Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Connection Suddenly took a dump


  • Please log in to reply

#1
Blurn

Blurn

    New Member

  • Member
  • Pip
  • 1 posts
I tried downloading a COD 4 Key Gen and got myself stuck with OuterInfo and Virtumonde and other things. You guys came up on google so I gave you a try. Everything seems to be fine except firefox (my browser) seems to load extremely slow and I feel like Im on dial up again when loading web pages. Also, my download has gone down from 320 kbs to about 180. I uninstalled and reinstalled Firefox, didn't work.

I did all the scans with the programs you guys listed. However the pandascan website didn't seem to work for me. Also, Combofix seemed to delete the SUPERspyware package I downloaded from you guys so I have no log of that, but I do have the HiJackThis, AVG, and combofix logs. Please help me :/.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:35 AM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: byxywtq - byxywtq.dll (file missing)
O20 - Winlogon Notify: winexy32 - winexy32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

--
End of file - 2743 bytes


-------------------------------------------


ComboFix 08-01-04.1 - Admin 2008-01-07 1:37:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.634 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\ddayw.exe
C:\WINDOWS\system32\drvgemr.dll
C:\WINDOWS\system32\rqrssss.dll
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wyadd.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 01:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 01:10 . 2008-01-07 01:10 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-07 00:39 . 2008-01-07 00:39 104,448 --a------ C:\WINDOWS\system32\drvgem.dll
2008-01-07 00:35 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-07 00:11 . 2008-01-07 00:11 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-01-06 23:53 . 2008-01-07 00:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 23:53 . 2008-01-06 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 23:53 . 2008-01-06 23:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-06 23:47 . 2008-01-06 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 23:47 . 2008-01-06 23:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-06 02:02 . 2007-11-29 14:30 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-01-06 02:02 . 2007-11-29 14:30 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-01-06 02:02 . 2007-11-29 14:30 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-01-06 02:02 . 2007-11-29 14:30 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-06 02:02 . 2007-11-29 14:30 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-31 14:31 . 2007-12-31 14:31 <DIR> d-------- C:\Program Files\Viewpoint
2007-12-31 14:31 . 2007-12-31 14:31 <DIR> d-------- C:\Program Files\VentSrv
2007-12-31 14:31 . 2007-12-31 14:31 <DIR> d-------- C:\Program Files\THQ
2007-12-31 14:31 . 2008-01-06 02:02 <DIR> d-------- C:\Program Files\DivX
2007-12-31 14:31 . 2007-12-31 14:31 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-31 14:31 . 2007-12-31 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 19:23 . 2008-01-04 00:39 <DIR> d-------- C:\Valve
2007-12-19 12:42 . 2003-07-17 10:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2007-12-19 12:42 . 2005-01-01 01:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-12-19 12:40 . 2007-12-22 09:21 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\ijjigame
2007-12-13 14:01 . 2007-12-13 14:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-13 14:01 . 2007-12-13 14:01 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 08:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-01-07 07:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 22:11 --------- d-----w C:\Program Files\World of Warcraft
2007-12-31 22:30 --------- d-----w C:\Program Files\Warcraft III
2007-12-14 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-22 19:35 --------- d-----w C:\Program Files\WinPcap
2007-11-16 22:57 --------- d-----w C:\Program Files\Verizon
2007-11-16 22:57 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-11-16 00:07 --------- d-----w C:\Program Files\Ventrilo
2007-11-14 00:16 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 09:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ventrilo
2007-11-09 19:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-09-17 01:07 8 -c--a-w C:\Documents and Settings\Administrator\Application Data\usb.dat.bin
.
<pre>
----a-w		 6,731,312 2008-01-07 09:10:32  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w		   131,072 2008-01-07 07:18:38  C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray .exe
----a-w		 1,310,720 2008-01-07 08:06:03  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w		   158,208 2008-01-07 09:10:26  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			15,360 2008-01-07 09:10:27  C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxywtq]
byxywtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winexy32]
winexy32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WPN111 Smart Wizard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 04:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 --a--c--- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\ddayw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass]
C:\WINDOWS\lsass .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outerinfo]
C:\Program Files\Outerinfo\Outerinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"IDriverT"=3 (0x3)

S3 aaudstum;aaudstum;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aaudstum.sys [2004-10-21 18:16]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 11:10]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 12:22]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 01:40:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 1:42:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 09:42:39
.
2007-12-21 08:45:57 --- E O F ---


-------------------------------------------------

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:05:01 AM 1/7/2008

+ Scan result:



C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP320\A0067159.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP320\A0067167.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP321\A0067390.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP320\A0067166.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP320\A0067175.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP320\A0067178.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP320\A0067179.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP320\A0067180.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP321\A0067407.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP321\A0067410.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP321\A0067441.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP321\A0067443.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP321\A0067444.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\Valve\Steam\Steam.exe -> Dropper.Agent.dgo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP320\A0067163.dll -> Not-A-Virus.Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{30BDED4D-EF0E-44EF-800E-ACCDC9635C90}\RP321\A0067473.exe -> Not-A-Virus.Hoax.Win32.Renos.hx : Ignored.
C:\WINDOWS\xpupdate.exe -> Not-A-Virus.Hoax.Win32.Renos.hx : Ignored.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end

Edited by Blurn, 07 January 2008 - 03:56 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP