Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page trojan program packed win32 tdss.z
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 2 1 2
 
LinkBack Thread Tools
Old 10-21-2009, 02:41 AM   #21 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
BLADE81 sorry to say this but after dragging the cfscript nothing happens that you told me..
it just checks and then without restart gives me the above log???
and the virus popped up again ....:(
what should i do???
here is the virus total link....


http://www.virustotal.com/analisis/8...957-1256114619
__________________
team work is essential it gives them other people to shoot at
Last edited by darklord_v; 10-21-2009 at 02:46 AM.
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-21-2009, 03:48 AM   #22 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
there is the fresh dds log

DDS (Ver_09-10-13.01) - NTFSx86
Run by (hu at 15:44:42.81 on Tue 10/13/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.417 [GMT 5:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AntiPoisoner\AntiPoisoner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\(hu\Desktop\dds.scr

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.mydreamworld.50webs.com
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
StartupFolder: c:\docume~1\(hu\startm~1\programs\startup\antipo~1.lnk - c:\program files\antipoisoner\AntiPoisoner.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252686822328
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\(hu\applic~1\mozilla\firefox\profiles\4qrix6ax.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\(hu\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll
FF - component: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 is-5I5B7drv;is-5I5B7drv;c:\windows\system32\drivers\54146997.sys [2009-10-10 148496]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-11 615344]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-11 615344]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-24 603904]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S0 nskjyr;nskjyr;c:\windows\system32\drivers\rlusog.sys --> c:\windows\system32\drivers\rlusog.sys [?]
S2 flxapffh;USB Mass Storage Monitor; [x]
S2 jugbany;Config Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 lpxiqjpb;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 xiiliq;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-13 1684736]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-13 14:41 <DIR> --d----- c:\program files\ESET
2009-10-13 14:18 236,544 a------- c:\windows\PEV.exe
2009-10-13 14:18 161,792 a------- c:\windows\SWREG.exe
2009-10-13 14:18 98,816 a------- c:\windows\sed.exe
2009-10-12 23:15 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-10-12 23:14 <DIR> --d----- c:\program files\MSECACHE
2009-10-11 22:10 271 a------- c:\windows\SysMech.INI
2009-10-11 20:19 <DIR> --d-h--- c:\windows\PIF
2009-10-11 18:39 406 a------- c:\windows\system32\ioloBootDefrag.cfg
2009-10-11 18:38 2,116,008 a------- c:\windows\system32\Incinerator.dll
2009-10-11 18:38 93,096 a------- c:\windows\system32\IncContxMenu.dll
2009-10-11 18:38 9,341 a------- c:\windows\system32\drivers\filedisk.sys
2009-10-11 18:38 30,208 a------- c:\windows\system32\iolobtdfg.exe
2009-10-11 18:38 12,288 a------- c:\windows\system32\smrgdf.exe
2009-10-11 18:38 <DIR> --d----- c:\program files\iolo
2009-10-11 18:27 74,703 a------- c:\windows\system32\mfc45.dll
2009-10-11 17:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2009-10-11 17:49 <DIR> --d----- c:\docume~1\(hu\applic~1\iolo
2009-10-10 18:58 148,496 a------- c:\windows\system32\drivers\54146997.sys
2009-10-10 13:08 40,730 a------- c:\windows\wininit.ini
2009-10-09 23:57 152,904 a------- c:\windows\system32\vghd.scr
2009-10-09 23:57 <DIR> --d----- c:\program files\vghd
2009-10-09 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-10-03 19:54 <DIR> --d----- c:\docume~1\(hu\applic~1\WordWeb
2009-10-03 19:12 <DIR> --d----- c:\program files\WordWeb
2009-10-03 19:12 1,050,296 -------- c:\windows\wweb32.dll
2009-09-27 21:20 <DIR> --d----- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-09-27 21:20 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-09-27 21:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-09-27 21:16 7,655,872 ac------ c:\windows\system32\dllcache\nv4_mini.sys
2009-09-27 21:16 7,655,872 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 20:27 <DIR> --d----- c:\program files\Driver Sweeper
2009-09-27 18:20 2,173,544 a------- c:\windows\system32\nvcplui.exe
2009-09-27 18:20 420,456 a------- c:\windows\system32\nvcpl.cpl
2009-09-27 18:20 81,920 a------- c:\windows\system32\nvwddi.dll
2009-09-27 16:12 10,756,096 a------- c:\windows\system32\nvoglnt.dll
2009-09-27 16:12 2,194,024 a------- c:\windows\system32\nvcuvid.dll
2009-09-27 16:12 2,007,040 a------- c:\windows\system32\nvcuda.dll
2009-09-27 16:12 1,714,792 a------- c:\windows\system32\nvcuvenc.dll
2009-09-27 16:12 1,604,482 a------- c:\windows\system32\nvdata.bin
2009-09-27 16:12 888,832 a------- c:\windows\system32\nvapi.dll
2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcodins.dll
2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcod.dll
2009-09-26 05:25 2,707 a------- C:\PerfData{F0C5E3B8-871A-11DE-8043-806D6172696F}.xml
2009-09-25 22:43 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-09-24 21:29 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-09-24 21:29 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-09-24 21:29 362,240 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-24 21:29 <DIR> --d----- c:\docume~1\(hu\applic~1\TuneUp Software
2009-09-24 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-09-24 21:28 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-09-24 21:27 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-24 19:18 <DIR> --d----- c:\program files\YourWare Solutions
2009-09-23 17:48 118 a------- c:\windows\system32\MRT.INI
2009-09-22 05:01 4,820 a------- C:\config.xml
2009-09-21 12:15 3,230 a------- c:\windows\system32\72.scr
2009-09-16 23:50 537 a------- c:\windows\eReg.dat
2009-09-16 16:15 305,664 a------- c:\windows\IsUn0415.exe
2009-09-15 21:55 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-15 21:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-15 19:22 305,152 a------- c:\windows\IsUn0419.exe
2009-09-15 19:22 <DIR> --d----- c:\documents and settings\(hu\WINDOWS

==================== Find3M ====================

2009-10-13 15:41 39,022,624 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-10-13 14:23 375,944 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-10-05 13:38 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-09-27 18:19 3,166,208 a------- c:\windows\system32\nvwss.dll
2009-09-27 18:19 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-09-27 18:19 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-09-27 18:19 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-09-27 18:19 188,416 a------- c:\windows\system32\nvmccss.dll
2009-09-27 18:19 13,918,208 a------- c:\windows\system32\nvcpl.dll
2009-09-27 18:19 4,935,680 a------- c:\windows\system32\nvdisps.dll
2009-09-27 18:19 172,100 a------- c:\windows\system32\nvsvc32.exe
2009-09-27 18:19 143,360 a------- c:\windows\system32\nvcolor.exe
2009-09-27 18:19 86,016 a------- c:\windows\system32\nvmctray.dll
2009-09-27 18:19 229,376 a------- c:\windows\system32\nvmccs.dll
2009-09-27 16:12 5,900,416 a------- c:\windows\system32\nv4_disp.dll
2009-09-25 10:37 667,136 -------- c:\windows\system32\wininet.dll
2009-09-25 10:37 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-11 19:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 17:24 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-11 17:24 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-05 02:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-02 19:05 22,328 a------- c:\docume~1\(hu\applic~1\PnkBstrK.sys
2009-09-02 19:05 682,280 a------- c:\windows\system32\pbsvc.exe
2009-08-26 13:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-16 12:57 418,480 a------- c:\windows\system32\wrap_oal.dll
2009-08-16 12:57 115,432 a------- c:\windows\system32\OpenAL32.dll
2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-08-13 02:28 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-13 02:22 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-13 01:26 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 14:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 19:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2009-07-29 09:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 09:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-20 14:12 18,670,592 a------- c:\windows\RTHDCPL.EXE
2009-07-18 00:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 21:22 1,435,648 a------- c:\windows\system32\query.dll
2009-10-21 11:39 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat


here is what eset showed after a full scan (they aren't removed as you told to uncheck remove threats)

D:\System Volume Information\_restore{0264F20B-4F5E-45C5-98E0-1E02CA0E7303}\RP1\A0000005.inf Win32/PSW.OnLineGames.NNU trojan
E:\System Volume Information\_restore{0264F20B-4F5E-45C5-98E0-1E02CA0E7303}\RP1\A0000007.inf Win32/PSW.OnLineGames.NNU trojan
F:\System Volume Information\_restore{0264F20B-4F5E-45C5-98E0-1E02CA0E7303}\RP1\A0000009.inf Win32/PSW.OnLineGames.NNU trojan





all the thinks you asked for
1.virustotal report
2.dds
3.eset report
4.combofix log(but you werent satisfied)

so please write the script again or check it for any mistakes
__________________
team work is essential it gives them other people to shoot at
Last edited by darklord_v; 10-21-2009 at 03:54 AM.
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 07:16 AM   #23 (permalink)
Visiting Teacher/Analyst, Security Team
 
Blade81's Avatar
 
Join Date: Jun 2008
Location: Finland
Posts: 758
OS: Win XP, Vista 32-bit, Win7 64-bit


Re: trojan program packed win32 tdss.z
Hi,

Make sure that both ComboFix and its script file are on your desktop. Then click start, run->write cmd.exe and press enter. Command prompt window should open up.

