Possible Virus Infection.

[Steviee]

Hello. My pc got infected by 3 trojans Wednesday on a file called C//Windows/Keygenerators&Patches.exe

Mcafee deleted the whole map called "Keygenerators&patches"

I would like to know

- Is my PC still infected?
- What did the file "Keygenerators&Patches" do?
- Do i have other computer problems you may have noticed?
- How could i solve the problems if i have some.

Thanks,

Steven Glen

(Sorry if i made an error somewhere)


DDS (Ver_09-03-16.01) - NTFSx86
Run by Steve at 18:03:59,54 on vr 27-03-2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1020.283 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\UPHClean\uphclean.exe
c:\program files\lenovo\system update\suservice.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\SKDAEMON.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Documents and Settings\Steve.STEVE\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

mSearchAssistant = hxxp://www.google.com/ie?hl={SUB_RFC1766}
mCustomizeSearch = hxxp://www.google.com/preferences?hl={SUB_RFC1766}
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Getca] c:\program files\belkin usb wireless monitor\InfoMyCa.exe
mRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageworkstation\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageworkstation\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Hot Key Kbd Daemon] SKDAEMON.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default...;EN-US;KBHOWTO
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166277614073
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {3866BCC8-E200-4CB6-AD64-68A4CB2464DC} = 213.46.228.196,62.179.104.196
TCP: {D8A1D949-46AC-4548-BE9B-992BF1CF5735} = 192.168.123.1
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve~1.ste\applic~1\mozilla\firefox\profiles\bot3h102.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://nl.msn.com/?ocid=iehp
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\steve.steve\application data\mozilla\firefox\profiles\bot3h102.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\lenovo\client security solution\pwm firefox extension\components\tvtpwm_moz_xpcom.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 213640]
R2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;c:\program files\belkin usb wireless monitor\WLService.exe [2007-1-28 49152]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-23 55152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-26 206112]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-26 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-26 144704]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-26 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-26 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-26 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-26 40552]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2006-12-16 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2006-12-16 9216]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-26 34216]

=============== Created Last 30 ================

2009-03-26 22:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lenovo
2009-03-26 22:02 <DIR> --d----- c:\docume~1\steve~1.ste\applic~1\Lenovo
2009-03-26 18:33 <DIR> --d----- c:\docume~1\steve~1.ste\applic~1\McAfee
2009-03-26 18:29 6,841 a------- c:\windows\system32\Config.MPF
2009-03-26 18:26 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-26 18:26 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-26 18:26 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-26 18:26 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-03-26 18:26 <DIR> --d----- c:\program files\common files\McAfee
2009-03-26 18:25 <DIR> --d----- c:\program files\McAfee.com
2009-03-26 18:25 <DIR> --d----- c:\program files\McAfee
2009-03-26 18:23 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-25 19:52 1,089,883 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-24 17:56 <DIR> --d----- C:\6fdc500dc0f86c03aeb1d47cd5c005a4
2009-03-23 22:47 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-03-23 22:46 55,152 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-23 22:45 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-03-23 22:45 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-03-22 19:02 129,784 -------- c:\windows\system32\pxafs.dll
2009-03-22 19:02 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-03-22 19:02 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-03-22 19:02 <DIR> --d----- c:\program files\common files\DivX Shared
2009-03-22 19:02 <DIR> --d----- c:\program files\DivX
2009-03-04 22:07 1,692,984 a------- c:\windows\system32\cspcore.dll
2009-03-04 22:07 955,704 a------- c:\windows\system32\cssuserdatadispatcher.dll
2009-03-04 21:58 292,152 a------- c:\windows\system32\tvt_gina_api.dll
2009-03-04 21:57 582,968 a------- c:\windows\system32\tvt_gina.dll
2009-03-04 21:57 734,520 a------- c:\windows\system32\tcsrpc.dll
2009-03-04 21:57 427,320 a------- c:\windows\system32\tvttsp.dll

==================== Find3M ====================

2009-03-26 21:58 30,144 a------- c:\windows\system32\drivers\psadd.sys
2009-03-26 18:32 511,858 a------- c:\windows\system32\perfh013.dat
2009-03-26 18:32 92,036 a------- c:\windows\system32\perfc013.dat
2009-02-09 15:08 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-06 19:55 308,616 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-27 02:35 43,528 -------- c:\windows\system32\drivers\pxhelp20.sys
2009-01-27 02:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-01-27 02:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-01-27 02:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-01-27 02:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-01-27 02:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-27 02:34 684,032 a------- c:\windows\system32\DivX.dll
2009-01-25 21:41 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 18:05:01,12 ===============

[Steviee]

Well i really was nervous that i still may have a virus on my computer that i made a back up of any important files i have and formatted and reinstalled my pc. It looks so much faster even though i installed all the programs i had on it before(Firefox,Java,Adobe reader,Shockwave,Flashplayer,MSN.)

Since i formatted My PC this log should not be high priority although i like to see if i was indeed infected by a possible virus.

Thanks!

