Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] found Trojan.Win32.Pasta.aju!A2 on PC


  • This topic is locked This topic is locked
7 replies to this topic

#1 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 14 November 2009 - 03:24 PM

Hi,I had my computer cleaned by Noviciate only a few weeks back and thought my computer was running quite well.recently I decided to try some free anti virus scans after buying some new security software as I have been a victim of ID theft in the past.Pandas Active scan picked up a threat and Ashampoo Anti spyware 2 trial version picked up Trojan.Win32.Pasta.aju!A2........DR.WEB cure it free scan also picked up a threat and I am worried about how safe my PC is.It seems to be running fine at the moment....I have ran E-SET online scanner and F-SECUREs online scan and they found nothing.I tried to run rootrepeal but on step f when I click okay,my PC resets itself.however I have managed to take a backup with ERUNT and have a DDS log > DDS (Ver_09-06-26.01) - NTFSx86 Run by allybongo123 at 20:42:59.53 on 14/11/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3197.2746 [GMT 0:00] AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\AntiLogger\AntiLogger.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Documents and Settings\allybongo123\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Bar = hxxp://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [nwiz] nwiz.exe /installquiet mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe" mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized mRun: ['Ashampoo AntiSpyWare 2 Guard'] c:\program files\ashampoo\ashampoo antispyware 2\AntiSpyWare2Guard.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {85d1f590-48f4-11d9-9669-0800200c9a66} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\allybo~1\applic~1\mozilla\firefox\profiles\xxoc649g.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1683615&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://m.uk.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632] R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-11 28552] R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2009-10-23 116080] R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-11-14 3968] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-11-5 226832] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 74480] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-11-11 1858144] R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\ashampoo\ashampoo antispyware 2\AntiSpyWareService.exe [2009-11-14 749912] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-11-11 208616] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592] R3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\drivers\L6TPortGX.sys [2008-11-12 532992] S2 0314981258117785mcinstcleanup;McAfee Application Installer Cleanup (0314981258117785);c:\docume~1\allybo~1\locals~1\temp\0314981258117785mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service --> c:\docume~1\allybo~1\locals~1\temp\0314981258117785mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service [?] S2 gupdate1c9df87da5fd5a4;Google Update Service (gupdate1c9df87da5fd5a4); [x] S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\allybo~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\allybo~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?] S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-11-17 3768] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408] =============== Created Last 30 ================ 2009-11-14 20:07 3,968 a------- c:\windows\system32\drivers\AvgArCln.sys 2009-11-14 02:37 <DIR> --d----- c:\program files\Ashampoo 2009-11-13 19:49 <DIR> -cd-h--- c:\windows\ie8 2009-11-13 19:29 218,624 a------- c:\windows\system32\uxtheme.uxtender 2009-11-13 09:23 2,021,790 a------- c:\windows\system32\37dB3.mht 2009-11-13 09:16 <DIR> --d----- c:\program files\common files\McAfee 2009-11-12 17:13 27,612 a------- c:\windows\syscall.dat 2009-11-12 17:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{E8DD7A4A-3EE8-4019-898E-952A32C3B613} 2009-11-12 17:13 <DIR> --d----- c:\program files\AntiLogger 2009-11-12 01:40 <DIR> --d----- c:\program files\common files\Symantec Shared 2009-11-12 01:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec 2009-11-12 01:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton 2009-11-12 01:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-11-12 01:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA 2009-11-11 23:26 <DIR> --d----- c:\program files\common files\DivX Shared 2009-11-11 21:26 <DIR> --d----- c:\docume~1\allybo~1\applic~1\FreeFixer 2009-11-11 21:21 <DIR> --d----- c:\program files\Bazooka Scanner 2009-11-11 20:24 28,552 a------- c:\windows\system32\drivers\pavboot.sys 2009-11-11 20:24 <DIR> --d----- c:\program files\Panda Security 2009-11-11 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure 2009-11-11 10:05 7,571,533 a------- c:\windows\REGBK00.ZIP 2009-11-11 10:05 <DIR> a-d----- c:\windows\VDLL.DLL 2009-11-11 10:05 <DIR> a-d----- c:\windows\system32\runouce.exe 