Write following command in command prompt window:
Code:
"c:\documents and settings\(hu\Desktop\ComboFix.exe" "c:\documents and settings\(hu\Desktop\CFScript.txt"
Let ComboFix update itself if asked for permission. Post back the resultant log.
__________________

Microsoft MVP Consumer Security 2008 2009
ASAP & UNITE member since 2006
Blade81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 09:13 AM   #24 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
ok here is what i did
ran command prompt
typed d:
then wrote"c:\documents and settings\(hu\desktop\ComboFix.exe" "c:\documents and settings\(hu\desktop\CFScript.txt"

it ran combofix alright but wasnt asked for submitting any samples as you stated and here is the log



ComboFix 09-10-20.03 - (hu 10/21/2009 20:59.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.553 [GMT 5:00]
Running from: c:\documents and settings\(hu\desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 12:46 . 2009-10-21 12:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-21 12:46 . 2009-10-21 12:46 -------- d-----w- c:\documents and settings\(hu\Application Data\SystemRequirementsLab
2009-10-21 12:45 . 2009-10-21 12:45 -------- d-----w- c:\windows\Sun
2009-10-21 12:42 . 2009-10-21 12:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-21 12:41 . 2009-10-21 12:41 -------- d-----w- c:\program files\Java
2009-10-21 08:07 . 2009-10-21 08:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-21 08:07 . 2009-10-21 08:07 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-21 06:39 . 2009-10-21 06:39 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-20 15:18 . 2009-10-20 15:18 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-20 15:16 . 2009-10-20 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-20 13:08 . 2009-10-20 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-20 13:08 . 2009-10-20 13:08 -------- d-----w- c:\program files\NOS
2009-10-20 05:58 . 2009-10-20 05:58 -------- d-----w- c:\program files\WIDCOMM
2009-10-20 05:58 . 2009-10-20 05:58 -------- d-----w- C:\SWSetup
2009-10-19 21:36 . 2009-10-21 06:39 -------- d-----w- c:\documents and settings\(hu\Tracing
2009-10-19 21:34 . 2009-10-19 21:36 -------- d-----w- c:\program files\Microsoft
2009-10-19 21:34 . 2009-10-19 21:34 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-19 21:33 . 2009-10-19 21:36 -------- d-----w- c:\program files\Windows Live
2009-10-19 21:31 . 2009-10-19 21:31 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-19 21:28 . 2009-10-19 21:28 -------- d-----w- c:\documents and settings\(hu\Contacts
2009-10-19 11:57 . 2005-05-02 16:15 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys
2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\(hu\Application Data\Malwarebytes
2009-10-18 09:53 . 2009-09-10 09:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 09:53 . 2009-09-10 09:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 10:26 . 2009-10-21 13:02 -------- d-----w- c:\documents and settings\(hu\Application Data\vlc
2009-10-17 10:25 . 2009-10-17 10:25 -------- d-----w- c:\program files\VideoLAN
2009-10-15 11:04 . 2009-10-15 11:04 -------- d-----w- c:\program files\Trend Micro
2009-10-15 09:09 . 2009-10-15 13:52 -------- d-----w- c:\program files\MagicISO
2009-10-15 08:45 . 2009-10-15 08:45 7168 ----a-w- c:\windows\system32\drivers\utmyntaz.sys
2009-10-14 19:51 . 2009-10-14 19:51 -------- d-----w- c:\program files\Seagate
2009-10-14 13:38 . 2009-10-14 13:54 -------- d-----w- c:\windows\BDOSCAN8
2009-10-13 09:41 . 2009-10-13 09:41 -------- d-----w- c:\program files\ESET
2009-10-12 18:19 . 2009-10-12 18:19 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-12 18:15 . 2009-10-12 18:15 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-12 18:14 . 2009-10-12 18:14 -------- d-----w- c:\program files\MSECACHE
2009-10-11 15:19 . 2009-10-11 15:19 -------- d--h--w- c:\windows\PIF
2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-10-11 13:38 . 2009-08-28 06:30 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-10-11 13:38 . 2009-08-28 06:30 2116008 ----a-w- c:\windows\system32\Incinerator.dll
2009-10-11 13:38 . 2006-07-24 13:51 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2009-10-11 13:38 . 2009-08-26 10:42 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-10-11 13:38 . 2009-08-26 10:42 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\program files\iolo
2009-10-11 13:27 . 2009-10-11 13:27 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-10-11 12:49 . 2009-10-15 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-10-11 12:49 . 2009-10-15 08:16 -------- d-----w- c:\documents and settings\(hu\Application Data\iolo
2009-10-10 13:58 . 2008-07-08 09:54 148496 ----a-w- c:\windows\system32\drivers\54146997.sys
2009-10-09 18:57 . 2009-10-10 16:05 -------- d-----w- c:\program files\vghd
2009-10-09 18:57 . 2009-10-09 18:57 152904 ----a-w- c:\windows\system32\vghd.scr
2009-10-09 18:23 . 2009-10-09 18:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 17:42 . 2009-10-21 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-04 20:40 . 2009-10-04 20:40 -------- d-----w- c:\documents and settings\(hu\Local Settings\Application Data\PCHealth
2009-10-03 14:54 . 2009-10-03 14:54 -------- d-----w- c:\documents and settings\(hu\Application Data\WordWeb
2009-10-03 14:12 . 2009-10-11 17:10 -------- d-----w- c:\program files\WordWeb
2009-10-03 14:12 . 2008-10-18 09:08 1050296 ------w- c:\windows\wweb32.dll
2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-09-27 16:20 . 2009-10-14 12:30 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-27 16:16 . 2009-09-27 11:12 7655872 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2009-09-27 16:16 . 2009-09-27 11:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:27 . 2009-10-20 08:55 -------- d-----w- c:\program files\Driver Sweeper
2009-09-27 13:20 . 2009-09-27 13:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 13:20 . 2009-09-27 13:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 13:19 . 2009-09-27 13:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 13:19 . 2009-09-27 13:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 13:19 . 2009-09-27 13:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 13:19 . 2009-09-27 13:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 13:19 . 2009-09-27 13:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 13:19 . 2009-09-27 13:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 13:19 . 2009-09-27 13:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 13:19 . 2009-09-27 13:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 13:19 . 2009-09-27 13:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 13:19 . 2009-09-27 13:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 13:19 . 2009-09-27 13:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 11:12 . 2009-09-27 11:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 11:12 . 2009-09-27 11:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 11:12 . 2009-09-27 11:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 11:12 . 2009-09-27 11:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 11:12 . 2009-09-27 11:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 11:12 . 2009-09-27 11:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-24 16:29 . 2009-09-24 16:29 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-24 16:29 . 2008-11-12 11:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-24 16:29 . 2009-09-24 16:29 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-24 16:29 . 2009-09-24 16:29 -------- d-----w- c:\documents and settings\(hu\Application Data\TuneUp Software
2009-09-24 16:28 . 2009-09-24 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-24 16:28 . 2009-10-09 17:36 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-24 16:27 . 2009-09-24 16:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-24 14:18 . 2009-09-24 14:18 -------- d-----w- c:\program files\YourWare Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 16:02 . 2009-08-18 07:56 49442848 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-21 15:44 . 2009-08-18 07:56 575792 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-21 15:44 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\DMCache
2009-10-21 14:35 . 2009-08-12 22:05 -------- d-----w- c:\program files\SpeedFan
2009-10-20 15:19 . 2009-08-12 21:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-16 13:58 . 2009-08-17 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-14 19:50 . 2009-08-12 21:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-13 10:41 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\IDM
2009-10-12 16:19 . 2009-08-12 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-10-11 18:58 . 2009-08-12 21:44 -------- d-----w- c:\program files\EVGA Precision
2009-10-11 13:56 . 2009-08-12 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-05 08:38 . 2009-09-02 14:05 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-30 14:08 . 2009-09-15 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-27 11:12 . 2009-08-12 21:25 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-25 05:37 . 2004-08-03 22:56 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-24 16:40 . 2009-08-12 21:53 69232 ----a-w- c:\documents and settings\(hu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 15:33 . 2009-09-21 15:33 -------- d-----w- c:\program files\Real
2009-09-21 15:33 . 2009-08-12 21:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-21 07:15 . 2009-09-21 07:15 3230 ----a-w- c:\windows\system32\72.scr
2009-09-16 18:50 . 2009-09-16 18:50 537 ----a-w- c:\windows\eReg.dat
2009-09-15 17:11 . 2009-09-15 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-12 07:24 . 2009-09-12 07:24 -------- d-----w- c:\program files\RivaTuner v2.24
2009-09-12 06:58 . 2009-09-12 06:58 -------- d-----w- c:\program files\oZone3D
2009-09-11 14:18 . 2004-08-03 22:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 12:24 . 2009-09-02 14:05 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-11 12:24 . 2009-09-02 14:05 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-11 11:52 . 2009-09-11 11:52 -------- d-----w- c:\documents and settings\(hu\Application Data\Leadertech
2009-09-10 17:01 . 2009-09-10 17:01 -------- d-----w- c:\program files\ffdshow
2009-09-10 16:27 . 2009-09-10 16:25 -------- d-----w- c:\program files\Internet Download Manager
2009-09-10 16:18 . 2009-08-12 21:34 -------- d-----w- c:\program files\Realtek
2009-09-07 17:18 . 2009-09-07 17:18 0 ----a-w- c:\windows\nsreg.dat
2009-09-04 21:03 . 2004-08-03 22:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 19:10 . 2009-09-03 19:10 -------- d-----w- c:\program files\HD Tune
2009-09-02 14:05 . 2009-09-02 14:05 22328 ----a-w- c:\documents and settings\(hu\Application Data\PnkBstrK.sys
2009-09-02 14:05 . 2009-09-02 14:05 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-28 14:22 . 2009-08-28 14:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-26 08:00 . 2004-08-03 22:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 20:56 . 2009-08-22 20:56 -------- d-----w- c:\program files\directx
2009-08-18 19:17 . 2009-08-12 21:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-16 07:57 . 2009-08-16 07:57 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-16 07:57 . 2009-08-16 07:57 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-14 08:36 . 2009-08-14 08:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-12 21:22 . 2009-08-12 21:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-12 20:34 . 2009-08-12 20:34 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-12 20:26 . 2009-08-12 20:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-06 14:24 . 2009-08-12 20:27 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 14:24 . 2009-08-12 20:27 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 14:24 . 2009-08-12 20:27 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 14:24 . 2008-10-16 09:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 14:24 . 2009-08-12 20:27 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 14:24 . 2004-08-03 22:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 14:23 . 2009-08-12 20:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 14:23 . 2009-09-11 16:35 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 14:23 . 2009-08-12 20:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 14:23 . 2008-10-16 09:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-03 22:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-03 21:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 11:44 . 2009-07-26 11:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-20_12.48.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-21 15:46 . 2009-10-21 15:46 16384 c:\windows\temp\Perflib_Perfdata_310.dat
+ 2009-08-12 20:39 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2009-08-12 20:39 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-10-13 09:27 . 2009-08-06 14:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-13 09:27 . 2009-08-06 14:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-09-07 22:25 . 2009-10-21 14:33 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-12 20:27 . 2009-08-06 14:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-08-12 20:27 . 2009-08-06 14:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 22:56 . 2009-08-06 14:24 96480 c:\windows\system32\dllcache\cdm.dll
- 2009-08-12 20:33 . 2009-10-18 09:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-12 20:33 . 2009-10-21 06:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-12 20:33 . 2009-10-18 09:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-12 20:33 . 2009-10-21 06:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-21 12:46 . 2009-10-21 12:46 20992 c:\windows\Installer\16d2a3.msi
+ 2009-10-21 12:42 . 2009-10-21 12:41 149280 c:\windows\system32\javaws.exe
+ 2009-10-21 12:42 . 2009-10-21 12:41 145184 c:\windows\system32\javaw.exe
+ 2009-10-21 12:42 . 2009-10-21 12:41 145184 c:\windows\system32\java.exe
- 2009-10-09 17:42 . 2009-10-09 17:42 296976 c:\windows\system32\drivers\klif.sys
+ 2009-10-20 15:18 . 2009-10-20 15:18 296976 c:\windows\system32\drivers\klif.sys
+ 2009-08-12 20:27 . 2009-08-06 14:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-08-12 20:27 . 2009-08-06 14:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-08-12 20:27 . 2009-08-06 14:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-10-21 12:41 . 2009-10-21 12:41 537600 c:\windows\Installer\16d29b.msi
+ 2009-08-12 20:27 . 2009-08-06 14:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-10-20 15:19 . 2009-10-20 15:19 3360256 c:\windows\Installer\6de7e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-12-22 240656]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-21 149280]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-20 18670592]