Edit : I heard from people that the ''Keygenerators and patches'' was a program that can crack codes from legal software so you dont have to pay for it. If that is true, sombody had to put it there. I used the same Windows installation CD to reinstall my PC and the map did not excist at all.

[Steviee]

It has been over 72 hours that nobody responded to my problem.(1st post)

[tetonbob]

Hello -

Without having the file, it's difficult to say what exactly it did, but anything labeled Keygenerators&Patches.exe is likely to bring your machine a world of pain.

Using cracks and keygens is illegal, and a great way to get a machine infected. We don't condone or approve the use of cracks, keygens or other means of using software illegally, and often requests for aid after using such will go unanswered.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

If you didn't place it on the machine, then someone with access to it did. If you're not the only user of the machine, then the other users need to be educated.

The machine was infected. If you've formatted since the initial logs were posted, then you should be fine, but there's no way of knowing without seeing fresh logs from DDS and GMER.

Also please do this:

Disable resident protections (Antivirus...); re-enable them after the scan

Download ToolBar S&D < here

Double-click ToolBar S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which was created: (%SystemDrive%\TB.txt)

[Steviee]

Thanks TetonBob for your time and your response. Me and my dad NEVER installed Keygenerators&Patches. In fact i used the same Windows XP on this Computer and i could not find any map called like that. I attachted the files you asked me to do.


DDS Log file


DDS (Ver_09-03-16.01) - NTFSx86
Run by Steven at 20:37:36,37 on di 31-03-2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1020.276 [GMT 2:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\SKDAEMON.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Steven\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Hot Key Kbd Daemon] SKDAEMON.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix /waitstart
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\belkin~1.lnk - c:\program files\belkin\f5d8053v3011\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\belkin~2.lnk - c:\program files\belkin\f5d7050v5\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hulppr~1.lnk - c:\program files\belkin\f5d8053v4\Belkinwcui.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238270487750
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238270481734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steven\applic~1\mozilla\firefox\profiles\yybaeb1w.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - component: c:\documents and settings\steven\application data\mozilla\firefox\profiles\yybaeb1w.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\steven\application data\mozilla\firefox\profiles\yybaeb1w.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-10-6 144704]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-3-29 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-10-6 54608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-3-29 72904]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-3-29 34344]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-3-29 177672]
R3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2009-3-28 16384]
R3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2009-3-28 9216]