2009-11-11 10:05 <DIR> a-d----- c:\windows\RUNDL132.EXE 2009-11-11 10:05 <DIR> a-d----- c:\windows\logo1_.exe 2009-11-11 10:05 <DIR> a-d----- c:\windows\logo_1.exe 2009-11-11 10:04 28 a------- c:\windows\Lic.xxx 2009-11-11 10:03 632,064 a------- c:\windows\system32\msvcr80.dll 2009-11-11 10:03 554,240 a------- c:\windows\system32\msvcp80.dll 2009-11-11 10:03 34,048 a------- c:\windows\system32\eEmpty.exe 2009-11-11 10:03 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest 2009-11-11 10:03 146,432 a------- c:\windows\REGEDIT.COM 2009-11-11 10:03 146,432 a------- c:\windows\R.COM 2009-11-11 10:03 135,680 a------- c:\windows\system32\TASKMGR.COM 2009-11-11 10:03 135,680 a------- c:\windows\system32\T.COM 2009-11-11 10:03 <DIR> --d----- c:\program files\common files\MicroWorld 2009-11-11 10:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MicroWorld 2009-11-11 07:49 <DIR> --d----- c:\windows\ERUNT 2009-11-11 06:57 <DIR> --d----- c:\program files\NukeNabber 2009-11-11 04:50 <DIR> --d----- c:\program files\a-squared Free 2009-11-11 04:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software 2009-11-11 03:57 664 a------- c:\windows\system32\d3d9caps.dat 2009-11-08 19:02 <DIR> --d----- c:\program files\RegSeeker 2009-11-06 23:43 73,728 a------- c:\windows\system32\javacpl.cpl 2009-11-06 18:31 201,484 a------- c:\windows\system32\drivers\umss.sys 2009-11-06 18:31 18,401 a------- c:\windows\system32\drivers\umsspdr.pdr 2009-11-06 02:15 93,360 a------- c:\windows\system32\drivers\SBREDrv.sys 2009-11-06 01:05 <DIR> --d----- c:\program files\Readon Technology 2009-11-06 00:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-11-05 20:53 499 a------- c:\windows\system32\%LocalXml% 2009-11-05 19:53 108,059 a------- c:\windows\system32\drivers\klin.dat 2009-11-05 19:53 95,259 a------- c:\windows\system32\drivers\klick.dat 2009-11-05 19:53 507,936 a--sh--- c:\windows\system32\drivers\fidbox2.dat 2009-11-05 19:53 2,816 a--sh--- c:\windows\system32\drivers\fidbox2.idx 2009-11-05 19:53 <DIR> --d----- c:\program files\Kaspersky Lab 2009-11-05 19:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2009-11-05 19:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2009-11-05 17:38 <DIR> --d----- c:\program files\NVIDIA Corporation 2009-11-05 17:35 701,440 a------- c:\windows\system32\cohelper.dll 2009-11-05 17:35 7,090 a------- c:\windows\system32\nvnrm.nvu 2009-11-05 17:35 485,920 a------- c:\windows\system32\nvunrm.exe 2009-11-05 13:17 <DIR> --d----- c:\program files\CCleaner 2009-10-30 23:38 <DIR> --d----- c:\docume~1\allybo~1\applic~1\uTorrent 2009-10-25 22:15 <DIR> --d----- c:\program files\ESET 2009-10-25 15:26 <DIR> --d----- c:\program files\Microsoft Bootvis ==================== Find3M ==================== 2009-11-14 20:20 5,693,472 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-11-14 20:20 67,796 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-11-14 20:19 153,104 a------- c:\windows\system32\drivers\tmcomm.sys 2009-11-13 19:29 218,624 a------- c:\windows\system32\uxtheme.dll 2009-11-06 23:42 411,368 a------- c:\windows\system32\deploytk.dll 2009-11-05 20:12 33,808 a------- c:\windows\system32\drivers\klbg.sys 2009-09-25 16:42 129,784 -------- c:\windows\system32\pxafs.dll 2009-09-25 16:42 120,056 -------- c:\windows\system32\pxcpyi64.exe 2009-09-25 16:42 118,520 -------- c:\windows\system32\pxinsi64.exe 2009-09-25 16:42 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys 2009-09-25 16:42 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys 2009-09-25 16:42 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-25 16:41 90,112 a------- c:\windows\system32\dpl100.dll 2009-09-25 16:41 856,064 a------- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 856,064 a------- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 847,872 a------- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 843,776 a------- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 839,680 a------- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 696,320 a------- c:\windows\system32\DivX.dll 2009-09-11 14:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 08:08 916,480 a------- c:\windows\system32\wininet.dll 2009-08-28 18:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll 2009-08-26 08:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-05-29 20:51 87,608 a------- c:\docume~1\allybo~1\applic~1\inst.exe 2009-05-29 20:51 47,360 a------- c:\docume~1\allybo~1\applic~1\pcouffin.sys ============= FINISH: 20:43:21.90 =============== I hope someone can help,many thanks!...almost forgot,this is my active scan text >;**************************************************************************** ********************************************************************************* ********************** ANALYSIS: 2009-11-14 20:02:04 PROTECTIONS: 1 MALWARE: 1 SUSPECTS: 0 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== Kaspersky Internet Security 8.0.0.506 Yes Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\dsi ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= ===================

