Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Hijacked by Malware Defense

Started by lucella31 , Dec 22 2009 11:11 AM

  • This topic is locked This topic is locked
20 replies to this topic

#16 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 26 December 2009 - 11:17 AM

Hello,

I copy/pasted the single-line command with regards to Burger Shop and clicked OK, but nothing happened. I suppose that whatever letter codes you included in the command line performed as instructed? Is the Burger Shop program a problem? Was something found? I have no problem deleting it if necessary.

My laptop is running GREAT thanks to you! :woot:
No outstanding issues. I connect to the internet with ease.
I will download WinPatrol and AVG as soon as I get the ALL CLEAN from you.

Here are the new DDS logs, dds.txt and attach.txt:

dds.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Amber at 9:04:20.45 on Sat 12/26/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.710 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Amber\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: labmentors.com\course
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://sympatico.zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - hxxp://community.webshots.com/html/atx/wsaxcontrol.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.98.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: {AB725217-DA8A-4A35-A698-7EB03F1ECB7E} = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\amber\applic~1\mozilla\firefox\profiles\878z64qr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page
FF - component: c:\documents and settings\amber\application data\mozilla\firefox\profiles\878z64qr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\amber\application data\mozilla\firefox\profiles\878z64qr.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\documents and settings\amber\application data\mozilla\firefox\profiles\878z64qr.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: XUL Cache: {64072CD2-2C5E-42E1-B165-E99006162C9D} - c:\documents and settings\amber\local settings\application data\{64072CD2-2C5E-42E1-B165-E99006162C9D}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-9-18 28544]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-12-16 1251720]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2005-12-16 4864]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 AVUSBPVR;AVerMedia USB MPEG-2 Capture Device;c:\windows\system32\drivers\avusbpvr.sys --> c:\windows\system32\drivers\avusbpvr.sys [?]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys --> c:\windows\system32\drivers\ss.sys [?]
S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S4 navapsvc;Norton AntiVirus Auto-Protect Service;"c:\program files\norton internet security\norton antivirus\navapsvc.exe" --> c:\program files\norton internet security\norton antivirus\navapsvc.exe [?]

=============== Created Last 30 ================

2009-12-25 18:48:32 77312 ----a-w- c:\windows\MBR.exe
2009-12-25 18:48:32 261632 ----a-w- c:\windows\PEV.exe
2009-12-22 16:59:26 4196240 ----a-w- c:\windows\pfirewall.log.old

==================== Find3M ====================

2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 02:58:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-29 07:46:59 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-25 14:48:11 570016 ----a-w- c:\program files\GoogleEarthSetup.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 11:40:21 18527244 ----a-w- c:\program files\vlc-1.0.2-win32.exe
2009-09-27 17:37:00 242 ----a-w- c:\documents and settings\amber\jobq.dat
2009-09-27 17:33:55 27529754 ----a-w- c:\program files\FSIndexing_Setup.exe
2009-07-21 09:20:42 17828326 ----a-w- c:\program files\vlc-1.0.0-win32.exe
2009-07-21 01:33:20 14566424 ----a-w- c:\program files\vlc-0.9.4-win32.exe
2009-02-15 08:07:19 547488 ----a-w- c:\program files\GoogleEarthPluginSetup.exe
2009-02-08 01:39:09 69076264 ----a-w- c:\program files\iTunesSetup.exe
2009-02-08 01:36:49 19003017 ----a-w- c:\program files\iTunesSetup.exe.part
2008-12-06 00:23:56 159721768 ----a-w- c:\program files\herods_lost_tomb-setup.exe
2008-12-06 00:19:44 71266824 ----a-w- c:\program files\gourmania-setup.exe
2008-10-06 11:25:38 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2007-04-30 04:25:48 251 -c--a-w- c:\program files\wt3d.ini
2008-08-02 17:13:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080220080803\index.dat

============= FINISH: 9:04:46.00 ===============


attach.txt



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/17/2006 1:48:24 AM
System Uptime: 12/25/2009 7:56:45 PM (14 hours ago)

