Adware Win32/ Trojan Win32 - Page 2

Question

jholland1964 650 Posting Expert

12 Years Ago

I am not upset. I am only trying to make it clear to others who read this thread that we will not help remove malware from computers when persons refuse to Uninstall P2P programs. We know from experience that infections will happen again so we make it very plain that we might not assist those who refuse to remove it. We know without a doubt they will be back. If that person returns with another infection assistance will absolutely not be offered.

Edited 12 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

12 Years Ago

As I said, if we SEE the infections are related to P2P then no, we reserve the right to not assist. There are very few, if any, legal,"as needed" reasons to use P2P. But infections due to other reasons posters always be assisted with removals.
As for the Java updates, I have learned to NOT rely on that auto updater, frankly I have rarely seen it work correctly, as you have found too. I always check manually for the Java updates now and don't allow the auto updater to even run. Why have it run if it isn't going to work all the time?

One program you DO need to add if you do not all ready have it is this FREE program, SpywareBlaster from Javacool. It truly is a MUST have and I would never run a computer without it installed.
SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites.
There is a paid version of the program if you wish but the free one works just fine. Download, install, update and then click Enable All Protection and close the program. It DOES NOT run in the back ground, so therefore there is no risk of conflicts with other security programs but offers superb protection.
If you choose the free one be sure to manually check for program updates every couple weeks. If updates are available, download, install, click enable all and close the program.

Edited 12 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

12 Years Ago

Microsoft has absolutely nothing to do with Sunjava or it's updater. It is Oracle's problem not Microsoft. Microsoft automatic updates program only applies to the Microsoft software, things like the operating system, Office, MSE, etc., anything that is from Microsoft. Sunjava isn't from Microsoft it is from Oracle.It's up to the developers of other 3rd party programs that run ON the Microsoft system to make sure their programs run correctly not the other way around.

Other company software updaters generally run fairly well, Adobe, I use Avira anti-virus it updates exactly when I have told the Avira program to udate, there are many, many others. The problem with the Sunjava updater lies right with Oracle.
For heavens sake, don't turn off your MS auto updates it appears to be working fine. Of course you CAN always do a manual check to be sure but your logs looked to me like they were working.

Edited 12 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

12 Years Ago

You are so right about Adobe, drives you nuts!! Another thing to install is WOT. It is Web Of Trust. It goes right on the browser and is available for both Firefox and IE. Not intrusive at all, gives a warning if you are on an unsafe site. Pretty self expanatory but any questions and I will be happy to answer.

http://www.mywot.com/

https://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

arcybarrios 0 Beginner · Answer 1 · 2011-05-25T04:25:37+00:00

arcybarrios 0 Beginner

12 Years Ago

yup, does it automatically

arcybarrios 0 Beginner · Answer 2 · 2011-05-25T14:17:43+00:00

=/

Malwarebytes found another one:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6667

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2011 9:14:48 AM
mbam-log-2011-05-25 (09-14-48).txt

Scan type: Full scan (C:\|)
Objects scanned: 212694
Time elapsed: 1 hour(s), 23 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 3 · 2011-05-25T23:55:41+00:00

Well I hate to tell you this but because so much time was taken between steps it is very possible that the computer has been reinfected. If the computer was truly clean both the MSE scan and the MBA-M scan should have come back 100% clean and clearly they did not.
I would like you to Start Over again with the steps given in our Read Me First Sticky.
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

you absolutely, positively must stick with this in a timely manner because as of today this thread is 23 days old and over 4 pages long. If you had stayed with this from the beginning the computer would be clean by now.

Before you begin the steps given in the Read Me Sticky you need to remove combofix from your machine using these steps;

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

Also remove the TDSSKiller application and then proceed with the Read Me Sticky steps and please post back with all the requested logs.

arcybarrios 0 Beginner · Answer 4 · 2011-05-26T03:42:52+00:00

I am on step 8.

I have attached the two files from GMER. However the Microsoft Malitious software found 0 files infected but does not give me the option to get a log, just gave me a list.

I appreciate your patience. I know this has taken long due to my absence.

Edit:
They didn't attach... Now problem, the GMER One is blank =/ I clicked save =(

Here's the log of the second one:
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-25 22:03:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160310AS rev.0303
Running: 9zfrd9h0.exe; Driver: C:\DOCUME~1\Aracely\LOCALS~1\Temp\awtdypod.sys

---- Devices - GMER 1.0.15 ----

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A6BA7D20

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 15038
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.2.1 212.219.59.200 128.86.163.243 128.86.163.242
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpDomain Belkin
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55D5E6D2-D2ED-4B89-829E-B9B6D82BFE7C}@DhcpRetryTime 274
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55D5E6D2-D2ED-4B89-829E-B9B6D82BFE7C}@DhcpRetryStatus 0

---- EOF - GMER 1.0.15 ----

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 5 · 2011-05-26T04:13:02+00:00

Please follow the instructions given in our Read Me Sticky concerning the posting of logs:
When you post your request for assistance, please be sure to submit (Copy & Paste, not as an attachment unless requested) these requested scanlogs:

• MalwareBytes’ Anti-Malware log
• GMER One.log and GMER Two.log
• BOTH DDS ScanLogs (DDS.txt & Attach.txt)
We want NO logs attached. All must be Copy/Pasted. We will not open attached logs so if you want us to read them then you will Copy/Paste ALL logs.

