Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Comp infected with generic.dx

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Comp infected with generic.dx

Unread postby ChupaPapa » June 24th, 2008, 6:24 pm

Help me remove it please! I'm in safe-mode right now if that has any relevance?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:45 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\C\WINDOWS\System32\smss.exe
C:\C\WINDOWS\system32\winlogon.exe
C:\C\WINDOWS\system32\services.exe
C:\C\WINDOWS\system32\lsass.exe
C:\C\WINDOWS\system32\svchost.exe
C:\C\WINDOWS\system32\svchost.exe
C:\C\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9111DA9D-1CF7-40CF-8207-32E7A319F3D3} - C:\C\WINDOWS\system32\xxyaBssT.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: {0dc5e8e6-858b-b90b-8e04-bca7c2b0654c} - {c4560b2c-7acb-40e8-b09b-b8586e8e5cd0} - C:\C\WINDOWS\system32\rkfpmwld.dll
O2 - BHO: (no name) - {E23136A1-1AC4-4D1B-926F-5D537CFFF359} - C:\C\WINDOWS\system32\vtUonKcc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\C\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\C\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\C\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [0ccb7f0a] rundll32.exe "C:\C\WINDOWS\system32\juimeaxl.dll",b
O4 - HKLM\..\Run: [BM0ff84c96] Rundll32.exe "C:\C\WINDOWS\system32\svyqxxua.dll",s
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\C\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O20 - AppInit_DLLs: joltlavc.dll
O20 - Winlogon Notify: vtUonKcc - C:\C\WINDOWS\SYSTEM32\vtUonKcc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\C\WINDOWS\system32\HPHipm11.exe
O23 - Service: PnkBstrA - Unknown owner - C:\C\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6556 bytes
ChupaPapa
Active Member
 
Posts: 4
Joined: June 24th, 2008, 6:17 pm
Top
Advertisement
Register to Remove

Re: Comp infected with generic.dx

Unread postby dan12 » June 25th, 2008, 2:20 pm

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Comp infected with generic.dx

Unread postby dan12 » June 25th, 2008, 2:24 pm

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

____________

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log
uninstall list.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Comp infected with generic.dx