Attached Files


Edited by Ally, 14 November 2009 - 03:32 PM.

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 18 November 2009 - 02:56 PM

Hi Ally,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

It is possible that the problems that were picked up are due to the number of security programs you are throwing at it. Often, one security program will target another as a potential threat. That's the main reason for the rule of One Anti-Virus, One Firewall, and one real time Anti-Spyware.

However, something could be lurking so lets do a couple things.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

Then please update and run a scan with Malwarebytes' (you already have it). Please post the results back here.

and finally
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#3 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 18 November 2009 - 04:50 PM

Hi TomK! many thanks for the help,greatly appreciated.I have done the atf and mbytes scan.but when I scanned with ESET it found a win32 trojan but It didnt give me an option to save the log.here is the Mbytes log >Malwarebytes' Anti-Malware 1.41 Database version: 3195 Windows 5.1.2600 Service Pack 3 18/11/2009 21:56:31 mbam-log-2009-11-18 (21-56-31).txt Scan type: Full Scan (C:\|) Objects scanned: 202976 Time elapsed: 21 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I have started scanning with ESET again incase I have missed the option to save the logfile.

#4 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 18 November 2009 - 04:53 PM

hi,I think I have found the ESET log >ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=127b3ee717f7e84c81f860e0f6818ffe # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-18 10:35:57 # local_time=2009-11-18 10:35:57 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1281 16774501 100 100 1132666 32152499 6575 0 # compatibility_mode=8192 67108863 100 0 2076402 2076402 0 0 # scanned=84836 # found=1 # cleaned=0 # scan_time=2056 C:\Program Files\Common Files\Synacast\SynaLive\PPP.dll probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251

#5 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 18 November 2009 - 05:22 PM

Ally,

That isn't a virus. It's a password generator that is part of the Synacast program. What is interesting, you obviously have Snyacast but it doesn't show in your add or remove programs in the control panel. :wacko:

Anyhow, I've found nothing for you to be worried about.

Log looks good :D


You need to create a new Clean restore point:

Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#6 Ally

Ally

    Authentic Member

  • Authentic Member
  • PipPip
  • 200 posts

Posted 18 November 2009 - 05:56 PM

:D many thanks for taking the time to check my logs Tom,it is much appreciated.I have followed your instructions and hopefully won't be back here for a very long time!....You guys are saints. :thumbup: thanks Tom.

#7 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 18 November 2009 - 06:01 PM

Ally, You are very welcome. Good Luck and Be Well. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 18 November 2009 - 06:01 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users