moist22

Hi

My computer has recently been hit (last 24 hours) with something which is disabling all of my microsoft sites/programs and access to antivirus sites .

Going back 24 hours i had another virus which made my computer really slow redirected sites and posted 3 porn links on my desktop. After this i did a non destructive system recovery (after which i got an ntdlr is compressed message but i fixed it). As soon as i had got the computer running back to normal i installed sp2 as my computer originally came with sp1 and windows 2003 xp home edition.

when i got back on the internet i found my problem and i couldnt sign into msn messenger or access antivirus sites. I have tried these programs :Ad-Aware spybot search , vundo fix , super anti spyware and malware bytes anti spyware.

i have also booted my pc into safe mode and used sdfix. And i have used atf cleaner and cc cleaner to delete cookies and temp files and i have cleared my cache.

Another note i have tried to run Combofix from the desktop but it just says its been compromised and i need to download a new copy and then deletes its self (i have downloaded new copies)

Below is my DDS log

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 16:43:41.29 on 02/08/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.506 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mPolicies-explorer: <NO NAME> =
Trusted Zone: microsoft.com\windowsupdate
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\21wegk9h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-6-5 581632]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2003-1-2 59642]
R3 TaurusPci;ADSL Modem PCI Service;c:\windows\system32\drivers\toruspci.sys [2003-1-2 447201]
R4 SAVRTPEL;SAVRTPEL;\??\c:\windows\system32\drivers\savrtpel.sys --> c:\windows\system32\drivers\SAVRTPEL.SYS [?]