Unread postby ChupaPapa » June 26th, 2008, 10:39 pm

COMBO FIX
ComboFix 08-06-20.4 - Administrator 2008-06-26 22:19:01.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.527 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\C\WINDOWS\BM0ff84c96.xml
C:\C\WINDOWS\pskt.ini
C:\C\WINDOWS\system32\byXOhIxU.dll
C:\C\WINDOWS\system32\drivers\npf.sys
C:\C\WINDOWS\system32\lxaemiuj.ini
C:\C\WINDOWS\system32\mcrh.tmp
C:\C\WINDOWS\system32\oaoypstc.ini
C:\C\WINDOWS\system32\packet.dll
C:\C\WINDOWS\system32\pthreadVC.dll
C:\C\WINDOWS\system32\pupwqquo.ini
C:\C\WINDOWS\system32\TssBayxx.ini
C:\C\WINDOWS\system32\TssBayxx.ini2
C:\C\WINDOWS\system32\ucisyqkp.ini
C:\C\WINDOWS\system32\UxIhOXyb.ini
C:\C\WINDOWS\system32\UxIhOXyb.ini2
C:\C\WINDOWS\system32\wanpacket.dll
C:\C\WINDOWS\system32\wmhtmukp.ini
C:\C\WINDOWS\system32\wmqpkidf.ini
C:\C\WINDOWS\system32\wpcap.dll
C:\C\WINDOWS\system32\wuqmfmbu.ini
C:\C\WINDOWS\system32\xxyaBssT.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-25 18:45 . 2008-06-25 18:45 106,496 --a------ C:\C\WINDOWS\system32\vnanqidt.dll
2008-06-25 18:42 . 2008-06-25 18:42 81,920 --a------ C:\C\WINDOWS\system32\pkumthmw.dll
2008-06-25 18:39 . 2008-06-25 18:39 91,136 --a------ C:\C\WINDOWS\system32\nvsuikpa.dll
2008-06-24 20:14 . 2008-06-24 20:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-06-24 18:40 . 2008-06-24 18:40 99,840 --a------ C:\C\WINDOWS\system32\qxyxsxvg.dll
2008-06-24 18:38 . 2008-06-24 18:38 91,136 --a------ C:\C\WINDOWS\system32\crjdimbl.dll
2008-06-24 18:14 . 2008-06-24 18:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 17:43 . 2008-06-24 17:43 <DIR> d-------- C:\Program Files\Unlocker
2008-06-24 17:43 . 2008-06-24 17:43 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\Desktopicon
2008-06-24 17:31 . 2008-06-24 17:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 17:29 . 2008-06-24 17:29 <DIR> d-------- C:\VundoFix Backups
2008-06-24 16:59 . 2008-06-24 16:59 99,840 --a------ C:\C\WINDOWS\system32\rkfpmwld.dll
2008-06-24 16:53 . 2008-06-24 16:53 91,136 --a------ C:\C\WINDOWS\system32\svyqxxua.dll
2008-06-23 22:17 . 2008-06-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-23 15:23 . 2008-06-23 15:23 105,984 --a------ C:\C\WINDOWS\system32\joltlavc.dll
2008-06-23 15:21 . 2008-06-23 15:21 81,408 --a------ C:\C\WINDOWS\system32\pkqysicu.dll
2008-06-23 15:20 . 2008-06-23 15:21 91,136 --a------ C:\C\WINDOWS\system32\mnhegwbc.dll
2008-06-22 15:44 . 2008-06-22 15:44 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\SPORE Creature Creator
2008-06-22 15:37 . 2008-06-22 15:37 107,888 --a------ C:\C\WINDOWS\system32\CmdLineExt.dll
2008-06-22 15:25 . 2008-06-22 15:25 99,328 --a------ C:\C\WINDOWS\system32\iemgxfbu.dll
2008-06-22 15:20 . 2008-06-22 15:20 111,616 --a------ C:\C\WINDOWS\system32\fajbdkqd.exe
2008-06-22 15:20 . 2008-06-22 15:20 90,624 --a------ C:\C\WINDOWS\system32\vdwvohxf.dll
2008-06-22 13:56 . 2008-06-22 13:56 <DIR> d-------- C:\ProgramData
2008-06-22 13:56 . 2008-06-22 13:56 2,694 --a------ C:\C\WINDOWS\system32\ealregsnapshot1.reg
2008-06-22 13:52 . 2008-06-22 13:57 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-20 20:20 . 2008-06-20 20:20 79,872 --------- C:\C\WINDOWS\system32\ctspyoao.dll
2008-06-15 23:52 . 2008-06-15 23:52 0 --a------ C:\C\WINDOWS\PowerReg.dat
2008-06-15 23:48 . 2008-06-15 23:48 <DIR> d-------- C:\Program Files\Infogrames Interactive
2008-06-15 19:09 . 2008-06-15 19:09 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\Leadertech
2008-06-15 18:47 . 2008-06-15 18:47 <DIR> d-------- C:\Program Files\Atari
2008-06-13 14:49 . 2008-06-13 14:49 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-06-13 14:49 . 2008-06-13 14:53 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\MegauploadToolbar
2008-06-11 11:41 . 2008-06-13 09:10 272,128 --------- C:\C\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:41 . 2008-06-13 09:10 272,128 -----c--- C:\C\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 14:28 . 2008-06-03 14:28 <DIR> d-------- C:\Logs
2008-06-03 12:44 . 2008-06-10 18:12 <DIR> d-------- C:\Program Files\World of Warcraft
2008-06-02 15:16 . 2008-06-02 15:16 <DIR> d-------- C:\Nexon
2008-06-02 15:16 . 2008-06-02 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 14:51 --------- d-----w C:\Program Files\Rockstar Games
2008-06-14 15:08 --------- d-----w C:\Documents and Settings\Christopher Benitez\Application Data\LimeWire
2008-06-13 22:17 --------- d-----w C:\Program Files\EA GAMES
2008-06-03 18:28 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-27 23:44 --------- d-----w C:\Program Files\MAIET
2008-05-19 20:00 --------- d-----w C:\Program Files\Veoh Networks
2008-05-08 12:28 202,752 ----a-w C:\C\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 23:37 --------- d-----w C:\Program Files\City of Heroes
2008-05-06 22:38 --------- d-----w C:\Program Files\StepMania
2008-03-17 01:59 22,328 ----a-w C:\Documents and Settings\Christopher Benitez\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e3b5645-23dc-4295-a28b-ac0dfb4fb0fe}]
2008-06-25 18:45 106496 --a------ C:\C\WINDOWS\system32\vnanqidt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\C\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\C\WINDOWS\system32\igfxtray.exe" [2007-04-27 19:12 155648]
"HotKeysCmds"="C:\C\WINDOWS\system32\hkcmd.exe" [2007-04-27 19:12 126976]
"HPDJ Taskbar Utility"="C:\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 15:07 188416]
"HPHmon04"="C:\C\WINDOWS\system32\hphmon04.exe" [2006-01-06 15:07 348160]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"0ccb7f0a"="C:\C\WINDOWS\system32\pkumthmw.dll" [2008-06-25 18:42 81920]
"BM0ff84c96"="C:\C\WINDOWS\system32\nvsuikpa.dll" [2008-06-25 18:39 91136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUonKcc]
vtUonKcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=joltlavc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\C\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\C\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-21 04:30 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-05-16 18:16 2732032 C:\Program Files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-27 16:49 577536 C:\C\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 00:15 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-08 16:53 3640368 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
"C:\\C\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\C\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

