Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

WIN HUER 32 / WIN 32. JUNKPOLY [CRYP]

Started by mmindz , Feb 17 2009 09:26 PM

Please log in to reply

#16
mmindz

Posted 20 February 2009 - 10:35 AM

Member

Topic Starter
Member
22 posts

hi Kahdah---dds.txt

DDS (Ver_09-02-01.01) - NTFSx86
Run by ASK at 11:32:29.76 on 20/02/2009
Internet Explorer: 7.0.5730.13
AV: avast! antivirus 4.8.1335 [VPS 090205-1] *On-access scanning disabled* (Outdated)

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page =
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DriverUpdaterPro] c:\program files\xpc tools\driver updater pro\DriverUpdaterPro.exe -t
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-02-18 20:36 179,200 a------- c:\windows\SWREG.exe
2009-02-18 20:36 115,712 a------- c:\windows\sed.exe
2009-02-18 18:53 250 a------- c:\windows\gmer.ini
2009-02-17 20:32 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-17 20:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-17 20:25 221,184 a------- c:\windows\system32\wmpns.dll
2009-02-17 20:16 <DIR> --d----- c:\windows\pss
2009-02-17 17:26 <DIR> --d----- c:\program files\common files\Softwin
2009-02-16 23:04 <DIR> --d----- c:\windows\system32\3361
2009-02-16 23:04 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-02-16 23:03 172 a------- c:\windows\system32\1C1.tmp
2009-02-16 22:16 <DIR> --d----- c:\docume~1\ask\applic~1\Malwarebytes
2009-02-16 22:15 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-16 22:15 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 22:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-16 22:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 22:02 <DIR> --d----- c:\program files\Enigma Software Group
2009-02-16 18:50 4 a------- c:\windows\xczuokls
2009-02-16 17:27 6 a------- c:\windows\_id.dat
2009-02-16 17:27 130 a------- c:\windows\adobe.bat
2009-02-16 15:56 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-16 15:55 67,072 ----h--- c:\windows\system32\secupdat.dat
2009-02-16 15:55 <DIR> --d----- c:\windows\system32\inf
2009-02-16 15:43 1,312 a------- c:\windows\mwgorzqr
2009-02-13 15:30 244 a---h--- C:\sqmnoopt17.sqm
2009-02-13 15:30 232 a---h--- C:\sqmdata17.sqm
2009-01-21 18:32 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-01-21 18:32 3,523,872 a------- c:\windows\system32\cdintf300.dll
2009-01-21 18:32 1,848,608 a------- c:\windows\system32\acXMLParser.dll
2009-01-21 18:32 <DIR> --d----- c:\docume~1\ask\applic~1\Intuit
2009-01-21 18:32 <DIR> --d----- c:\program files\common files\Intuit
2009-01-21 18:31 <DIR> --d----- c:\program files\Quicken
2009-01-21 18:31 165 a------- c:\windows\QUICKEN.INI
2009-01-21 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit

==================== Find3M ====================

2009-02-18 20:39 90,112 a------- c:\windows\DUMP7261.tmp
2009-02-17 21:04 90,112 a------- c:\windows\DUMP82fb.tmp
2009-02-17 20:05 90,112 a------- c:\windows\DUMPe5c7.tmp
2009-02-17 19:58 81,984 a------- c:\windows\system32\bdod.bin
2009-02-16 18:32 65,536 a------- c:\windows\DUMP86f2.tmp
2009-02-16 17:30 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-02-16 15:45 121,856 a------- c:\windows\system32\userinit.exe
2009-01-15 16:45 132 a------- C:\httpdwl.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-06-16 18:15 30,672 a------- c:\docume~1\ask\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 11:32:36.89 ===============

