twobsolo

My computer has been infected by the ron tool netupbanner virus. It is keeping me from connecting to any server that can help me such as lavasoft and trend micro housecall. It turns off my firewall and turned off system restore deleting my previous restore points. This is my first time dealing with this virus. I am grateful for any assistance.


DDS (Version 1.0) - NTFSx86
Run by Owner at 14:20:34.35 on Fri 11/28/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.736 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Psuedo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://webmail.peacehealth.org/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AdwareProMFCT] c:\program files\adwarepro\AdwarePro.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~1.lnk - c:\program files\wireless device\wireless keyboard\Magickey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\enable~2.lnk - c:\program files\wireless device\wireless mouse\MouseAp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpzrcv01.lnk - c:\program files\hp\temp\{b94428f6-e93c-4d1d-8580-46d70fa07a9d}\setup\hpzstub.exe
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
AppInit_DLLs: karna.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2005-1-28 12964]
R3 HPFXBULK;HPFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2007-11-11 9344]

=============== Created Last 30 ================

2008-11-28 14:06 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-28 14:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 14:06 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 14:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-28 14:04 <DIR> --d----- c:\program files\Trend Micro
2008-11-28 10:48 <DIR> --d----- c:\windows\system32\appmgmt
2008-11-28 10:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-11-28 10:10 <DIR> --d----- C:\095656869fa05163197b
2008-11-24 18:48 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-12 14:31 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 14:31 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-09 17:28 0 a------- c:\windows\system32\MSVolume.dll
2008-11-09 17:28 <DIR> --d----- c:\program files\AdwarePro
2008-11-09 10:38 <DIR> --d----- c:\windows\pss
2008-11-09 10:37 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-11-09 10:36 21,504 a------- c:\windows\system32\hidserv.dll
2008-11-09 10:36 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2008-11-09 10:36 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-11-06 22:35 114 a------- c:\windows\system32\delself.bat
2008-11-06 22:35 <DIR> --d----- c:\docume~1\owner\applic~1\IUpd721
2008-11-06 22:26 28,672 a------- c:\windows\system32\ceg.sdr
2008-11-06 22:26 32,768 a------- c:\windows\system32\fes.ra
2008-11-06 22:26 32,768 a------- c:\windows\system32\fe.sp
2008-11-06 22:26 28,672 a------- c:\windows\system32\def.help
2008-11-06 22:26 63,488 a------- c:\windows\system32\rgv.xl
2008-11-06 22:26 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2008-11-06 22:26 10,000 a------- c:\windows\system32\jsne87fidgf.dll
2008-11-06 22:26 7,680 a------- C:\sydp.exe
2008-11-06 22:26 20,480 a------- C:\pqggin.exe
2008-11-06 22:25 <DIR> --dsh--- c:\windows\IA
2008-11-06 22:25 <DIR> --d----- c:\docume~1\owner\applic~1\gadcom
2008-11-06 22:25 <DIR> --d----- c:\docume~1\owner\applic~1\NI.GSCNS
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\X5
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\vm
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\r2
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\ert
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\bb
2008-11-06 22:25 <DIR> --d----- c:\windows\system32\QI19

==================== Find3M ====================

2008-11-28 14:10 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-28 10:53 <DIR> --d----- c:\program files\Yahoo!
2008-11-28 10:52 <DIR> --d----- c:\program files\epson
2008-11-09 12:58 <DIR> --d----- c:\program files\support.com
2008-11-09 12:11 578,560 a------- c:\windows\system32\user32.DLL
2008-10-16 20:26 <DIR> --d----- c:\docume~1\owner\applic~1\Move Networks
2008-10-08 18:15 <DIR> --d----- c:\docume~1\owner\applic~1\Viewpoint
2008-10-05 19:18 <DIR> --d----- c:\program files\Messenger
2008-10-05 19:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-05 19:11 <DIR> --d----- c:\program files\Windows NT
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-06-27 19:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Amazon
2007-07-02 16:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2007-07-02 15:35 <DIR> --d----- c:\docume~1\owner\applic~1\Smart Panel
2007-07-02 15:04 <DIR> --d----- c:\docume~1\owner\applic~1\TrojanHunter
2007-07-02 13:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Geek Squad
2006-12-31 03:08 <DIR> --d----- c:\docume~1\owner\applic~1\MySpace
2005-01-28 19:39 <DIR> --d----- c:\docume~1\owner\applic~1\Symantec
2005-01-24 07:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2005-01-24 07:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2005-01-24 07:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2005-01-28 19:20 0 a--sh--- c:\windows\sminst\HPCD.sys
2007-07-02 15:13 5 a--sh--- c:\windows\system32\cafbdbbee_s.dll

============= FINISH: 14:21:40.85 ===============

Attached Files

	Attach.txt (9.7 KB, 2 views)
	Gmer.txt (6.0 KB, 2 views)

Angelfire777

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: After downloading combofix, rename it to CFix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Angelfire777

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html