Our desktop has been infected with the above virus can you folks help me get rid of it? I downloaded DDS, ran it, and attached the log and the other attachment as a zip file as directed in the forum. Thanks!
Chief
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Administrator at 16:29:45 on 2011-11-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.664 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi9130~1\datamngr\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_Plugin.exe -update plugin
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\sierra\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\agremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\renais~1.lnk - c:\documents and settings\all users\application data\renaissance wireless server\Renaissance Wireless Server.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://de225.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4F9665E1-6A11-4972-B941-EB22DFA68FC7} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{837C5F68-FB84-414E-8FEC-9FA666C52334} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EFDC876F-B06E-4EBB-8CF6-7765A6D04335} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\wi9130~1\datamngr\iebho.dll c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\op5b9w5g.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 31704]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-7-12 816672]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 492768]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
S1 MpKsl0f7c0b36;MpKsl0f7c0b36;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02636e4d-33b1-4a9d-93f9-d88436ca3d6d}\mpksl0f7c0b36.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02636e4d-33b1-4a9d-93f9-d88436ca3d6d}\MpKsl0f7c0b36.sys [?]
S1 MpKsl5744934b;MpKsl5744934b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40394202-2b54-4840-a53f-78e381e1b662}\mpksl5744934b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40394202-2b54-4840-a53f-78e381e1b662}\MpKsl5744934b.sys [?]
S1 MpKsl5ff3be24;MpKsl5ff3be24;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{158e3422-62fb-4074-825c-f251e1501bec}\mpksl5ff3be24.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{158e3422-62fb-4074-825c-f251e1501bec}\MpKsl5ff3be24.sys [?]
S1 MpKsl82c4ff9c;MpKsl82c4ff9c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7232c367-9761-4a6c-ba0e-49c0dd6ae5c3}\mpksl82c4ff9c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7232c367-9761-4a6c-ba0e-49c0dd6ae5c3}\MpKsl82c4ff9c.sys [?]
S1 MpKsl9dd2a4f5;MpKsl9dd2a4f5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f49f9929-bc03-461b-a787-cc697c91a1bc}\mpksl9dd2a4f5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f49f9929-bc03-461b-a787-cc697c91a1bc}\MpKsl9dd2a4f5.sys [?]
S1 MpKsla1025ecb;MpKsla1025ecb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c179b624-5673-469d-b8be-7310500daf9d}\mpksla1025ecb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c179b624-5673-469d-b8be-7310500daf9d}\MpKsla1025ecb.sys [?]
S1 MpKslb899b9ea;MpKslb899b9ea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68003cd4-2df1-4df8-b327-c3b29de74819}\mpkslb899b9ea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{68003cd4-2df1-4df8-b327-c3b29de74819}\MpKslb899b9ea.sys [?]
S1 MpKslbd4858d2;MpKslbd4858d2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{422a7366-8cb1-4120-b62b-7e26b6b6f89c}\mpkslbd4858d2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{422a7366-8cb1-4120-b62b-7e26b6b6f89c}\MpKslbd4858d2.sys [?]
S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1883328]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-7-13 54760]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-3 366152]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-10 227184]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-3 22216]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-11-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-11-4 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2011-11-4 24064]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-7-13 30576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-07 00:28:55 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{35154f1f-026c-4aea-9555-5a16bc4cd9f0}\offreg.dll
2011-11-06 01:37:40 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-11-05 22:27:49 821760 ----a-w- c:\documents and settings\all users\application data\privacy.exe
2011-11-05 14:34:51 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{35154f1f-026c-4aea-9555-5a16bc4cd9f0}\mpengine.dll
2011-11-05 00:44:35 24064 ----a-w- c:\windows\system32\drivers\motport.sys
2011-11-05 00:44:34 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys
2011-11-05 00:44:33 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2011-11-05 00:44:33 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2011-11-05 00:44:33 20480 ----a-w- c:\windows\system32\drivers\motccgp.sys
2011-11-05 00:43:58 -------- d-----w- c:\program files\common files\Motorola Shared
2011-11-05 00:43:54 -------- d-----w- c:\program files\Motorola
2011-10-29 17:32:40 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 17:24:34 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-10-29 17:24:34 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-29 17:20:10 -------- d--h--w- c:\documents and settings\all users\application data\CanonIJEPPEX
2011-10-24 16:02:31 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-20 03:14:57 -------- d-----w- c:\program files\iPod
2011-10-20 03:08:40 -------- d-----w- c:\program files\Bonjour
2011-10-11 19:23:13 -------- d-----w- c:\program files\Conduit
2011-10-11 19:23:02 -------- d-----w- c:\program files\Coupons.com
2011-10-11 19:22:49 398760 ----a-r- c:\windows\system32\cpnprt2.cid
.
==================== Find3M ====================
.
2011-10-07 17:48:01 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48:00 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47:59 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47:10 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-03 17:45:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200826AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x867C50E8]<<
_asm { MOV EAX, 0x867c5008; XCHG [ESP], EAX; PUSH EAX; PUSH 0x867ca0d4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8671AAB8]
\Driver\Disk[0x8671BB88] -> IRP_MJ_CREATE -> 0x867C50E8
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x867c50e8
\Driver\iaStor -> 0x867c69c0
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 16:30:54.20 ===============