S3 XDva120;XDva120;C:\C\WINDOWS\system32\XDva120.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-07-15 05:36:49 C:\C\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe)
"2008-03-01 06:00:06 C:\C\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-05-06 17:35:42 C:\C\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-06-25 22:00:02 C:\C\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-26 19:50:02 C:\C\WINDOWS\Tasks\User_Feed_Synchronization-{0BC480E0-8D52-42E9-991E-DE95FF4EB36B}.job"
- C:\C\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 22:27:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\C\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
.
**************************************************************************
.
Completion time: 2008-06-26 22:33:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 02:33:51

Pre-Run: 20,414,816,256 bytes free
Post-Run: 20,348,805,120 bytes free

205 --- E O F --- 2008-06-21 22:42:45

Uninstall list

7-Zip 4.57
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
CEP - Color Enable Package
City of Heroes (remove only)
Civ3 Conquests v1.22 Full
Civilization III Complete Edition
Combat Arms
Comcast High-Speed Internet Install Wizard
Cruise Ship Tycoon
DivX Web Player
EA Download Manager
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Grand Theft Auto Vice City
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) Extreme Graphics Driver
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 4.14.10
McAfee SecurityCenter
Megaupload Toolbar
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox (3.0)
Mozilla Firefox (3.0b1)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Network Addon Mod Version June 2007
Norton Security Scan
Opera 9.21
Paint.NET v3.10
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PLAYSTATION(R)Network Downloader
Project64 1.6
PunkBuster Services
QuickTime
Realtek AC'97 Audio
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Wacky Worlds
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Seven Kingdoms II
SimCity 4 Deluxe
SPORE™ Creature Creator Trial Edition
StepMania (remove only)
System Requirements Lab
TaxACT 2007
The Sims 2
The Sims Superstar
Unlocker 1.8.7
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VeohTV BETA
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 3.1
WinRAR archiver
World of Warcraft
XBC 5.1
XBCD 1.07
XBCD 360 0.2.5
XBCD Uninstaller
Xbox 360 Controller for Windows
Yahoo! Install Manager
Yahoo! Internet Mail
Zoo Tycoon 2 Trial Version

New HiJackThis list

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:40 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\C\WINDOWS\System32\smss.exe
C:\C\WINDOWS\system32\winlogon.exe
C:\C\WINDOWS\system32\services.exe
C:\C\WINDOWS\system32\lsass.exe
C:\C\WINDOWS\system32\svchost.exe
C:\C\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\C\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\C\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: {ef0bf4bf-d0ca-b82a-5924-cd325465b3e2} - {2e3b5645-23dc-4295-a28b-ac0dfb4fb0fe} - C:\C\WINDOWS\system32\vnanqidt.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\C\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\C\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\C\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [0ccb7f0a] rundll32.exe "C:\C\WINDOWS\system32\pkumthmw.dll",b
O4 - HKLM\..\Run: [BM0ff84c96] Rundll32.exe "C:\C\WINDOWS\system32\nvsuikpa.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\C\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O20 - AppInit_DLLs: joltlavc.dll
O20 - Winlogon Notify: vtUonKcc - vtUonKcc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\C\WINDOWS\system32\HPHipm11.exe
O23 - Service: PnkBstrA - Unknown owner - C:\C\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6109 bytes
ChupaPapa
Active Member
 
Posts: 4
Joined: June 24th, 2008, 6:17 pm
Top

Re: Comp infected with generic.dx

Unread postby dan12 » June 27th, 2008, 12:59 am

Hi, can you do the HJT log in normal mode not safe mode.
thanks :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Comp infected with generic.dx

Unread postby dan12 » June 27th, 2008, 3:41 am

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm

I would recommend that you uninstall LimeWire, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.
___________________

1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\C\WINDOWS\system32\vnanqidt.dll
C:\C\WINDOWS\system32\pkumthmw.dll
C:\C\WINDOWS\system32\nvsuikpa.dll
C:\C\WINDOWS\system32\qxyxsxvg.dll
C:\C\WINDOWS\system32\crjdimbl.dll
C:\C\WINDOWS\system32\rkfpmwld.dll
C:\C\WINDOWS\system32\svyqxxua.dll
C:\C\WINDOWS\system32\joltlavc.dll
C:\C\WINDOWS\system32\pkqysicu.dll
C:\C\WINDOWS\system32\mnhegwbc.dll
C:\C\WINDOWS\system32\ctspyoao.dll
C:\C\WINDOWS\system32\vnanqidt.dll
C:\C\WINDOWS\system32\pkumthmw.dll
C:\C\WINDOWS\system32\nvsuikpa.dll
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e3b5645-23dc-4295-a28b-ac0dfb4fb0fe}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0ccb7f0a"=-
"BM0ff84c96"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUonKcc]
vtUonKcc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
DirLook::
C:\ProgramData


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post above log and a new HJT log
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Comp infected with generic.dx

Unread postby ChupaPapa » June 27th, 2008, 4:31 pm

Thanks for the help I really appreciate it. I want to add that McAffe has not warned me about Generic.dx anymore. Now it says my computer is infected with Vundo. his logfile was in smart mode as I can't open any programs in normal mode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:06 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\C\WINDOWS\System32\smss.exe
C:\C\WINDOWS\system32\winlogon.exe
C:\C\WINDOWS\system32\services.exe
C:\C\WINDOWS\system32\lsass.exe
C:\C\WINDOWS\system32\svchost.exe
C:\C\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\C\WINDOWS\explorer.exe
C:\C\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\C\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\C\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\C\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\C\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\C\WINDOWS\system32\HPHipm11.exe
O23 - Service: PnkBstrA - Unknown owner - C:\C\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5643 bytes


Combo Fix
ComboFix 08-06-20.4 - Administrator 2008-06-27 15:48:51.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.626 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\C\WINDOWS\system32\crjdimbl.dll
C:\C\WINDOWS\system32\ctspyoao.dll
C:\C\WINDOWS\system32\joltlavc.dll
C:\C\WINDOWS\system32\mnhegwbc.dll
C:\C\WINDOWS\system32\nvsuikpa.dll
C:\C\WINDOWS\system32\pkqysicu.dll
C:\C\WINDOWS\system32\pkumthmw.dll
C:\C\WINDOWS\system32\qxyxsxvg.dll
C:\C\WINDOWS\system32\rkfpmwld.dll
C:\C\WINDOWS\system32\svyqxxua.dll
C:\C\WINDOWS\system32\vnanqidt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\C\WINDOWS\BM0ff84c96.xml
C:\C\WINDOWS\pskt.ini
C:\C\WINDOWS\system32\ctspyoao.dll
C:\C\WINDOWS\system32\joltlavc.dll
C:\C\WINDOWS\system32\mnhegwbc.dll
C:\C\WINDOWS\system32\nvsuikpa.dll
C:\C\WINDOWS\system32\pkqysicu.dll
C:\C\WINDOWS\system32\pkumthmw.dll
C:\C\WINDOWS\system32\qxyxsxvg.dll
C:\C\WINDOWS\system32\rkfpmwld.dll
C:\C\WINDOWS\system32\vnanqidt.dll
C:\C\WINDOWS\system32\wmhtmukp.ini
C:\VundoFix Backups