Motherboard: FUJITSU | | TRUFF01
Processor: Genuine Intel® CPU T2400 @ 1.83GHz | On Board | 1828/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 111 GiB total, 60.663 GiB free.
D: is FIXED (NTFS) - 1 GiB total, 0.995 GiB free.
E: is CDROM ()
G: is CDROM (CDFS)
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP580: 9/27/2009 8:51:48 AM - System Checkpoint
RP581: 9/28/2009 9:43:57 AM - System Checkpoint
RP582: 9/29/2009 10:43:54 AM - System Checkpoint
RP583: 9/30/2009 11:43:57 AM - System Checkpoint
RP584: 10/1/2009 12:44:02 PM - System Checkpoint
RP585: 10/2/2009 1:44:08 PM - System Checkpoint
RP586: 10/3/2009 2:44:08 PM - System Checkpoint
RP587: 10/4/2009 2:45:01 PM - System Checkpoint
RP588: 10/5/2009 9:31:46 AM - Avg8 Update
RP589: 10/5/2009 9:33:05 AM - Avg8 Update
RP590: 10/6/2009 9:44:06 AM - System Checkpoint
RP591: 10/7/2009 8:27:20 AM - Avg8 Update
RP592: 10/8/2009 8:44:07 AM - System Checkpoint
RP593: 10/9/2009 9:44:20 AM - System Checkpoint
RP594: 10/10/2009 9:44:36 AM - System Checkpoint
RP595: 10/11/2009 10:10:43 AM - System Checkpoint
RP596: 10/12/2009 10:26:30 AM - System Checkpoint
RP597: 10/13/2009 10:31:01 AM - System Checkpoint
RP598: 10/14/2009 3:00:52 AM - Software Distribution Service 3.0
RP599: 10/14/2009 11:25:54 PM - Software Distribution Service 3.0
RP600: 10/16/2009 7:01:25 PM - Avg8 Update
RP601: 10/17/2009 7:06:54 PM - System Checkpoint
RP602: 10/18/2009 9:33:01 PM - System Checkpoint
RP603: 10/19/2009 10:49:38 PM - System Checkpoint
RP604: 10/20/2009 4:52:16 PM - Avg8 Update
RP605: 10/21/2009 5:48:45 PM - System Checkpoint
RP606: 10/22/2009 6:33:52 PM - System Checkpoint
RP607: 10/23/2009 7:40:48 PM - System Checkpoint
RP608: 10/24/2009 8:18:10 PM - System Checkpoint
RP609: 10/25/2009 8:23:27 PM - System Checkpoint
RP610: 10/26/2009 10:11:16 PM - System Checkpoint
RP611: 10/27/2009 11:09:10 PM - System Checkpoint
RP612: 10/29/2009 8:58:46 PM - System Checkpoint
RP613: 10/30/2009 9:17:33 PM - System Checkpoint
RP614: 11/1/2009 2:01:00 PM - System Checkpoint
RP615: 11/2/2009 10:39:18 AM - Avg8 Update
RP616: 11/3/2009 4:24:45 PM - System Checkpoint
RP617: 11/4/2009 4:00:28 AM - Software Distribution Service 3.0
RP618: 11/5/2009 7:11:14 AM - System Checkpoint
RP619: 11/5/2009 5:46:09 PM - Avg8 Update
RP620: 11/7/2009 9:54:13 AM - System Checkpoint
RP621: 11/8/2009 2:49:18 PM - System Checkpoint
RP622: 11/9/2009 7:46:05 PM - System Checkpoint
RP623: 11/10/2009 7:55:44 PM - System Checkpoint
RP624: 11/11/2009 8:34:15 PM - System Checkpoint
RP625: 11/12/2009 3:00:33 AM - Software Distribution Service 3.0
RP626: 11/13/2009 3:14:12 AM - System Checkpoint
RP627: 11/14/2009 3:47:01 AM - System Checkpoint
RP628: 11/15/2009 9:33:35 AM - System Checkpoint
RP629: 11/21/2009 5:53:32 PM - System Checkpoint
RP630: 11/22/2009 6:01:24 PM - System Checkpoint
RP631: 11/23/2009 7:49:42 PM - System Checkpoint
RP632: 11/25/2009 8:51:48 AM - Software Distribution Service 3.0
RP633: 11/26/2009 7:26:15 PM - Avg8 Update
RP634: 11/27/2009 8:49:58 PM - System Checkpoint
RP635: 11/28/2009 10:09:29 PM - System Checkpoint
RP636: 11/30/2009 12:34:35 AM - System Checkpoint
RP637: 12/3/2009 5:55:53 PM - System Checkpoint
RP638: 12/4/2009 10:40:24 PM - System Checkpoint
RP639: 12/6/2009 12:10:27 AM - System Checkpoint
RP640: 12/7/2009 12:25:25 AM - System Checkpoint
RP641: 12/8/2009 12:30:16 AM - System Checkpoint
RP642: 12/9/2009 1:17:26 AM - System Checkpoint
RP643: 12/9/2009 3:01:05 AM - Software Distribution Service 3.0
RP644: 12/9/2009 8:19:08 AM - Avg8 Update
RP645: 12/10/2009 4:13:23 PM - System Checkpoint
RP646: 12/11/2009 5:23:32 PM - System Checkpoint
RP647: 12/12/2009 9:36:24 AM - Avg8 Update
RP648: 12/12/2009 9:38:04 AM - Avg8 Update
RP649: 12/15/2009 2:06:16 AM - System Checkpoint
RP650: 12/16/2009 2:17:12 AM - System Checkpoint