c:\documents and settings\(hu\Start Menu\Programs\Startup\
AntiPoisoner.lnk - c:\program files\AntiPoisoner\AntiPoisoner.exe [2008-5-24 203929]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ywatnkso]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"PnkBstrA"=2 (0x2)
"idsvc"=3 (0x3)
"PnkBstrB"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\waw\\CoDWaWmp.exe"=
"f:\\waw\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7487:TCP"= 7487:TCP:uqticun
"8080:TCP"= 8080:TCP:PORT

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 is-5I5B7drv;is-5I5B7drv;c:\windows\system32\drivers\54146997.sys [10/10/2009 6:58 PM 148496]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/24/2009 9:29 PM 603904]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S0 nskjyr;nskjyr;c:\windows\system32\drivers\rlusog.sys --> c:\windows\system32\drivers\rlusog.sys [?]
S2 flxapffh;USB Mass Storage Monitor; [x]
S2 jugbany;Config Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336]
S2 lpxiqjpb;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336]
S2 xiiliq;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 3:56 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/13/2009 2:34 AM 1684736]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 3:56 AM 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
flxapffh
UxTuneUp
jugbany
xiiliq
lpxiqjpb
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 11:28]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.mydreamworld.50webs.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\(hu\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 21:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jugbany]

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lpxiqjpb]

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xiiliq]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1644491937-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7f,55,9f,1c,de,f7,35,37,ea,07,59,f3,4f,89,24,a0,13,e5,bd,21,a0,
a6,bc,9a,39,c1,5c,e3,09,dc,c6,e8,c6,7d,c8,b7,30,ec,84,42,2f,72,23,4a,10,1f,\
"rkeysecu"=hex:4a,d0,ef,33,71,c7,06,34,d5,a4,95,55,4b,f8,b8,cf
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\hnetcfg.dll
.
Completion time: 2009-10-21 21:04
ComboFix-quarantined-files.txt 2009-10-21 16:04
ComboFix2.txt 2009-10-21 15:51
ComboFix3.txt 2009-10-13 09:35
ComboFix4.txt 2009-10-13 09:29
ComboFix5.txt 2009-10-21 15:59

Pre-Run: 3,307,749,376 bytes free
Post-Run: 3,295,559,680 bytes free

- - End Of File - - 5609E063AE1DC525FF509A38B68979E6
__________________
team work is essential it gives them other people to shoot at
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 09:14 AM   #25 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
what am i doing wrong here?i feel kinda stupid not able to run a program
__________________
team work is essential it gives them other people to shoot at
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 09:39 AM   #26 (permalink)
Visiting Teacher/Analyst, Security Team
 
Blade81's Avatar
 
Join Date: Jun 2008
Location: Finland
Posts: 758
OS: Win XP, Vista 32-bit, Win7 64-bit


