSvc.exe" [2005-4-8 83568]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\ICDSX.sys [2006-9-3 31744]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\SavRoam.exe" [2005-4-17 124608]

=============== Created Last 30 ================

2008-12-06 20:58 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-06 20:58 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-06 20:49 <DIR> --d----- c:\documents and settings\administrator\.SunDownloadManager
2008-12-06 16:34 <DIR> a-dshr-- C:\cmdcons
2008-12-06 16:33 161,792 a------- c:\windows\SWREG.exe
2008-12-06 16:33 98,816 a------- c:\windows\sed.exe
2008-12-06 16:33 <DIR> --d----- C:\ComboFix
2008-12-05 18:16 250 a------- c:\windows\gmer.ini
2008-12-05 18:05 <DIR> --d----- c:\program files\Trend Micro
2008-12-05 10:53 <DIR> --d----- c:\windows\pss
2008-12-04 23:43 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-04 23:43 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-04 23:43 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-04 23:43 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)

==================== Find3M ====================

2008-12-06 20:58 <DIR> --d----- c:\program files\Symantec AntiVirus
2008-12-05 10:22 <DIR> --d----- c:\program files\Lavasoft
2008-12-05 10:21 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-05 08:54 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-05 08:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-23 11:29 <DIR> --d----- c:\program files\GameShadow
2008-11-22 19:37 <DIR> --d----- c:\program files\Quicken Backup
2008-09-20 17:34 3,798 a------- c:\windows\system32\ealregsnapshot1.reg
2008-01-04 00:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2007-07-22 16:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\River Past G3
2007-07-22 16:28 <DIR> --d----- c:\docume~1\admini~1\applic~1\River Past G3
2006-12-16 10:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\Intuit
2006-12-16 10:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2006-08-26 17:24 <DIR> --d----- c:\docume~1\admini~1\applic~1\Ideazon
2006-08-16 23:54 <DIR> --d----- c:\docume~1\admini~1\applic~1\ICAClient
2006-02-28 11:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Microsoft Web Folders
2006-02-21 23:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec

============= FINISH: 8:19:31.53 ===============
Attached Files
File Type: txt kaspersky.txt (3.5 KB, 1 views)
emt1976 is offline