#17
mmindz

Posted 20 February 2009 - 10:38 AM

Member

Topic Starter
Member
22 posts

HI Kahdah - attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

==== Disk Partitions =========================

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

6300
6300_Help
6300Trb
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.2 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AiO_Scan_CDA
AiOSoftwareNPI
ANIO Service
ANIWZCS2 Service
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Autodesk Backburner 2008.0.0
AutoUpdate
avast! Antivirus
BitTorrent
Bonjour
BufferChm
Combustion 2008
Compatibility Pack for the 2007 Office system
Core FTP Pro 2.1
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
DocProc
DocumentViewer
DocumentViewerQFolder
Driver Updater Pro
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Highlight Viewer (Windows Live Toolbar)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Document Viewer 6.1
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Premier Software 6.1
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HPProductAssistant
InstantShareDevices
iTunes
Java™ 6 Update 5
Java™ 6 Update 7
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MySQL Connector/ODBC 3.51
MySQL Server 5.0
NewCopy_CDA
NVIDIA Drivers
Opera 9.27
PanoStandAlone
particleIllusion 3.0
particleIllusion 3.0.2
PDF Settings
PE Explorer 1.99 R2
PhotoGallery
ProductContextNPI
Quicken 2009
QuickTime
RandMap
Readme
Realtek AC'97 Audio
Resource Tuner 1.99 R3
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Scan
ScannerCopy
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SkinsHP1
Smart Menus (Windows Live Toolbar)
Software Update for Web Folders
SolutionCenter
Sonic Activation Module
Sonic_PrimoSDK
SpyHunter
Status
Swift 3D Version 1.00
SWiSH Max2
Toolbox
TrayApp
Unload
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VC8MSI
WebReg
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows XP Hotfix - KB885884
WinRAR archiver
Wireless G WUA-1340
Workspace Macro Pro 6.5
Yrefresher 1.00

==== End Of File ===========================

#18
kahdah

Posted 20 February 2009 - 05:53 PM

GeekU Teacher

Retired Staff
15,822 posts

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:files
c:\windows\xczuokls
c:\windows\mwgorzqr