Re: trojan program packed win32 tdss.z
Hi,

Try to move ComboFix.exe & CFScript.txt file to root of your c: drive (c:\). Not sure but bolded character in your username may be reason why the script didn't execute

c:\documents and settings\(hu\desktop
__________________

Microsoft MVP Consumer Security 2008 2009
ASAP & UNITE member since 2006
Blade81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 09:45 AM   #27 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
ok... i'll try this ASAp
__________________
team work is essential it gives them other people to shoot at
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 10:01 AM   #28 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
here is the resultant log after moving both the things to c:



ComboFix 09-10-20.03 - (hu 10/21/2009 21:47.8.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.564 [GMT 5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

file zipped: c:\windows\system32\drivers\utmyntaz.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\utmyntaz.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FLXAPFFH
-------\Legacy_JUGBANY
-------\Legacy_LPXIQJPB
-------\Legacy_NSKJYR
-------\Legacy_XIILIQ
-------\Service_flxapffh
-------\Service_jugbany
-------\Service_lpxiqjpb
-------\Service_nskjyr
-------\Service_xiiliq


((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 12:46 . 2009-10-21 12:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-21 12:46 . 2009-10-21 12:46 -------- d-----w- c:\documents and settings\(hu\Application Data\SystemRequirementsLab
2009-10-21 12:45 . 2009-10-21 12:45 -------- d-----w- c:\windows\Sun
2009-10-21 12:42 . 2009-10-21 12:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-21 12:41 . 2009-10-21 12:41 -------- d-----w- c:\program files\Java
2009-10-21 08:07 . 2009-10-21 08:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-21 08:07 . 2009-10-21 08:07 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-21 06:39 . 2009-10-21 06:39 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-20 15:18 . 2009-10-20 15:18 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-20 15:16 . 2009-10-20 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-20 13:08 . 2009-10-20 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-20 13:08 . 2009-10-20 13:08 -------- d-----w- c:\program files\NOS
2009-10-20 05:58 . 2009-10-20 05:58 -------- d-----w- c:\program files\WIDCOMM
2009-10-20 05:58 . 2009-10-20 05:58 -------- d-----w- C:\SWSetup
2009-10-19 21:36 . 2009-10-21 06:39 -------- d-----w- c:\documents and settings\(hu\Tracing
2009-10-19 21:34 . 2009-10-19 21:36 -------- d-----w- c:\program files\Microsoft
2009-10-19 21:34 . 2009-10-19 21:34 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-19 21:33 . 2009-10-19 21:36 -------- d-----w- c:\program files\Windows Live
2009-10-19 21:31 . 2009-10-19 21:31 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-19 21:28 . 2009-10-19 21:28 -------- d-----w- c:\documents and settings\(hu\Contacts
2009-10-19 11:57 . 2005-05-02 16:15 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys
2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\(hu\Application Data\Malwarebytes
2009-10-18 09:53 . 2009-09-10 09:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 09:53 . 2009-09-10 09:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 10:26 . 2009-10-21 13:02 -------- d-----w- c:\documents and settings\(hu\Application Data\vlc
2009-10-17 10:25 . 2009-10-17 10:25 -------- d-----w- c:\program files\VideoLAN
2009-10-15 11:04 . 2009-10-15 11:04 -------- d-----w- c:\program files\Trend Micro
2009-10-15 09:09 . 2009-10-15 13:52 -------- d-----w- c:\program files\MagicISO
2009-10-14 19:51 . 2009-10-14 19:51 -------- d-----w- c:\program files\Seagate
2009-10-14 13:38 . 2009-10-14 13:54 -------- d-----w- c:\windows\BDOSCAN8
2009-10-13 09:41 . 2009-10-13 09:41 -------- d-----w- c:\program files\ESET
2009-10-12 18:19 . 2009-10-12 18:19 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-12 18:15 . 2009-10-12 18:15 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-12 18:14 . 2009-10-12 18:14 -------- d-----w- c:\program files\MSECACHE
2009-10-11 15:19 . 2009-10-11 15:19 -------- d--h--w- c:\windows\PIF
2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-10-11 13:38 . 2009-08-28 06:30 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-10-11 13:38 . 2009-08-28 06:30 2116008 ----a-w- c:\windows\system32\Incinerator.dll
2009-10-11 13:38 . 2006-07-24 13:51 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2009-10-11 13:38 . 2009-08-26 10:42 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-10-11 13:38 . 2009-08-26 10:42 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\program files\iolo
2009-10-11 13:27 . 2009-10-11 13:27 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-10-11 12:49 . 2009-10-15 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-10-11 12:49 . 2009-10-15 08:16 -------- d-----w- c:\documents and settings\(hu\Application Data\iolo
2009-10-10 13:58 . 2008-07-08 09:54 148496 ----a-w- c:\windows\system32\drivers\54146997.sys
2009-10-09 18:57 . 2009-10-10 16:05 -------- d-----w- c:\program files\vghd
2009-10-09 18:57 . 2009-10-09 18:57 152904 ----a-w- c:\windows\system32\vghd.scr
2009-10-09 18:23 . 2009-10-09 18:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 17:42 . 2009-10-21 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-07 15:34 . 2009-10-21 15:36 3351153 ----a-r- C:\ComboFix.exe
2009-10-04 20:40 . 2009-10-04 20:40 -------- d-----w- c:\documents and settings\(hu\Local Settings\Application Data\PCHealth
2009-10-03 14:54 . 2009-10-03 14:54 -------- d-----w- c:\documents and settings\(hu\Application Data\WordWeb
2009-10-03 14:12 . 2009-10-11 17:10 -------- d-----w- c:\program files\WordWeb
2009-10-03 14:12 . 2008-10-18 09:08 1050296 ------w- c:\windows\wweb32.dll
2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-09-27 16:20 . 2009-10-14 12:30 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-27 16:16 . 2009-09-27 11:12 7655872 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2009-09-27 16:16 . 2009-09-27 11:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:27 . 2009-10-20 08:55 -------- d-----w- c:\program files\Driver Sweeper
2009-09-27 13:20 . 2009-09-27 13:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 13:20 . 2009-09-27 13:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 13:19 . 2009-09-27 13:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 13:19 . 2009-09-27 13:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 13:19 . 2009-09-27 13:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 13:19 . 2009-09-27 13:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 13:19 . 2009-09-27 13:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 13:19 . 2009-09-27 13:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 13:19 . 2009-09-27 13:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 13:19 . 2009-09-27 13:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 13:19 . 2009-09-27 13:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 13:19 . 2009-09-27 13:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 13:19 . 2009-09-27 13:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 11:12 . 2009-09-27 11:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 11:12 . 2009-09-27 11:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 11:12 . 2009-09-27 11:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 11:12 . 2009-09-27 11:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 11:12 . 2009-09-27 11:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 11:12 . 2009-09-27 11:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-24 16:29 . 2009-09-24 16:29 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-24 16:29 . 2008-11-12 11:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-24 16:29 . 2009-09-24 16:29 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-24 16:29 . 2009-09-24 16:29 -------- d-----w- c:\documents and settings\(hu\Application Data\TuneUp Software
2009-09-24 16:28 . 2009-09-24 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-24 16:28 . 2009-10-09 17:36 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-24 16:27 . 2009-09-24 16:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-24 14:18 . 2009-09-24 14:18 -------- d-----w- c:\program files\YourWare Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 16:54 . 2009-08-18 07:56 50296864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-21 16:52 . 2009-08-18 07:56 592976 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-21 15:44 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\DMCache
2009-10-21 14:35 . 2009-08-12 22:05 -------- d-----w- c:\program files\SpeedFan
2009-10-20 15:19 . 2009-08-12 21:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-16 13:58 . 2009-08-17 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-14 19:50 . 2009-08-12 21:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-13 10:41 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\IDM
2009-10-12 16:19 . 2009-08-12 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-10-11 18:58 . 2009-08-12 21:44 -------- d-----w- c:\program files\EVGA Precision
2009-10-11 13:56 . 2009-08-12 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-05 08:38 . 2009-09-02 14:05 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-30 14:08 . 2009-09-15 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-27 11:12 . 2009-08-12 21:25 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-25 05:37 . 2004-08-03 22:56 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-24 16:40 . 2009-08-12 21:53 69232 ----a-w- c:\documents and settings\(hu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 15:33 . 2009-09-21 15:33 -------- d-----w- c:\program files\Real
2009-09-21 15:33 . 2009-08-12 21:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-21 07:15 . 2009-09-21 07:15 3230 ----a-w- c:\windows\system32\72.scr
2009-09-16 18:50 . 2009-09-16 18:50 537 ----a-w- c:\windows\eReg.dat
2009-09-15 17:11 . 2009-09-15 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-12 07:24 . 2009-09-12 07:24 -------- d-----w- c:\program files\RivaTuner v2.24
2009-09-12 06:58 . 2009-09-12 06:58 -------- d-----w- c:\program files\oZone3D
2009-09-11 14:18 . 2004-08-03 22:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 12:24 . 2009-09-02 14:05 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-11 12:24 . 2009-09-02 14:05 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-11 11:52 . 2009-09-11 11:52 -------- d-----w- c:\documents and settings\(hu\Application Data\Leadertech
2009-09-10 17:01 . 2009-09-10 17:01 -------- d-----w- c:\program files\ffdshow
2009-09-10 16:27 . 2009-09-10 16:25 -------- d-----w- c:\program files\Internet Download Manager
2009-09-10 16:18 . 2009-08-12 21:34 -------- d-----w- c:\program files\Realtek
2009-09-07 17:18 . 2009-09-07 17:18 0 ----a-w- c:\windows\nsreg.dat
2009-09-04 21:03 . 2004-08-03 22:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 19:10 . 2009-09-03 19:10 -------- d-----w- c:\program files\HD Tune
2009-09-02 14:05 . 2009-09-02 14:05 22328 ----a-w- c:\documents and settings\(hu\Application Data\PnkBstrK.sys
2009-09-02 14:05 . 2009-09-02 14:05 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-28 14:22 . 2009-08-28 14:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-26 08:00 . 2004-08-03 22:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 20:56 . 2009-08-22 20:56 -------- d-----w- c:\program files\directx
2009-08-18 19:17 . 2009-08-12 21:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-16 07:57 . 2009-08-16 07:57 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-16 07:57 . 2009-08-16 07:57 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-14 08:36 . 2009-08-14 08:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-12 21:22 . 2009-08-12 21:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-12 20:34 . 2009-08-12 20:34 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-12 20:26 . 2009-08-12 20:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-06 14:24 . 2009-08-12 20:27 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 14:24 . 2009-08-12 20:27 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 14:24 . 2009-08-12 20:27 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 14:24 . 2008-10-16 09:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 14:24 . 2009-08-12 20:27 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 14:24 . 2004-08-03 22:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 14:23 . 2009-08-12 20:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 14:23 . 2009-09-11 16:35 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 14:23 . 2009-08-12 20:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 14:23 . 2008-10-16 09:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-03 22:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-03 21:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 11:44 . 2009-07-26 11:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-20_12.48.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-21 16:53 . 2009-10-21 16:53 16384 c:\windows\temp\Perflib_Perfdata_5d0.dat
+ 2009-10-21 16:53 . 2009-10-21 16:53 16384 c:\windows\temp\Perflib_Perfdata_2d0.dat
- 2009-08-12 20:39 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-08-12 20:39 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2009-10-13 09:27 . 2009-08-06 14:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-13 09:27 . 2009-08-06 14:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-09-07 22:25 . 2009-10-21 14:33 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-12 20:27 . 2009-08-06 14:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-08-12 20:27 . 2009-08-06 14:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 22:56 . 2009-08-06 14:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-08-12 20:33 . 2009-10-21 06:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-12 20:33 . 2009-10-18 09:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-12 20:33 . 2009-10-18 09:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-12 20:33 . 2009-10-21 06:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-21 12:46 . 2009-10-21 12:46 20992 c:\windows\Installer\16d2a3.msi
+ 2009-10-21 12:42 . 2009-10-21 12:41 149280 c:\windows\system32\javaws.exe
+ 2009-10-21 12:42 . 2009-10-21 12:41 145184 c:\windows\system32\javaw.exe
+ 2009-10-21 12:42 . 2009-10-21 12:41 145184 c:\windows\system32\java.exe
+ 2009-10-20 15:18 . 2009-10-20 15:18 296976 c:\windows\system32\drivers\klif.sys
- 2009-10-09 17:42 . 2009-10-09 17:42 296976 c:\windows\system32\drivers\klif.sys
+ 2009-08-12 20:27 . 2009-08-06 14:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-08-12 20:27 . 2009-08-06 14:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-08-12 20:27 . 2009-08-06 14:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-10-21 12:41 . 2009-10-21 12:41 537600 c:\windows\Installer\16d29b.msi
+ 2009-08-12 20:27 . 2009-08-06 14:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-10-20 15:19 . 2009-10-20 15:19 3360256 c:\windows\Installer\6de7e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-12-22 240656]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-21 149280]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-20 18670592]

c:\documents and settings\(hu\Start Menu\Programs\Startup\
AntiPoisoner.lnk - c:\program files\AntiPoisoner\AntiPoisoner.exe [2008-5-24 203929]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ywatnkso]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"PnkBstrA"=2 (0x2)
"idsvc"=3 (0x3)
"PnkBstrB"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\waw\\CoDWaWmp.exe"=
"f:\\waw\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 is-5I5B7drv;is-5I5B7drv;c:\windows\system32\drivers\54146997.sys [10/10/2009 6:58 PM 148496]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/24/2009 9:29 PM 603904]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/13/2009 2:34 AM 1684736]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 3:56 AM 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 11:28]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\(hu\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 21:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1644491937-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7f,55,9f,1c,de,f7,35,37,ea,07,59,f3,4f,89,24,a0,13,e5,bd,21,a0,
a6,bc,9a,39,c1,5c,e3,09,dc,c6,e8,c6,7d,c8,b7,30,ec,84,42,2f,72,23,4a,10,1f,\
"rkeysecu"=hex:4a,d0,ef,33,71,c7,06,34,d5,a4,95,55,4b,f8,b8,cf
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2548)
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\combofix\CF26172.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 21:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 16:57
ComboFix2.txt 2009-10-21 16:04
ComboFix3.txt 2009-10-21 15:51
ComboFix4.txt 2009-10-13 09:35
ComboFix5.txt 2009-10-21 16:46

Pre-Run: 3,292,389,376 bytes free
Post-Run: 3,258,187,776 bytes free

- - End Of File - - AD01AE9C9C26D702E6F99ACB48529B

P.S:it didn't ask for any sample submission still
__________________
team work is essential it gives them other people to shoot at
Last edited by darklord_v; 10-21-2009 at 10:03 AM.
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 10:33 AM   #29 (permalink)
Visiting Teacher/Analyst, Security Team
 
Blade81's Avatar
 
Join Date: Jun 2008
Location: Finland
Posts: 758
OS: Win XP, Vista 32-bit, Win7 64-bit


Re: trojan program packed win32 tdss.z
Hi,

Look for zip file which name begins as [4]-Submit in c:\qoobox\quarantine folder.

Upload it here if found. Kindly include a link to this topic in the message.


Create new ComboFix script with following contents:

Code:
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ywatnkso]
Run ComboFix with it and post the resultant log & a fresh dds log. Let me know if there're still infection alerts.
__________________

Microsoft MVP Consumer Security 2008 2009
ASAP & UNITE member since 2006
Blade81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 11:30 AM   #30 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
well i uploaded the file you requested..
here is the combofix log

ComboFix 09-10-20.03 - (hu 10/21/2009 23:15.9.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.671 [GMT 5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 12:46 . 2009-10-21 12:46 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-21 12:46 . 2009-10-21 12:46 -------- d-----w- c:\documents and settings\(hu\Application Data\SystemRequirementsLab
2009-10-21 12:45 . 2009-10-21 12:45 -------- d-----w- c:\windows\Sun
2009-10-21 12:42 . 2009-10-21 12:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-21 12:41 . 2009-10-21 12:41 -------- d-----w- c:\program files\Java
2009-10-21 08:07 . 2009-10-21 08:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-21 08:07 . 2009-10-21 08:07 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-21 06:39 . 2009-10-21 06:39 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-20 15:18 . 2009-10-20 15:18 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-20 15:16 . 2009-10-20 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-20 13:08 . 2009-10-20 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-20 13:08 . 2009-10-20 13:08 -------- d-----w- c:\program files\NOS
2009-10-20 05:58 . 2009-10-20 05:58 -------- d-----w- c:\program files\WIDCOMM
2009-10-20 05:58 . 2009-10-20 05:58 -------- d-----w- C:\SWSetup
2009-10-19 21:36 . 2009-10-21 06:39 -------- d-----w- c:\documents and settings\(hu\Tracing
2009-10-19 21:34 . 2009-10-19 21:36 -------- d-----w- c:\program files\Microsoft
2009-10-19 21:34 . 2009-10-19 21:34 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-19 21:33 . 2009-10-19 21:36 -------- d-----w- c:\program files\Windows Live
2009-10-19 21:31 . 2009-10-19 21:31 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-19 21:28 . 2009-10-19 21:28 -------- d-----w- c:\documents and settings\(hu\Contacts
2009-10-19 11:57 . 2005-05-02 16:15 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys
2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\(hu\Application Data\Malwarebytes
2009-10-18 09:53 . 2009-09-10 09:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 09:53 . 2009-10-18 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-18 09:53 . 2009-09-10 09:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 10:26 . 2009-10-21 13:02 -------- d-----w- c:\documents and settings\(hu\Application Data\vlc
2009-10-17 10:25 . 2009-10-17 10:25 -------- d-----w- c:\program files\VideoLAN
2009-10-15 11:04 . 2009-10-15 11:04 -------- d-----w- c:\program files\Trend Micro
2009-10-15 09:09 . 2009-10-15 13:52 -------- d-----w- c:\program files\MagicISO
2009-10-14 19:51 . 2009-10-14 19:51 -------- d-----w- c:\program files\Seagate
2009-10-14 13:38 . 2009-10-14 13:54 -------- d-----w- c:\windows\BDOSCAN8
2009-10-13 09:41 . 2009-10-13 09:41 -------- d-----w- c:\program files\ESET
2009-10-12 18:19 . 2009-10-12 18:19 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-12 18:15 . 2009-10-12 18:15 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-12 18:14 . 2009-10-12 18:14 -------- d-----w- c:\program files\MSECACHE
2009-10-11 15:19 . 2009-10-11 15:19 -------- d--h--w- c:\windows\PIF
2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-10-11 13:38 . 2009-08-28 06:30 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-10-11 13:38 . 2009-08-28 06:30 2116008 ----a-w- c:\windows\system32\Incinerator.dll
2009-10-11 13:38 . 2006-07-24 13:51 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
2009-10-11 13:38 . 2009-08-26 10:42 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-10-11 13:38 . 2009-08-26 10:42 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-10-11 13:38 . 2009-10-11 13:38 -------- d-----w- c:\program files\iolo
2009-10-11 13:27 . 2009-10-11 13:27 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-10-11 12:49 . 2009-10-15 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-10-11 12:49 . 2009-10-15 08:16 -------- d-----w- c:\documents and settings\(hu\Application Data\iolo
2009-10-10 13:58 . 2008-07-08 09:54 148496 ----a-w- c:\windows\system32\drivers\54146997.sys
2009-10-09 18:57 . 2009-10-10 16:05 -------- d-----w- c:\program files\vghd
2009-10-09 18:57 . 2009-10-09 18:57 152904 ----a-w- c:\windows\system32\vghd.scr
2009-10-09 18:23 . 2009-10-09 18:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 17:42 . 2009-10-21 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-07 15:34 . 2009-10-21 15:36 3351153 ----a-r- C:\ComboFix.exe
2009-10-04 20:40 . 2009-10-04 20:40 -------- d-----w- c:\documents and settings\(hu\Local Settings\Application Data\PCHealth
2009-10-03 14:54 . 2009-10-03 14:54 -------- d-----w- c:\documents and settings\(hu\Application Data\WordWeb
2009-10-03 14:12 . 2009-10-11 17:10 -------- d-----w- c:\program files\WordWeb
2009-10-03 14:12 . 2008-10-18 09:08 1050296 ------w- c:\windows\wweb32.dll
2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-09-27 16:20 . 2009-10-14 12:30 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-27 16:20 . 2009-09-27 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-27 16:16 . 2009-09-27 11:12 7655872 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2009-09-27 16:16 . 2009-09-27 11:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:27 . 2009-10-20 08:55 -------- d-----w- c:\program files\Driver Sweeper
2009-09-27 13:20 . 2009-09-27 13:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 13:20 . 2009-09-27 13:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 13:19 . 2009-09-27 13:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 13:19 . 2009-09-27 13:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 13:19 . 2009-09-27 13:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 13:19 . 2009-09-27 13:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 13:19 . 2009-09-27 13:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 13:19 . 2009-09-27 13:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 13:19 . 2009-09-27 13:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 13:19 . 2009-09-27 13:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 13:19 . 2009-09-27 13:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 13:19 . 2009-09-27 13:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 13:19 . 2009-09-27 13:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 11:12 . 2009-09-27 11:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 11:12 . 2009-09-27 11:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 11:12 . 2009-09-27 11:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 11:12 . 2009-09-27 11:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 11:12 . 2009-09-27 11:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 11:12 . 2009-09-27 11:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 11:12 . 2009-09-27 11:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-24 16:29 . 2009-09-24 16:29 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-24 16:29 . 2008-11-12 11:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-24 16:29 . 2009-09-24 16:29 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-24 16:29 . 2009-09-24 16:29 -------- d-----w- c:\documents and settings\(hu\Application Data\TuneUp Software
2009-09-24 16:28 . 2009-09-24 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-09-24 16:28 . 2009-10-09 17:36 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-24 16:27 . 2009-09-24 16:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-24 14:18 . 2009-09-24 14:18 -------- d-----w- c:\program files\YourWare Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 18:20 . 2009-08-18 07:56 50767904 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-21 18:18 . 2009-08-18 07:56 598640 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-21 15:44 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\DMCache
2009-10-21 14:35 . 2009-08-12 22:05 -------- d-----w- c:\program files\SpeedFan
2009-10-20 15:19 . 2009-08-12 21:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-16 13:58 . 2009-08-17 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-14 19:50 . 2009-08-12 21:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-13 10:41 . 2009-09-10 16:25 -------- d-----w- c:\documents and settings\(hu\Application Data\IDM
2009-10-12 16:19 . 2009-08-12 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-10-11 18:58 . 2009-08-12 21:44 -------- d-----w- c:\program files\EVGA Precision
2009-10-11 13:56 . 2009-08-12 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-05 08:38 . 2009-09-02 14:05 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-30 14:08 . 2009-09-15 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-27 11:12 . 2009-08-12 21:25 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-25 05:37 . 2004-08-03 22:56 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-24 16:40 . 2009-08-12 21:53 69232 ----a-w- c:\documents and settings\(hu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 15:33 . 2009-09-21 15:33 -------- d-----w- c:\program files\Real
2009-09-21 15:33 . 2009-08-12 21:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-21 07:15 . 2009-09-21 07:15 3230 ----a-w- c:\windows\system32\72.scr
2009-09-16 18:50 . 2009-09-16 18:50 537 ----a-w- c:\windows\eReg.dat
2009-09-15 17:11 . 2009-09-15 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-12 07:24 . 2009-09-12 07:24 -------- d-----w- c:\program files\RivaTuner v2.24
2009-09-12 06:58 . 2009-09-12 06:58 -------- d-----w- c:\program files\oZone3D
2009-09-11 14:18 . 2004-08-03 22:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 12:24 . 2009-09-02 14:05 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-11 12:24 . 2009-09-02 14:05 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-11 11:52 . 2009-09-11 11:52 -------- d-----w- c:\documents and settings\(hu\Application Data\Leadertech
2009-09-10 17:01 . 2009-09-10 17:01 -------- d-----w- c:\program files\ffdshow
2009-09-10 16:27 . 2009-09-10 16:25 -------- d-----w- c:\program files\Internet Download Manager
2009-09-10 16:18 . 2009-08-12 21:34 -------- d-----w- c:\program files\Realtek
2009-09-07 17:18 . 2009-09-07 17:18 0 ----a-w- c:\windows\nsreg.dat
2009-09-04 21:03 . 2004-08-03 22:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 19:10 . 2009-09-03 19:10 -------- d-----w- c:\program files\HD Tune
2009-09-02 14:05 . 2009-09-02 14:05 22328 ----a-w- c:\documents and settings\(hu\Application Data\PnkBstrK.sys
2009-09-02 14:05 . 2009-09-02 14:05 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-28 14:22 . 2009-08-28 14:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-26 08:00 . 2004-08-03 22:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 20:56 . 2009-08-22 20:56 -------- d-----w- c:\program files\directx
2009-08-18 19:17 . 2009-08-12 21:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-16 07:57 . 2009-08-16 07:57 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-08-16 07:57 . 2009-08-16 07:57 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-08-14 08:36 . 2009-08-14 08:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-12 21:22 . 2009-08-12 21:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-12 20:34 . 2009-08-12 20:34 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-12 20:26 . 2009-08-12 20:26 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-06 14:24 . 2009-08-12 20:27 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 14:24 . 2009-08-12 20:27 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 14:24 . 2009-08-12 20:27 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 14:24 . 2008-10-16 09:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 14:24 . 2009-08-12 20:27 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 14:24 . 2004-08-03 22:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 14:23 . 2009-08-12 20:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 14:23 . 2009-09-11 16:35 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 14:23 . 2009-08-12 20:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 14:23 . 2008-10-16 09:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-03 22:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-03 21:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 11:44 . 2009-07-26 11:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-20_12.48.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-21 18:06 . 2009-10-21 18:06 16384 c:\windows\temp\Perflib_Perfdata_484.dat
+ 2009-10-21 18:19 . 2009-10-21 18:19 16384 c:\windows\temp\Perflib_Perfdata_354.dat
- 2009-08-12 20:39 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-08-12 20:39 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2009-10-13 09:27 . 2009-08-06 14:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-13 09:27 . 2009-08-06 14:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-09-07 22:25 . 2009-10-21 14:33 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-12 20:27 . 2009-08-06 14:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-08-12 20:27 . 2009-08-06 14:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 22:56 . 2009-08-06 14:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-08-12 20:33 . 2009-10-21 06:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-12 20:33 . 2009-10-18 09:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-12 20:33 . 2009-10-18 09:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-12 20:33 . 2009-10-21 06:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-21 12:46 . 2009-10-21 12:46 20992 c:\windows\Installer\16d2a3.msi
+ 2009-10-21 12:42 . 2009-10-21 12:41 149280 c:\windows\system32\javaws.exe
+ 2009-10-21 12:42 . 2009-10-21 12:41 145184 c:\windows\system32\javaw.exe
+ 2009-10-21 12:42 . 2009-10-21 12:41 145184 c:\windows\system32\java.exe
+ 2009-10-20 15:18 . 2009-10-20 15:18 296976 c:\windows\system32\drivers\klif.sys
- 2009-10-09 17:42 . 2009-10-09 17:42 296976 c:\windows\system32\drivers\klif.sys
+ 2009-08-12 20:27 . 2009-08-06 14:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-08-12 20:27 . 2009-08-06 14:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-08-12 20:27 . 2009-08-06 14:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-10-21 12:41 . 2009-10-21 12:41 537600 c:\windows\Installer\16d29b.msi
+ 2009-08-12 20:27 . 2009-08-06 14:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-10-20 15:19 . 2009-10-20 15:19 3360256 c:\windows\Installer\6de7e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-12-22 240656]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-21 149280]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-07-03 303376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-20 18670592]

c:\documents and settings\(hu\Start Menu\Programs\Startup\
AntiPoisoner.lnk - c:\program files\AntiPoisoner\AntiPoisoner.exe [2008-5-24 203929]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"PnkBstrA"=2 (0x2)
"idsvc"=3 (0x3)
"PnkBstrB"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\waw\\CoDWaWmp.exe"=
"f:\\waw\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 is-5I5B7drv;is-5I5B7drv;c:\windows\system32\drivers\54146997.sys [10/10/2009 6:58 PM 148496]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 6:38 PM 615344]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [9/24/2009 9:29 PM 603904]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/13/2009 2:34 AM 1684736]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 3:56 AM 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 11:28]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\(hu\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\(hu\Application Data\Mozilla\Firefox\Profiles\4qrix6ax.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1644491937-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7f,55,9f,1c,de,f7,35,37,ea,07,59,f3,4f,89,24,a0,13,e5,bd,21,a0,
a6,bc,9a,39,c1,5c,e3,09,dc,c6,e8,c6,7d,c8,b7,30,ec,84,42,2f,72,23,4a,10,1f,\
"rkeysecu"=hex:4a,d0,ef,33,71,c7,06,34,d5,a4,95,55,4b,f8,b8,cf
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1364)
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\combofix\CF32469.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 23:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 18:23
ComboFix2.txt 2009-10-21 16:57
ComboFix3.txt 2009-10-21 16:04
ComboFix4.txt 2009-10-21 15:51
ComboFix5.txt 2009-10-21 18:14

Pre-Run: 3,272,806,400 bytes free
Post-Run: 3,239,620,608 bytes free

- - End Of File - - F2E963D6189E6DB5963620E6253CF896


the dds log




DDS (Ver_09-10-13.01) - NTFSx86
Run by (hu at 23:25:56.79 on Wed 10/21/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.587 [GMT 5:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AntiPoisoner\AntiPoisoner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\(hu\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecision.exe" /s
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
StartupFolder: c:\docume~1\(hu\startm~1\programs\startup\antipo~1.lnk - c:\program files\antipoisoner\AntiPoisoner.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252686822328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\(hu\applic~1\mozilla\firefox\profiles\4qrix6ax.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\(hu\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\firefox@kidzui.com\platform\winnt_x86-msvc\components\WinKiosk.dll
FF - component: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\(hu\application data\mozilla\firefox\profiles\4qrix6ax.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 is-5I5B7drv;is-5I5B7drv;c:\windows\system32\drivers\54146997.sys [2009-10-10 148496]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-11 615344]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-10-11 615344]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-24 603904]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-13 1684736]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-21 20:37 236,544 a------- c:\windows\PEV.exe
2009-10-21 20:37 161,792 a------- c:\windows\SWREG.exe
2009-10-21 20:37 98,816 a------- c:\windows\sed.exe
2009-10-21 17:46 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-10-21 17:46 <DIR> --d----- c:\docume~1\(hu\applic~1\SystemRequirementsLab
2009-10-21 17:42 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-21 17:42 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-21 17:40 <DIR> --d----- c:\docume~1\(hu\applic~1\Sun
2009-10-21 13:07 108,059 a------- c:\windows\system32\drivers\klin.dat
2009-10-21 13:07 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-10-21 11:39 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat
2009-10-20 20:18 <DIR> --d----- c:\program files\Kaspersky Lab
2009-10-20 20:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-10-20 10:58 <DIR> --d----- c:\program files\WIDCOMM
2009-10-20 10:58 <DIR> --d----- C:\SWSetup
2009-10-20 04:32 <DIR> --d-hr-- c:\documents and settings\(hu\Recent
2009-10-20 02:36 <DIR> --d----- c:\documents and settings\(hu\Tracing
2009-10-20 02:34 <DIR> --d----- c:\program files\Microsoft
2009-10-20 02:34 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-10-20 02:31 <DIR> --d----- c:\program files\common files\Windows Live
2009-10-20 02:28 <DIR> --d----- c:\documents and settings\(hu\Contacts
2009-10-19 16:57 36,484 a------- c:\windows\system32\drivers\SMBios.sys
2009-10-18 14:53 <DIR> --d----- c:\docume~1\(hu\applic~1\Malwarebytes
2009-10-18 14:53 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-18 14:53 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 14:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-17 15:26 <DIR> --d----- c:\docume~1\(hu\applic~1\vlc
2009-10-17 15:25 <DIR> --d----- c:\program files\VideoLAN
2009-10-16 22:53 <DIR> a-dshr-- C:\cmdcons
2009-10-16 18:57 4,625 a------- c:\windows\imsins.BAK
2009-10-15 16:04 <DIR> --d----- c:\program files\Trend Micro
2009-10-15 14:09 <DIR> --d----- c:\program files\MagicISO
2009-10-15 00:51 <DIR> --d----- c:\program files\Seagate
2009-10-13 14:41 <DIR> --d----- c:\program files\ESET
2009-10-12 23:15 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-10-12 23:14 <DIR> --d----- c:\program files\MSECACHE
2009-10-11 22:10 271 a------- c:\windows\SysMech.INI
2009-10-11 20:19 <DIR> --d-h--- c:\windows\PIF
2009-10-11 18:39 406 a------- c:\windows\system32\ioloBootDefrag.cfg
2009-10-11 18:38 2,116,008 a------- c:\windows\system32\Incinerator.dll
2009-10-11 18:38 93,096 a------- c:\windows\system32\IncContxMenu.dll
2009-10-11 18:38 9,341 a------- c:\windows\system32\drivers\filedisk.sys
2009-10-11 18:38 30,208 a------- c:\windows\system32\iolobtdfg.exe
2009-10-11 18:38 12,288 a------- c:\windows\system32\smrgdf.exe
2009-10-11 18:38 <DIR> --d----- c:\program files\iolo
2009-10-11 18:27 74,703 a------- c:\windows\system32\mfc45.dll
2009-10-11 17:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iolo
2009-10-11 17:49 <DIR> --d----- c:\docume~1\(hu\applic~1\iolo
2009-10-10 18:58 148,496 a------- c:\windows\system32\drivers\54146997.sys
2009-10-10 13:08 40,730 a------- c:\windows\wininit.ini
2009-10-09 23:57 152,904 a------- c:\windows\system32\vghd.scr
2009-10-09 23:57 <DIR> --d----- c:\program files\vghd
2009-10-09 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-10-07 20:34 3,351,153 a----r-- C:\ComboFix.exe
2009-10-03 19:54 <DIR> --d----- c:\docume~1\(hu\applic~1\WordWeb
2009-10-03 19:12 <DIR> --d----- c:\program files\WordWeb
2009-10-03 19:12 1,050,296 -------- c:\windows\wweb32.dll
2009-09-27 21:20 <DIR> --d----- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2009-09-27 21:20 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-09-27 21:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-09-27 21:16 7,655,872 ac------ c:\windows\system32\dllcache\nv4_mini.sys
2009-09-27 21:16 7,655,872 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 20:27 <DIR> --d----- c:\program files\Driver Sweeper
2009-09-27 18:20 2,173,544 a------- c:\windows\system32\nvcplui.exe
2009-09-27 18:20 420,456 a------- c:\windows\system32\nvcpl.cpl
2009-09-27 18:20 81,920 a------- c:\windows\system32\nvwddi.dll
2009-09-27 16:12 10,756,096 a------- c:\windows\system32\nvoglnt.dll
2009-09-27 16:12 2,194,024 a------- c:\windows\system32\nvcuvid.dll
2009-09-27 16:12 2,007,040 a------- c:\windows\system32\nvcuda.dll
2009-09-27 16:12 1,714,792 a------- c:\windows\system32\nvcuvenc.dll
2009-09-27 16:12 1,604,482 a------- c:\windows\system32\nvdata.bin
2009-09-27 16:12 888,832 a------- c:\windows\system32\nvapi.dll
2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcodins.dll
2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcod.dll
2009-09-26 05:25 2,707 a------- C:\PerfData{F0C5E3B8-871A-11DE-8043-806D6172696F}.xml
2009-09-25 22:43 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-09-24 21:29 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-09-24 21:29 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-09-24 21:29 362,240 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-24 21:29 <DIR> --d----- c:\docume~1\(hu\applic~1\TuneUp Software
2009-09-24 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-09-24 21:28 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-09-24 21:27 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-24 19:18 <DIR> --d----- c:\program files\YourWare Solutions
2009-09-23 17:48 118 a------- c:\windows\system32\MRT.INI
2009-09-22 05:01 4,820 a------- C:\config.xml