=============== Created Last 30 ================

2009-08-02 14:41 <DIR> --d----- c:\windows\pss
2009-08-02 13:58 577,024 ac------ c:\windows\system32\dllcache\user32.dll
2009-08-02 13:54 <DIR> --d----- c:\windows\ERUNT
2009-08-02 13:46 <DIR> --d----- C:\SDFix
2009-08-02 13:24 147 a------- c:\windows\wininit.ini
2009-08-02 12:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-02 12:29 <DIR> --d----- c:\windows\system32\CatRoot2
2009-08-02 12:25 <DIR> --d----- c:\docume~1\owner\applic~1\AVG8
2009-08-02 12:15 <DIR> --d----- c:\program files\Lavasoft
2009-08-02 12:01 <DIR> --d----- c:\program files\VideoLAN
2009-08-02 02:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 02:24 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-02 01:51 <DIR> --d----- c:\program files\iPrimo
2009-08-02 01:51 <DIR> --d----- c:\program files\GetPrimo
2009-08-02 01:51 <DIR> --d----- c:\docume~1\owner\applic~1\GetPrimo
2009-08-02 01:45 359,040 ac------ c:\windows\system32\dllcache\TCPIP.SYS
2009-08-02 01:39 19,528 a------- c:\windows\005502_.tmp
2009-08-02 00:53 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-01 23:38 24,576 a------- c:\windows\system32\drivers\kbdclass.sys
2009-08-01 23:38 52,736 a------- c:\windows\system32\drivers\i8042prt.sys
2009-08-01 23:32 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-08-01 23:31 20,992 a------- c:\windows\system32\drivers\rtl8139.sys
2009-08-01 23:31 61,056 a------- c:\windows\system32\drivers\ohci1394.sys
2009-08-01 23:31 53,248 a------- c:\windows\system32\drivers\1394bus.sys
2009-08-01 21:37 <DIR> --d----- c:\docume~1\owner\applic~1\Logs
2009-08-01 21:32 1,110,399 a------- c:\windows\system32\UACotfaiuktls.db
2009-08-01 21:32 128,000 a------- c:\windows\SC.INS
2009-08-01 21:32 73 a------- C:\DIET WITHOUT HUNGER.url
2009-08-01 21:31 359,040 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-31 19:49 160,640 a------- c:\windows\system32\drivers\a347bus.sys
2009-07-31 19:49 5,248 a------- c:\windows\system32\drivers\a347scsi.sys
2009-07-31 18:46 <DIR> --d----- c:\program files\SlySoft
2009-07-31 18:45 <DIR> --d----- c:\documents and settings\owner\SLYSOFT PACK Clone CD 5.2.9.1 + Any DVD 5.9.6.3 + Clone DVD 2.8.9.9 + KEYGEN FOR ALL SLYSOFT PROGRAMS BY DJ FANTASTIC
2009-07-31 14:23 0 a------- c:\windows\PowerReg.dat
2009-07-31 14:20 <DIR> --d----- c:\program files\Infogrames Interactive
2009-07-31 00:06 <DIR> -cd----- C:\Games
2009-07-31 00:05 4,096 a------- c:\windows\d3dx.dat
2009-07-30 20:14 72,704 a------- c:\windows\ipuninst.exe
2009-07-30 20:12 <DIR> --d----- c:\program files\Interplay
2009-07-30 01:10 <DIR> -cd----- C:\USDownloader
2009-07-30 01:09 1,073,152 a------- c:\windows\system32\libeay32.dll
2009-07-30 01:09 200,704 a------- c:\windows\system32\ssleay32.dll
2009-07-29 12:56 <DIR> --d----- c:\program files\Maxis
2009-07-28 22:49 27,672 a----r-- c:\windows\system32\drivers\Entech.sys
2009-07-28 22:49 <DIR> --d----- c:\windows\system32\Futuremark
2009-07-28 22:49 <DIR> --d----- c:\program files\common files\Futuremark Shared
2009-07-26 19:11 6,148 a------- C:\.DS_Store
2009-07-23 17:34 <DIR> -cds---- C:\jimlol
2009-07-23 17:34 409,600 a------- c:\windows\system32\CF6912.exe
2009-07-23 16:08 382 a------- C:\debug.fz10.reg
2009-07-23 12:41 127,203 a------- C:\debug.fz10.mes
2009-07-23 05:04 28,160 a------- c:\documents and settings\owner\unecm.exe
2009-07-23 05:04 28,672 a------- c:\documents and settings\owner\ecm.exe
2009-07-21 02:00 <DIR> -cd----- C:\Programme
2009-07-21 01:05 <DIR> --d----- c:\windows\RegisteredPackages
2009-07-21 01:04 363,520 a------- c:\windows\system32\psisdecd.dll
2009-07-21 01:04 56,832 a------- c:\windows\system32\msdvbnp.ax
2009-07-21 01:04 51,328 a------- c:\windows\system32\drivers\msdv.sys
2009-07-21 01:04 33,280 a------- c:\windows\system32\psisrndr.ax
2009-07-21 01:04 15,360 a------- c:\windows\system32\drivers\mpe.sys
2009-07-21 01:04 18,432 a------- c:\windows\system32\bdaplgin.ax
2009-07-21 01:04 11,776 a------- c:\windows\system32\drivers\bdasup.sys
2009-07-21 01:04 67,072 a------- c:\windows\system32\dxdllreg.exe
2009-07-21 00:43 <DIR> --d----- c:\program files\Activision
2009-07-19 23:57 741,376 a------- c:\windows\iun6002ev.exe
2009-07-15 06:35 <DIR> --d----- c:\program files\eTeSoft iPod Video Converter
2009-07-15 00:48 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 00:48 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-14 21:09 <DIR> --d----- c:\program files\CCleaner
2009-07-14 20:59 <DIR> --d----- c:\program files\Trend Micro
2009-07-14 17:50 91 a------- c:\windows\system32\hjgruipyprtexr.dat
2009-07-14 17:42 13,879 a------- c:\windows\system32\hjgruikosllptv.dat
2009-07-14 13:51 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Babylon
2009-07-14 13:51 <DIR> --d----- c:\docume~1\owner\applic~1\Babylon
2009-07-08 00:52 <DIR> --d----- c:\program files\DoremiSoft
2009-07-07 21:21 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-07 21:02 <DIR> --d----- C:\cmdcons
2009-07-07 21:00 182,784 a------- c:\windows\SWREG.exe
2009-07-07 21:00 119,296 a------- c:\windows\sed.exe
2009-07-06 16:33 16 a------- c:\windows\system32\coh.cache

==================== Find3M ====================

2009-08-02 02:21 79,527 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-02 01:45 359,040 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-08-02 00:56 4,588 a--shr-- c:\windows\system32\drivers\HP_DF143A-ABU t190_YC_Pavi_QCZB323_E32GBheBLF2_4_IMS-6577_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.19_T030416_WXH1_L409_M1024_J120_7Intel_8Pentium 4_92.8_1103300F2_N104A0500_P_Z_K_A808624C5_U808624C2_G10DE0171.MRK
2009-07-01 22:33 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-04-04 22:55 20 ac------ c:\program files\Sims2Pack Clean Installer.ini
2008-01-22 19:46 604 ac--h--- c:\program files\STLL Notifier
2007-12-02 19:23 72,584 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2007-06-30 11:12 12,292 ac------ c:\program files\.DS_Store
2006-12-17 16:40 15,311 ac------ c:\program files\finderwindow.jpg
2006-11-11 12:02 3,994 ac------ c:\program files\conditions.rtf

============= FINISH: 16:44:20.68 ===============

any help would be great guys thanks

attached are my other two logs as per the instructions

Attached Files

Attach.zip (2.9 KB, 2 views)

km2357

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

km2357

moist22? Do you still need help?

km2357

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html