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-24 20:14 . 2008-06-24 20:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-06-24 18:14 . 2008-06-24 18:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 17:43 . 2008-06-24 17:43 <DIR> d-------- C:\Program Files\Unlocker
2008-06-24 17:43 . 2008-06-24 17:43 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\Desktopicon
2008-06-24 17:31 . 2008-06-24 17:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 22:17 . 2008-06-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-22 15:44 . 2008-06-22 15:44 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\SPORE Creature Creator
2008-06-22 15:37 . 2008-06-22 15:37 107,888 --a------ C:\C\WINDOWS\system32\CmdLineExt.dll
2008-06-22 15:25 . 2008-06-22 15:25 99,328 --a------ C:\C\WINDOWS\system32\iemgxfbu.dll
2008-06-22 15:20 . 2008-06-22 15:20 111,616 --a------ C:\C\WINDOWS\system32\fajbdkqd.exe
2008-06-22 15:20 . 2008-06-22 15:20 90,624 --a------ C:\C\WINDOWS\system32\vdwvohxf.dll
2008-06-22 13:56 . 2008-06-22 13:56 <DIR> d-------- C:\ProgramData
2008-06-22 13:56 . 2008-06-22 13:56 2,694 --a------ C:\C\WINDOWS\system32\ealregsnapshot1.reg
2008-06-22 13:52 . 2008-06-22 13:57 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-15 23:52 . 2008-06-15 23:52 0 --a------ C:\C\WINDOWS\PowerReg.dat
2008-06-15 23:48 . 2008-06-15 23:48 <DIR> d-------- C:\Program Files\Infogrames Interactive
2008-06-15 19:09 . 2008-06-15 19:09 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\Leadertech
2008-06-15 18:47 . 2008-06-15 18:47 <DIR> d-------- C:\Program Files\Atari
2008-06-13 14:49 . 2008-06-13 14:49 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-06-13 14:49 . 2008-06-13 14:53 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\MegauploadToolbar
2008-06-11 11:41 . 2008-06-13 09:10 272,128 --------- C:\C\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:41 . 2008-06-13 09:10 272,128 -----c--- C:\C\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 14:28 . 2008-06-03 14:28 <DIR> d-------- C:\Logs
2008-06-03 12:44 . 2008-06-10 18:12 <DIR> d-------- C:\Program Files\World of Warcraft
2008-06-02 15:16 . 2008-06-02 15:16 <DIR> d-------- C:\Nexon
2008-06-02 15:16 . 2008-06-02 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 14:51 --------- d-----w C:\Program Files\Rockstar Games
2008-06-14 15:08 --------- d-----w C:\Documents and Settings\Christopher Benitez\Application Data\LimeWire
2008-06-13 22:17 --------- d-----w C:\Program Files\EA GAMES
2008-06-03 18:28 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-27 23:44 --------- d-----w C:\Program Files\MAIET
2008-05-19 20:00 --------- d-----w C:\Program Files\Veoh Networks
2008-05-08 12:28 202,752 ----a-w C:\C\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 23:37 --------- d-----w C:\Program Files\City of Heroes
2008-05-06 22:38 --------- d-----w C:\Program Files\StepMania
2008-03-17 01:59 22,328 ----a-w C:\Documents and Settings\Christopher Benitez\Application Data\PnkBstrK.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\ProgramData ----

2008-06-25 17:26 86 --a------ C:\ProgramData\Electronic Arts\EADM\cache\{ Anonymous }\OffLineContents.xml
2008-06-25 17:26 3096 --a------ C:\ProgramData\Electronic Arts\EADM\cache\Prefs.ead
2008-06-25 17:26 13097 --a------ C:\ProgramData\Electronic Arts\EADM\cache\logs\Core.html
2008-03-20 12:55 57382 -ra------ C:\ProgramData\Electronic Arts\EADM\cache\logs\LogReader.html


((((((((((((((((((((((((((((( snapshot@2008-06-26_22.33.34.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 02:26:15 2,048 --s-a-w C:\C\WINDOWS\bootstat.dat
+ 2008-06-27 19:53:51 2,048 --s-a-w C:\C\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\C\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\C\WINDOWS\system32\igfxtray.exe" [2007-04-27 19:12 155648]
"HotKeysCmds"="C:\C\WINDOWS\system32\hkcmd.exe" [2007-04-27 19:12 126976]
"HPDJ Taskbar Utility"="C:\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 15:07 188416]
"HPHmon04"="C:\C\WINDOWS\system32\hphmon04.exe" [2006-01-06 15:07 348160]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\C\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\C\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-21 04:30 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-05-16 18:16 2732032 C:\Program Files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-27 16:49 577536 C:\C\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 00:15 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-08 16:53 3640368 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
"C:\\C\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\C\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

S3 XDva120;XDva120;C:\C\WINDOWS\system32\XDva120.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-07-15 05:36:49 C:\C\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe)
"2008-03-01 06:00:06 C:\C\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-05-06 17:35:42 C:\C\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-06-25 22:00:02 C:\C\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-27 19:40:01 C:\C\WINDOWS\Tasks\User_Feed_Synchronization-{0BC480E0-8D52-42E9-991E-DE95FF4EB36B}.job"
- C:\C\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 15:54:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\C\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
.
**************************************************************************
.
Completion time: 2008-06-27 16:00:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 20:00:48
ComboFix2.txt 2008-06-27 02:33:56

Pre-Run: 21,032,546,304 bytes free
Post-Run: 21,022,195,712 bytes free

198 --- E O F --- 2008-06-21 22:42:45
ChupaPapa
Active Member
 
Posts: 4
Joined: June 24th, 2008, 6:17 pm
Top

Re: Comp infected with generic.dx

Unread postby dan12 » June 27th, 2008, 5:43 pm

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit



1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\C\WINDOWS\system32\iemgxfbu.dll
C:\C\WINDOWS\system32\fajbdkqd.exe
C:\C\WINDOWS\system32\vdwvohxf.dll
Driver::
 XDva120


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

Post above reports
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Comp infected with generic.dx

Unread postby ChupaPapa » June 28th, 2008, 1:27 am

Malwarebytes' Anti-Malware 1.18
Database version: 897

1:29:05 AM 6/28/2008
mbam-log-6-28-2008 (01-29-05).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 114039
Time elapsed: 43 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Christopher Benitez\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\C\WINDOWS\system32\byXOhIxU.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\C\WINDOWS\system32\iemgxfbu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\C\WINDOWS\system32\pkumthmw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\C\WINDOWS\system32\vdwvohxf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{41FCC3E4-D9F9-48F4-ADED-6D6578FD2164}\RP127\A0052219.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{41FCC3E4-D9F9-48F4-ADED-6D6578FD2164}\RP128\A0054325.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{41FCC3E4-D9F9-48F4-ADED-6D6578FD2164}\RP129\A0055396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{41FCC3E4-D9F9-48F4-ADED-6D6578FD2164}\RP129\A0055430.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{41FCC3E4-D9F9-48F4-ADED-6D6578FD2164}\RP129\A0056541.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{41FCC3E4-D9F9-48F4-ADED-6D6578FD2164}\RP129\A0056638.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{41FCC3E4-D9F9-48F4-ADED-6D6578FD2164}\RP129\A0056639.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\C\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


COMBO FIX
ComboFix 08-06-20.4 - Administrator 2008-06-28 0:14:05.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.624 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\My Documents\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\C\WINDOWS\system32\fajbdkqd.exe
C:\C\WINDOWS\system32\iemgxfbu.dll
C:\C\WINDOWS\system32\vdwvohxf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\C\WINDOWS\system32\fajbdkqd.exe
C:\C\WINDOWS\system32\iemgxfbu.dll
C:\C\WINDOWS\system32\vdwvohxf.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA120
-------\Service_XDva120