:commands
[emptytemp]
```
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:

Ot Move it log
Malware Bytes log
New dds log

#19
mmindz

Posted 20 February 2009 - 06:14 PM

Member

Topic Starter
Member
22 posts

So for the Malware software install...is it safe for me to connect to the internet after I run moveit ?

#20
kahdah

Posted 20 February 2009 - 06:19 PM

GeekU Teacher

Retired Staff
15,822 posts

Yes.

#21
mmindz

Posted 21 February 2009 - 10:24 AM

Member

Topic Starter
Member
22 posts

HI Kahdah...Moveit

========== FILES ==========
File/Folder c:\windows\xczuokls not found.
File/Folder c:\windows\mwgorzqr not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ASK\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ASK\LOCALS~1\Temp\History\History.IE5\MSHist012009022020090221\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ASK\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ASK\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ASK\LOCALS~1\Temp\Acr1084.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ASK\LOCALS~1\Temp\Acr1085.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ASK\LOCALS~1\Temp\lilo2 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ASK\LOCALS~1\Temp\lilo3 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02202009_200142

Files moved on Reboot...
C:\DOCUME~1\ASK\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\DOCUME~1\ASK\LOCALS~1\Temp\History\History.IE5\MSHist012009022020090221\index.dat moved successfully.
C:\DOCUME~1\ASK\LOCALS~1\Temp\History\History.IE5\index.dat moved successfully.
C:\DOCUME~1\ASK\LOCALS~1\Temp\Cookies\index.dat moved successfully.
File C:\DOCUME~1\ASK\LOCALS~1\Temp\Acr1084.tmp not found!
File C:\DOCUME~1\ASK\LOCALS~1\Temp\Acr1085.tmp not found!
File C:\DOCUME~1\ASK\LOCALS~1\Temp\lilo2 not found!
File C:\DOCUME~1\ASK\LOCALS~1\Temp\lilo3 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\ib1.tmp moved successfully.
C:\WINDOWS\temp\ib2.tmp moved successfully.
C:\WINDOWS\temp\ib3.tmp moved successfully.
C:\WINDOWS\temp\ib4.tmp moved successfully.
C:\WINDOWS\temp\ib5.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_3a4.dat not found!

#22
mmindz

Posted 21 February 2009 - 10:27 AM

Member

Topic Starter
Member
22 posts

HI Kahdah DDS Log

DDS (Ver_09-02-01.01) - NTFSx86
Run by ASK at 11:21:27.81 on 21/02/2009
Internet Explorer: 7.0.5730.13
AV: avast! antivirus 4.8.1335 [VPS 090205-1] *On-access scanning enabled* (Outdated)

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page =
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DriverUpdaterPro] c:\program files\xpc tools\driver updater pro\DriverUpdaterPro.exe -t
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-02-20 21:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-20 21:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 21:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 19:56 <DIR> --d----- C:\_OTMoveIt
2009-02-18 20:36 179,200 a------- c:\windows\SWREG.exe
2009-02-18 20:36 115,712 a------- c:\windows\sed.exe
2009-02-18 18:53 250 a------- c:\windows\gmer.ini
2009-02-17 20:32 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-17 20:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-17 20:25 221,184 a------- c:\windows\system32\wmpns.dll
2009-02-17 20:16 <DIR> --d----- c:\windows\pss
2009-02-17 17:26 <DIR> --d----- c:\program files\common files\Softwin
2009-02-16 23:04 <DIR> --d----- c:\windows\system32\3361
2009-02-16 23:04 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-02-16 23:03 172 a------- c:\windows\system32\1C1.tmp
2009-02-16 22:16 <DIR> --d----- c:\docume~1\ask\applic~1\Malwarebytes
2009-02-16 22:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-16 22:02 <DIR> --d----- c:\program files\Enigma Software Group
2009-02-16 17:27 6 a------- c:\windows\_id.dat
2009-02-16 17:27 130 a------- c:\windows\adobe.bat
2009-02-16 15:56 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-16 15:55 67,072 ----h--- c:\windows\system32\secupdat.dat
2009-02-16 15:55 <DIR> --d----- c:\windows\system32\inf
2009-02-13 15:30 244 a---h--- C:\sqmnoopt17.sqm
2009-02-13 15:30 232 a---h--- C:\sqmdata17.sqm

==================== Find3M ====================

2009-02-18 20:39 90,112 a------- c:\windows\DUMP7261.tmp
2009-02-17 21:04 90,112 a------- c:\windows\DUMP82fb.tmp
2009-02-17 20:05 90,112 a------- c:\windows\DUMPe5c7.tmp
2009-02-17 19:58 81,984 a------- c:\windows\system32\bdod.bin
2009-02-16 18:32 65,536 a------- c:\windows\DUMP86f2.tmp
2009-02-16 17:30 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-02-16 15:45 121,856 a------- c:\windows\system32\userinit.exe
2009-01-15 16:45 132 a------- C:\httpdwl.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-06-16 18:15 30,672 a------- c:\docume~1\ask\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 11:21:43.51 ===============

#23
mmindz

Posted 21 February 2009 - 10:39 AM

Member

Topic Starter
Member
22 posts

HI Kahdah,

I was unable to update the malware virus database since I cannot get my internet USB drivers installed seems to have happened once got the virus....however I still ran the scan,

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

21/02/2009 11:03:20 AM
mbam-log-2009-02-21 (11-03-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 237921
Time elapsed: 5 hour(s), 23 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#24
mmindz

Posted 21 February 2009 - 10:58 AM

Member

Topic Starter
Member
22 posts

The reason why I have a problem connecting to the internet, I think the malware has impacted my ANIO Service and ANIWZCS2 service that allows my usb stick to capture the internet. Now its not being detected!!!

Ive tried re-installing off the CD, but there are CRC errors with the files, thus they are not installing or overwritting the existing files. I cannot remove them either.

#25
mmindz

Posted 21 February 2009 - 11:03 AM

Member

Topic Starter
Member
22 posts

Got a message related to the WIN32 Junkpoly[Cryp]...have deleted the file using avast.

#26
kahdah

Posted 21 February 2009 - 06:47 PM

GeekU Teacher

Retired Staff
15,822 posts

Hi I see that you have used Msconfig.
You have more than likely disabled some needed services to run certain utilities.
Try this and see if it let's you have functionality back.

Go to Start > run type in Msconfig and hit the ok button.

Click on Services then choose the button to Enable all then make sure to hit Ok to save the changes.
After that reboot and see if you can then connect to the internet.

Then do the following:
Download the attached .zip file to your desktop.

Right click on it and choose Extract.
Then extract it to this location C:\Windows\system32 choose Yes to overwrite the existing file.

After that see if you can get on the internet and we will continue then.

#27
mmindz

Posted 21 February 2009 - 09:03 PM

Member

Topic Starter
Member
22 posts

Hi Kahdha,

I was able to get the internet connected to the computer...now after avast had been updated...I am seeing more virus pop ups..VITRO...infecting exe files...

#28
kahdah

Posted 21 February 2009 - 09:45 PM

GeekU Teacher

Retired Staff
15,822 posts

That means that you have a file infector called virut.

Removing this can lead to an unbootable machine.
I advise making a backup of any non exe files to a cd in case you cannot get it booted again.

After that go here and follow these instructions.
http://free.avg.com/...moval.ndi-67762
===============================
After that Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)

#29
mmindz

Posted 21 February 2009 - 09:51 PM

Member

Topic Starter
Member
22 posts

HI Kahdah,

Currently avast is running a virus scan deleteing exe files....I think maybe also the USB drives I have been using may have been infected...transfering downloads from the computer im using to post...to the infected computer...as soon as avast is done..I will attempt to go through the instructions you have posted before my latest post.