==================== Find3M ====================

2009-10-21 23:26 50,972,704 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-10-21 23:18 598,640 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-10-05 13:38 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-09-27 18:19 3,166,208 a------- c:\windows\system32\nvwss.dll
2009-09-27 18:19 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-09-27 18:19 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-09-27 18:19 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-09-27 18:19 188,416 a------- c:\windows\system32\nvmccss.dll
2009-09-27 18:19 13,918,208 a------- c:\windows\system32\nvcpl.dll
2009-09-27 18:19 4,935,680 a------- c:\windows\system32\nvdisps.dll
2009-09-27 18:19 172,100 a------- c:\windows\system32\nvsvc32.exe
2009-09-27 18:19 143,360 a------- c:\windows\system32\nvcolor.exe
2009-09-27 18:19 86,016 a------- c:\windows\system32\nvmctray.dll
2009-09-27 18:19 229,376 a------- c:\windows\system32\nvmccs.dll
2009-09-27 16:12 5,900,416 a------- c:\windows\system32\nv4_disp.dll
2009-09-25 10:37 667,136 -------- c:\windows\system32\wininet.dll
2009-09-25 10:37 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-21 12:15 3,230 a------- c:\windows\system32\72.scr
2009-09-11 19:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 17:24 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-11 17:24 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-09-05 02:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-02 19:05 22,328 a------- c:\docume~1\(hu\applic~1\PnkBstrK.sys
2009-09-02 19:05 682,280 a------- c:\windows\system32\pbsvc.exe
2009-08-26 13:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-16 12:57 418,480 a------- c:\windows\system32\wrap_oal.dll
2009-08-16 12:57 115,432 a------- c:\windows\system32\OpenAL32.dll
2009-08-14 13:36 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-08-13 02:28 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-13 02:22 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-13 01:26 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 14:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 19:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2009-07-29 09:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 09:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 23:26:22.07 ===============
__________________
team work is essential it gives them other people to shoot at
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-21-2009, 01:37 PM   #31 (permalink)
Visiting Teacher/Analyst, Security Team
 
Blade81's Avatar
 
Join Date: Jun 2008
Location: Finland
Posts: 758
OS: Win XP, Vista 32-bit, Win7 64-bit


Re: trojan program packed win32 tdss.z
Good. So, how's the system running? You wrote earlier that alerts were back. Have you still seen them?
__________________

Microsoft MVP Consumer Security 2008 2009
ASAP & UNITE member since 2006
Blade81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 01:28 AM   #32 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
well it seems fine...as far as the notifications are concerned neither spybot nor kaspersky (updated ) give any..i also ran a quick check with Malwarebytes' Anti-Malware ,resulting in a clean scan...
all thanks to you for helping me in such a comprehensive way..i dont know how to thank you
__________________
team work is essential it gives them other people to shoot at
Last edited by darklord_v; 10-22-2009 at 01:30 AM.
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 02:30 AM   #33 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
my games take a slightly longer time to load then they used to(3-5seconds)..here are the two hd tune benchmark ..one was taken i think 1-2 months ago(hdtune) and the second just now(hd)..i think it might be the due to that virus
Attached Images
File Type: jpg hdtune.JPG (150.5 KB, 2 views)
File Type: jpg hd.JPG (118.8 KB, 1 views)
__________________
team work is essential it gives them other people to shoot at
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 06:43 AM   #34 (permalink)
Visiting Teacher/Analyst, Security Team
 
Blade81's Avatar
 
Join Date: Jun 2008
Location: Finland
Posts: 758
OS: Win XP, Vista 32-bit, Win7 64-bit


Re: trojan program packed win32 tdss.z
Hi,

Let's uninstall ComboFix.
  • Click START then RUN
  • Now copy-paste "c:\Combofix.exe" /uninstall in the runbox and click OK.

You may see here for some performance hints.
__________________

Microsoft MVP Consumer Security 2008 2009
ASAP & UNITE member since 2006
Blade81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 07:34 AM   #35 (permalink)
Registered User
 
darklord_v's Avatar
 
Join Date: Nov 2008
Location: pakistan
Posts: 335
OS: xp professional sp3

My System

Re: trojan program packed win32 tdss.z
should i uninstall Malwarebytes' Anti-Malware too???

thanks for all the help i am very grateful to you
__________________
team work is essential it gives them other people to shoot at
darklord_v is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-22-2009, 08:15 AM   #36 (permalink)
Visiting Teacher/Analyst, Security Team
 
Blade81's Avatar
 
Join Date: Jun 2008
Location: Finland
Posts: 758
OS: Win XP, Vista 32-bit, Win7 64-bit


Re: trojan program packed win32 tdss.z
No, I recommend to keep that. It's great antimalware tool :)
__________________

Microsoft MVP Consumer Security 2008 2009
ASAP & UNITE member since 2006
Blade81 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 11:50 AM   #37 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,605
OS: 2000 Pro; XP Pro; XP Home


Re: trojan program packed win32 tdss.z
Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:21 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85