javee01

As topic states, my computer had been infected earlier today with trojans after my cousins inserted their flash drives to it. I was confident SuperAntiSpyware could take care of it when something pops up.

But after a few hours, all this things happened:

* I cannot access Task Manager anymore.
* I cannot access Regedit also.
* Done a full scan with SuperAntiSpyware, and it found the following:
- Trojan.Agent/Gen-Virut
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\HUFJV.EXE
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\KFAYMR.EXE
- Trojan.Agent/Gen-WinX
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\DEAA.EXE
- Trojan.Maildrop/Gen
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\WINHAJE.EXE
C:\DOCUMENTS AND SETTINGS\JAVEE\LOCAL SETTINGS\TEMP\WINVBWOED.EXE
C:\DOCUMENTS AND SETTINGS\JAVEE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LVGRCAMT.DEFAULT\WINHAJE.EXE

Reccently, I also noticed that accessing antivirus websites are also blocked. One of my application (Dragonica) also failed to run properly.

I hope giving this information, you can help me fix my problem. Thank you very much.

Here's my DDS

DDS (Ver_09-10-13.01) - NTFSx86
Run by javee at 0:40:28.28 on Sat 10/24/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1584 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
D:\Program Files\SUPERAntiSpyware\f3bd8247-7ee2-4bcc-b42e-704d670038fc.exe
C:\DOCUME~1\javee\LOCALS~1\Temp\winwysv.exe
C:\DOCUME~1\javee\LOCALS~1\Temp\hidqci.exe
C:\DOCUME~1\javee\LOCALS~1\Temp\ktwegt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\javee\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mWinlogon: Shell=Explorer.exe c:\windows\system32\keyboard\services.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\program files\orbitdownloader\GrabPro.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [AnVir Task Manager Pro] "d:\program files\anvir task manager pro\AnVir.exe" Minimized
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [USB2.0] c:\documents and settings\all users\application data\microsoft\usb2.0\usb-hi.exe
mRun: [Keyboard] c:\documents and settings\all users\application data\fearghus\lsass.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\kbdrv16.com
uPolicies-explorer: DisallowRun = 0 (0x0)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: DisallowRun = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\javee\applic~1\mozilla\firefox\profiles\lvgrcamt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\real alternative\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [2009-10-6 2560]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ntiojn.sys --> c:\windows\system32\drivers\ntiojn.sys [?]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-8-22 108289]
S2 vzscr;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\javee\locals~1\temp\VCD1D.tmp [2009-10-20 25360]

=============== Created Last 30 ================

2009-10-24 00:14 <DIR> --d----- c:\docume~1\javee\applic~1\Uniblue
2009-10-23 23:49 <DIR> --d----- c:\docume~1\javee\applic~1\GetRightToGo
2009-10-23 22:10 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-10-23 20:25 <DIR> --d-h--- c:\windows\system32\C58A45
2009-10-23 20:25 <DIR> --d-h--- c:\windows\system32\BC8470
2009-10-23 20:25 <DIR> --d-h--- c:\windows\system32\5C0786
2009-10-23 20:21 <DIR> --d----- c:\windows\system32\keyboard
2009-10-23 20:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Fearghus
2009-10-19 18:10 1,970,176 a------- c:\windows\system32\d3dx9.dll
2009-10-19 18:10 679,936 a------- c:\windows\system32\D3DX81ab.dll
2009-10-14 07:54 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-10 21:00 480,256 ac------ c:\windows\system32\dllcache\cintsetp.exe
2009-10-10 21:00 455,168 ac------ c:\windows\system32\dllcache\tintsetp.exe
2009-10-10 21:00 44,032 ac------ c:\windows\system32\dllcache\tintlphr.exe
2009-10-10 21:00 11,776 a------- c:\windows\system32\miniime.tpl
2009-10-10 21:00 59,392 ac------ c:\windows\system32\dllcache\imscinst.exe
2009-10-10 21:00 155,705 ac------ c:\windows\system32\dllcache\imjpdsvr.exe
2009-10-10 21:00 307,257 ac------ c:\windows\system32\dllcache\imjpdct.exe
2009-10-10 21:00 262,200 ac------ c:\windows\system32\dllcache\imjputy.exe
2009-10-10 21:00 233,527 ac------ c:\windows\system32\dllcache\imjprw.exe
2009-10-10 21:00 208,952 ac------ c:\windows\system32\dllcache\imjpmig.exe
2009-10-10 21:00 196,665 ac------ c:\windows\system32\dllcache\imjpinst.exe
2009-10-10 21:00 57,399 ac------ c:\windows\system32\dllcache\cplexe.exe
2009-10-10 19:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-10-10 19:40 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-10-10 19:37 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-10-10 19:37 <DIR> --d----- c:\docume~1\javee\applic~1\DAEMON Tools Lite
2009-10-09 22:39 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-10-09 22:39 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-10-09 22:39 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-10-09 22:39 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-10-09 22:39 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-10-09 22:39 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-10-09 22:39 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-10-09 22:39 8,192 a------- c:\windows\system32\kbdkor.dll
2009-10-09 22:39 6,144 a------- c:\windows\system32\kbd106.dll
2009-10-09 22:39 6,144 a------- c:\windows\system32\kbd101c.dll
2009-10-09 22:39 6,144 a------- c:\windows\system32\kbd101b.dll
2009-10-09 22:39 5,632 a------- c:\windows\system32\kbd103.dll
2009-10-06 23:39 2,560 a------- c:\windows\system32\drivers\mchInjDrv.sys
2009-09-29 21:18 <DIR> --d----- c:\windows\system32\WPB709_‚Ù‚µ‚Ì‚*‚«2 dir
2009-09-29 20:59 <DIR> --d----- c:\windows\SxsCaPendDel

==================== Find3M ====================

2009-09-09 14:32 152,904 a------- c:\windows\system32\vghd.scr
2009-08-25 17:04 75,264 a------- c:\windows\system32\uc_holybeast_launching.dll
2009-08-22 11:00 64,566 a------- c:\windows\War3Unin.dat
2009-08-22 09:41 139,264 a------- c:\windows\War3Unin.exe
2009-08-22 09:41 2,829 a------- c:\windows\War3Unin.pif
2009-08-08 19:52 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-08-08 05:25 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-06 04:04 81,984 a------- c:\windows\system32\bdod.bin
2009-08-02 18:40 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll
2004-08-04 06:56 171,362 a--shr-- c:\windows\system32\bfzbrenk.dll

============= FINISH: 0:40:38.35 ===============

Attached Files

Attach.zip (3.9 KB, 1 views)

chemist

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please keep this computer offline except when downloading tools and posting in the forum until we get an antivirus installed. Let me know your intentions for an antivirus program.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

chemist

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------