RP651: 12/17/2009 2:48:20 AM - System Checkpoint
RP652: 12/18/2009 5:08:20 AM - System Checkpoint
RP653: 12/19/2009 12:24:08 AM - Software Distribution Service 3.0
RP654: 12/19/2009 3:01:18 AM - Software Distribution Service 3.0
RP655: 12/20/2009 3:42:23 AM - System Checkpoint
RP656: 12/20/2009 6:32:31 PM - Removed Caesar IV
RP657: 12/21/2009 9:24:19 AM - Avg8 Update
RP658: 12/25/2009 11:38:21 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
220-601 Practice Exam Package 1.0 from Pass-Guaranteed.com
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Algebra 1 Solved!
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Are You Smarter Than A 5th Grader Make The Grade
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Babysitting Mania 10.1
Backyard Football
Beach Party Craze
Belarc Advisor 7.2
Big City Adventure San Francisco
Bonjour
Bridge Builder
Burger Island 2
Burger Shop
Can You See What I See
Casino Empire
Casino Island To Go
CCleaner (remove only)
CleanUp!
Coffee House Chaos
Compton's Interactive Encyclopedia 2000 Deluxe
Cooking Academy 2 World Cuisine
Crazy Machines
Critical Update for Windows Media Player 11 (KB959772)
CyberLink Codec
Easy WiFi Radar 1.0.5
eGames GameButler
eGames\DeepSeaTycoon
Emperor: Rise of the Middle Kingdom
Encyclopaedia Britannica 2006 Ultimate Reference Suite DVD
ESET Online Scanner
FamilySearch Indexing (www.familysearchindexing.org)
Fishing Craze
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu System Extension Utility
Full Tilt Poker
GemMaster Mystic
Geography Quiz 1.0
Go-Go Gourmet 2 - Chef of the Year
Goods Account version 1.2
Google Earth
Google Photos Screensaver
Google Update Helper
Gourmania
Governor of Poker
Hell's Kitchen
Hidden Expedition Titanic (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hoyle Casino Empire
Intel® PROSet/Wireless Software
InterActual Player
iTunes
Java™ 6 Update 13
Jeopardy! 2nd Edition
Languages of the World
LifeBook Application Panel
MagicDisc 2.7.105
MakeDVD 2.0
Malwarebytes' Anti-Malware
mCore
mDrWiFi
Merv Griffins Crosswords
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
Mozilla Firefox (3.5.6)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MULTIPEDIA
Museum Collection 2.0
mWlsSafe
mXML
MySQL Connector/ODBC 3.51
Mystery Museum
MyTypeArtist
mZConfig
National Geographic Games - Herod’s Lost Tomb ©
Nero Suite
Next Generation Visualisations
Norton Internet Security
Office 2003 Trial Assistant
OpenOffice.org 2.4
Panda ActiveScan
Panda ActiveScan 2.0
Perfect Pool
Phun beta 4.22
Picasa 2
PowerDirector Express
PowerProducer
Profitville
QuickTime
QuickTime 3.0
Realtek High Definition Audio Driver
Restaurant Rush
Rock and Roll JEOPARDY! (remove only)
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
ScanSoft OmniPage SE 4.0
Scrabble (remove only)
SCRABBLE Blast Deluxe
SCRABBLE Journey
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skies of War
Snap Simulation Engine Installer 1.10
Solitaire Antics Ultimate
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy 1.4
Stellarium 0.9.1
Street Challenge - 14 Mile Combat
Symantec KB-DocID:2003093015493306
System Mania
System Requirements Lab
Taito Legends
Taskbar Wallpaper 3.00
Test and Improve your Memory
TestOut Navigator (Online Version)
The First Olympic Tidy Up
Top Chef
Trivia Machine
Tropicabana
Tropico
Tumble Bees To Go
TuneUp Companion 1.5.5
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE for Windows Media Player
Virtual DJ - Atomix Productions
VLC media player 1.0.2
Vuze
Webaroo
WebFldrs XP
Westward 2
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinISO 5.3
WinRAR archiver
Wonderland
Word Zen 1.0.0
World Book 2002
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! ¤u¨ă¦C
Yard Sale Hidden Treasures Sunnyville
Youda Marina
Zune Desktop Theme