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-06-24 20:14 . 2008-06-24 20:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-06-24 18:14 . 2008-06-24 18:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 17:43 . 2008-06-24 17:43 <DIR> d-------- C:\Program Files\Unlocker
2008-06-24 17:43 . 2008-06-24 17:43 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\Desktopicon
2008-06-24 17:31 . 2008-06-24 17:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 22:17 . 2008-06-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-22 15:44 . 2008-06-22 15:44 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\SPORE Creature Creator
2008-06-22 15:37 . 2008-06-22 15:37 107,888 --a------ C:\C\WINDOWS\system32\CmdLineExt.dll
2008-06-22 13:56 . 2008-06-22 13:56 <DIR> d-------- C:\ProgramData
2008-06-22 13:56 . 2008-06-22 13:56 2,694 --a------ C:\C\WINDOWS\system32\ealregsnapshot1.reg
2008-06-22 13:52 . 2008-06-22 13:57 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-15 23:52 . 2008-06-15 23:52 0 --a------ C:\C\WINDOWS\PowerReg.dat
2008-06-15 23:48 . 2008-06-15 23:48 <DIR> d-------- C:\Program Files\Infogrames Interactive
2008-06-15 19:09 . 2008-06-15 19:09 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\Leadertech
2008-06-15 18:47 . 2008-06-15 18:47 <DIR> d-------- C:\Program Files\Atari
2008-06-13 14:49 . 2008-06-13 14:49 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-06-13 14:49 . 2008-06-13 14:53 <DIR> d-------- C:\Documents and Settings\Christopher Benitez\Application Data\MegauploadToolbar
2008-06-11 11:41 . 2008-06-13 09:10 272,128 --------- C:\C\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:41 . 2008-06-13 09:10 272,128 -----c--- C:\C\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 14:28 . 2008-06-03 14:28 <DIR> d-------- C:\Logs
2008-06-03 12:44 . 2008-06-10 18:12 <DIR> d-------- C:\Program Files\World of Warcraft
2008-06-02 15:16 . 2008-06-02 15:16 <DIR> d-------- C:\Nexon
2008-06-02 15:16 . 2008-06-02 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 14:51 --------- d-----w C:\Program Files\Rockstar Games
2008-06-14 15:08 --------- d-----w C:\Documents and Settings\Christopher Benitez\Application Data\LimeWire
2008-06-13 22:17 --------- d-----w C:\Program Files\EA GAMES
2008-06-03 18:28 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-27 23:44 --------- d-----w C:\Program Files\MAIET
2008-05-19 20:00 --------- d-----w C:\Program Files\Veoh Networks
2008-05-08 12:28 202,752 ----a-w C:\C\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 23:37 --------- d-----w C:\Program Files\City of Heroes
2008-05-06 22:38 --------- d-----w C:\Program Files\StepMania
2008-03-17 01:59 22,328 ----a-w C:\Documents and Settings\Christopher Benitez\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-26_22.33.34.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 02:26:15 2,048 --s-a-w C:\C\WINDOWS\bootstat.dat
+ 2008-06-28 04:19:48 2,048 --s-a-w C:\C\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\C\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\C\WINDOWS\system32\igfxtray.exe" [2007-04-27 19:12 155648]
"HotKeysCmds"="C:\C\WINDOWS\system32\hkcmd.exe" [2007-04-27 19:12 126976]
"HPDJ Taskbar Utility"="C:\C\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 15:07 188416]
"HPHmon04"="C:\C\WINDOWS\system32\hphmon04.exe" [2006-01-06 15:07 348160]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\C\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\C\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-21 04:30 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-05-16 18:16 2732032 C:\Program Files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-27 16:49 577536 C:\C\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 00:15 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-08 16:53 3640368 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
"C:\\C\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\C\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe


.
Contents of the 'Scheduled Tasks' folder
"2007-07-15 05:36:49 C:\C\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe)
"2008-03-01 06:00:06 C:\C\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-05-06 17:35:42 C:\C\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-06-25 22:00:02 C:\C\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-27 19:40:01 C:\C\WINDOWS\Tasks\User_Feed_Synchronization-{0BC480E0-8D52-42E9-991E-DE95FF4EB36B}.job"
- C:\C\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 00:20:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\C\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
.
**************************************************************************
.
Completion time: 2008-06-28 0:27:06 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-06-28 04:27:02
ComboFix2.txt 2008-06-27 20:00:53
ComboFix3.txt 2008-06-27 02:33:56

Pre-Run: 21,067,816,960 bytes free
Post-Run: 21,057,056,768 bytes free

174 --- E O F --- 2008-06-21 22:42:45
ChupaPapa
Active Member
 
Posts: 4
Joined: June 24th, 2008, 6:17 pm
Top

Re: Comp infected with generic.dx

Unread postby dan12 » June 28th, 2008, 1:47 am

Were looking a lot better, hope things are starting to improve for you!
Ok, I'd like to see an online scan now.


1 - Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Image

  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)

    Image

  • Copy and paste the report in your next post.
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Please post report and a further HJT log.
Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Top

Re: Comp infected with generic.dx

Unread postby NonSuch » July 2nd, 2008, 9:11 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 168 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index