=============== Created Last 30 ================

2009-03-31 20:33 <DIR> --d----- C:\ToolBar SD
2009-03-31 18:53 <DIR> --d----- c:\docume~1\steven\applic~1\Malwarebytes
2009-03-31 18:53 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-31 18:53 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-31 18:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-31 18:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-31 18:08 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-31 18:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-29 02:38 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-29 02:38 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-29 01:47 <DIR> --d----- c:\windows\system32\Adobe
2009-03-29 00:59 <DIR> --d----- c:\documents and settings\steven\Tracing
2009-03-29 00:58 <DIR> --d----- c:\program files\Microsoft
2009-03-29 00:57 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-29 00:55 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-29 00:53 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-29 00:48 238,848 a------- c:\windows\system32\drivers\BLKWGU.sys
2009-03-29 00:48 12,117 -------- c:\windows\system32\drivers\string.ini
2009-03-29 00:48 38,144 a------- c:\windows\system32\drivers\EAPPkt.sys
2009-03-29 00:35 <DIR> --d----- c:\documents and settings\steven\dd framework
2009-03-29 00:26 21,361 a------- c:\windows\system32\drivers\AegisP.sys
2009-03-29 00:25 <DIR> --d----- c:\windows\{7B355114-7439-42B6-AB50-516834796D4D}
2009-03-29 00:20 <DIR> --d----- c:\program files\Belkin
2009-03-29 00:12 53,248 -------- c:\windows\system32\PKCPL.CPL
2009-03-29 00:12 6,397,952 -------- c:\windows\system32\PKCFG.EXE
2009-03-29 00:12 155,648 -------- c:\windows\system32\SKUNINST.EXE
2009-03-29 00:12 131,072 -------- c:\windows\system32\SKUTIL.DLL
2009-03-29 00:12 61,440 -------- c:\windows\system32\SKOSD.DLL
2009-03-29 00:12 61,440 -------- c:\windows\system32\SKHOOKS.DLL
2009-03-29 00:12 49,152 -------- c:\windows\system32\SKSETUP.DLL
2009-03-29 00:12 65,536 -------- c:\windows\system32\SKUSBKBD.DLL
2009-03-29 00:12 40,960 -------- c:\windows\system32\SKDAEMON.EXE
2009-03-29 00:04 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-03-29 00:04 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-29 00:04 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-03-29 00:04 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-03-29 00:04 72,904 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-29 00:04 64,488 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-03-29 00:04 34,344 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-29 00:04 177,672 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-29 00:04 52,136 a------- c:\windows\system32\drivers\mfetdik.sys
2009-03-29 00:04 <DIR> --d----- c:\program files\McAfee
2009-03-29 00:04 <DIR> --d----- c:\program files\common files\McAfee
2009-03-29 00:02 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-03-29 00:00 1,060,864 a------- c:\windows\system32\MFC71.DLL
2009-03-29 00:00 1,047,552 a------- c:\windows\system32\MFC71U.DLL
2009-03-29 00:00 348,160 a------- c:\windows\system32\MSVCR71.DLL
2009-03-29 00:00 <DIR> --d----- c:\program files\ThinkVantage
2009-03-28 23:59 <DIR> --d----- C:\DRIVERS
2009-03-28 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCDr
2009-03-28 23:55 <DIR> --d----- c:\program files\PCDR5
2009-03-28 23:51 <DIR> --d----- c:\program files\Analog Devices
2009-03-28 23:44 <DIR> --d----- C:\Intel
2009-03-28 23:27 <DIR> --d----- C:\SWTOOLS
2009-03-28 23:19 <DIR> --d----- c:\program files\Lenovo Hard Drive Quick Test
2009-03-28 22:37 <DIR> --d----- C:\IBMTOOLS
2009-03-28 22:27 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-03-28 22:26 21,504 a------- c:\windows\system32\hidserv.dll
2009-03-28 22:26 58,112 a------- c:\windows\system32\drivers\redbook.sys
2009-03-28 22:25 76,288 ac------ c:\windows\system32\dllcache\usbui.dll
2009-03-28 22:25 76,288 a------- c:\windows\system32\usbui.dll
2009-03-28 22:10 <DIR> --d----- C:\55db4ab7397f8d8a7e19a14532ea
2009-03-28 22:10 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-28 22:03 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-28 22:03 2,193,536 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-28 22:03 2,149,888 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-28 22:03 2,070,400 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-28 22:03 2,028,544 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-28 22:01 27,672 a------- c:\windows\system32\wuapi.dll.mui
2009-03-28 22:01 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-28 22:00 <DIR> --d-hr-- c:\documents and settings\steven\Onlangs geopend
2009-03-28 21:59 <DIR> --d----- c:\program files\common files\ODBC
2009-03-28 21:59 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-28 21:58 66,082 ac------ c:\windows\system32\dllcache\c_20127.nls
2009-03-28 21:58 <DIR> --d-h--- c:\documents and settings\all users\Sjablonen
2009-03-28 21:58 <DIR> --d--r-- c:\documents and settings\all users\Menu Start
2009-03-28 21:58 <DIR> --d--r-- c:\documents and settings\all users\Documenten
2009-03-28 21:58 <DIR> --d----- c:\documents and settings\all users\Favorieten
2009-03-28 21:58 <DIR> --d----- c:\documents and settings\all users\Bureaublad
2009-03-28 21:57 147,456 a----r-- c:\windows\system32\igfxres.dll
2009-03-28 21:57 561 a------- c:\windows\system32\$winnt$.inf
2009-03-28 21:51 <DIR> --d--r-- c:\documents and settings\steven\Favorieten
2009-03-28 21:51 <DIR> --d----- c:\documents and settings\steven\Bureaublad
2009-03-28 21:51 <DIR> --d-h--- c:\documents and settings\steven\Sjablonen
2009-03-28 21:51 <DIR> --d-h--- c:\documents and settings\steven\Netwerkprinteromgeving
2009-03-28 21:51 <DIR> --d--r-- c:\documents and settings\steven\Mijn documenten
2009-03-28 21:51 <DIR> --d--r-- c:\documents and settings\steven\Menu Start
2009-03-28 21:38 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-28 21:38 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-03-28 21:38 <DIR> --d----- c:\program files\Online Services
2009-03-28 21:37 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-28 21:35 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-03-28 21:35 <DIR> --d----- c:\program files\Messenger
2009-03-28 21:35 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-28 21:35 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-03-30 17:40 508,570 a------- c:\windows\system32\perfh013.dat
2009-03-30 17:40 90,642 a------- c:\windows\system32\perfc013.dat
2009-03-28 21:39 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-28 21:36 21,748 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 16:08 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 20:38:06,00 ===============

[tetonbob]

It would be unusual for that sort of file to just appear without it being downloaded onto the machine from clicking a link, or transferred to to the machine via removable media.

Logs look clean. Any Symptoms? Did Malwarebytes AntiMalware find anything? If so, can you post the log from that run which did? You can access the logs via the program interface > Logs tab. Highlight the report, and select Open.

[Steviee]

Thanks for your time and checking the logs.

Malware found nothing
Spybot found nothing
McAfee 8.5 updated on Demand scan on my whole C:/ found nothing.

I guess that my PC is clean?

This is off-topic but do you think that the virus will be launched tomorrow?
I forgot the name it something like ''Confickt C'' or something? If so what are you gone do to be extra safe?


Thanks again, good work

[tetonbob]

Glad to hear it, you should be fine...

My machines are clean, protected, and have all Windows Updates. Ensure you have all critical updates from Windows Update, an active and current AntiVirus, and you should be fine. April 1 is supposed to be the next date the conficker/downadup worm phones home for instructions. Researchers don't know what those instructions will do.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.