==== Event Viewer Messages From Past Week ========

12/25/2009 10:48:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 AvgTdiX
12/25/2009 10:48:18 AM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The system cannot find the path specified.
12/25/2009 1:25:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/25/2009 1:24:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/23/2009 10:14:42 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
12/22/2009 9:04:42 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/22/2009 9:03:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX BANTExt eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss Tcpip
12/22/2009 9:03:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2009 9:03:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2009 9:03:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2009 9:03:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2009 9:03:45 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2009 9:03:45 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/22/2009 9:03:12 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/22/2009 9:00:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/22/2009 9:00:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
12/22/2009 9:00:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 WatchDog service to connect.
12/22/2009 9:00:17 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2009 9:00:17 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/22/2009 9:00:17 AM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2009 2:20:47 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/19/2009 2:38:22 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'updatecomps.cfg' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

    Advertisements

Register to Remove

#17 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 26 December 2009 - 11:36 AM

Hi,

Your logs are clean,

Just some housekeeping to do now.

Yes, I would delete the BurgerShop program from Add/Remove programs. The launcher was infected with a network worm.


While you are in Add/Remove programs, you would be doing yourself a favour to delete utorrent. P2P is the most common way to get your system infected.

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.2)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 13 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


NEXT


Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image




NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.


    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#18 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 26 December 2009 - 12:31 PM

My computer is running faster and better even before it was infected. Perhaps it was slowly being bogged down with all kinds of infections.

I removed uTorrent and Burger Shop. You said there was an infection with the launcher in Burger Shop, and I believe I have the CD-ROM for this game.
Should I toss this game altogether? Do you think a reinstall of the game would still have an infection? Just wondering....

I guess the Run command to uninstall ComboFix still worked even though you had me rename it lucella.exe since the malware prevented me from running it as ComboFix. A remnant of it in the form of a desktop shortcut was present after running the uninstall so I ran it one more time after renaming it Combofix. I also did a file search for both lucella and Combofix and nothing came up, so apparently it's gone. :)

I ran the OTC and I'm not sure if it got everything because I still have gmer.rar file on my desktop. I can manually remove it of course.
Does it only remove certain programs?

I updated Java and Adobe successfully and will perform the recommended maintenance and run programs you suggested after your reply.

THANK YOU so much for your help, your time, and your patience. I have learned so much! :notworthy: :thumbup: :D

I anxiously wait for the ALL CLEAN....

lucella31

#19 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 26 December 2009 - 01:02 PM

Hi, If you have the disk for the Burger Shop go ahead and reinstall it, sometimes infections will tag along with legitimate programs, it's also possible Kaspersky wrongly identified it based on their heuristics. If there are any logs/tools remaining on your desktop > right click and delete them. After that you should be good to go as your computer is clean. Make sure you reinstall your security programs before surfing. stay safe :wavey: ~CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#20 lucella31

lucella31

    Authentic Member

  • Authentic Member
  • PipPip
  • 55 posts

Posted 26 December 2009 - 01:13 PM

Thank You!!!! Please close this topic. :D

#21 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 26 December 2009 - 01:37 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·