arcybarrios 0 Beginner · Answer 6 · 2011-05-26T04:20:54+00:00

GMER One log
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-25 23:28:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160310AS rev.0303
Running: 9zfrd9h0.exe; Driver: C:\DOCUME~1\Aracely\LOCALS~1\Temp\awtdypod.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Here's the log for Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6667

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2011 11:17:35 PM
mbam-log-2011-05-25 (23-17-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 208894
Time elapsed: 1 hour(s), 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

arcybarrios 0 Beginner · Answer 7 · 2011-05-26T04:25:26+00:00

Here is the DDS log

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Aracely at 23:23:27 on 2011-05-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.245 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Aracely\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\aracely\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281984969484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281984958906
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\aracely\application data\mozilla\firefox\profiles\aababwwj.aracely\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/en/
FF - plugin: c:\documents and settings\aracely\application data\move networks\plugins\071803000001\npqmp071803000001.dll
FF - plugin: c:\documents and settings\aracely\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\aracely\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl5bf55062;MpKsl5bf55062;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{649de7f0-d639-40b4-be13-960972242597}\MpKsl5bf55062.sys [2011-5-25 28752]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-11-6 13312]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-8-30 625024]
S1 MpKsl4628b8ea;MpKsl4628b8ea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fc57b6ac-0ef0-402b-8f6a-cff93dc7ac8f}\mpksl4628b8ea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fc57b6ac-0ef0-402b-8f6a-cff93dc7ac8f}\MpKsl4628b8ea.sys [?]
S1 MpKsl78aeb2a2;MpKsl78aeb2a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9d8c2b7-e6f7-450c-a688-555d841b2ab7}\mpksl78aeb2a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a9d8c2b7-e6f7-450c-a688-555d841b2ab7}\MpKsl78aeb2a2.sys [?]
S1 MpKslfc7af6e2;MpKslfc7af6e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6f54a704-2db3-4101-9861-a241beeb733a}\mpkslfc7af6e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6f54a704-2db3-4101-9861-a241beeb733a}\MpKslfc7af6e2.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\aracely\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\aracely\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-5 36608]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-11-10 24576]
.
=============== Created Last 30 ================
.
2011-05-25 18:28:13 -------- d-s---w- C:\ComboFix
2011-05-25 08:21:44 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{649de7f0-d639-40b4-be13-960972242597}\MpKsl5bf55062.sys
2011-05-24 14:30:24 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{649de7f0-d639-40b4-be13-960972242597}\mpengine.dll
2011-05-24 14:28:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-24 14:23:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-13 14:56:43 -------- dc----w- c:\documents and settings\aracely\application data\f-secure
2011-05-13 14:54:19 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2011-05-02 21:41:33 -------- d-sha-r- C:\cmdcons
2011-05-01 16:20:05 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 16:19:57 20952 ------w- c:\windows\system32\drivers\mbam.sys
2011-05-01 16:19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-30 19:13:59 -------- d-----w- c:\program files\common files\BitDefender
2011-04-30 18:47:26 519333 ------w- c:\documents and settings\all users\application data\bdinstall.bin
2011-04-29 22:49:41 -------- dc----w- c:\documents and settings\aracely\application data\AVG10
2011-04-29 22:44:39 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-04-29 22:38:47 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-04-29 22:36:39 -------- d-----w- c:\program files\AVG
2011-04-29 22:24:59 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2011-04-06 15:20:16 91424 ------w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 75040 ------w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20:16 197920 ------w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ------w- c:\windows\system32\dns-sd.exe
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2008-05-07 23:34:00 15523560 ------w- c:\program files\Install AiGuruU1 Skype Phone.exe
.
============= FINISH: 23:24:31.90 ===============

arcybarrios 0 Beginner · Answer 8 · 2011-05-26T04:25:57+00:00

And here is the Attach.txt log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/16/2010 6:07:33 PM
System Uptime: 5/25/2011 12:14:47 PM (11 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1000H
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1324/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 80 GiB total, 59.92 GiB free.
D: is FIXED (NTFS) - 61 GiB total, 37.526 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_83241043&REV_B0\4&23C6FC68&0&00E1
Manufacturer: Atheros
Name: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_83241043&REV_B0\4&23C6FC68&0&00E1
Service: L1e
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&1&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&1&1000000020000
Service: BTWDNDIS
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.65
Adabas D 13.01.00
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Azurewave Wireless LAN
Bonjour
Dropbox
Eee Instant Key
ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
GoldWave v5.57
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HTC Driver Installer
HTC Sync
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 3
KeePass Password Safe 2.13
Malwarebytes' Anti-Malware
Messenger Plus! 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Move Media Player
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
Octoshape add-in for Adobe Flash Player
PdaNet for Android 3.00
Portforward Static IP Address 1.0.45
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 5.1
Super Hybrid Engine
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VSO Image Resizer 4.0.0.53
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Backup Utility
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
5/25/2011 7:49:52 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/23/2011 2:22:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
.
==== End Of File ===========================

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 9 · 2011-05-26T05:16:11+00:00

One thing I see is uTorrent. This is a P2P program, probably the easiest way to get a severe infection such as the one that you had on this system. Keep doing this and you WILL infect the system again. Notice I say WILL, not maybe, not possibly but WILL. This does not even address the illegality of doing this. I don't know your location but at least in the U.S. downloading programs which are supposed to be paid for but getting them via P2P IS Illegal, and they CAN be traced to your machine if those holding the copyright choose to do so and you CAN be prosecuted and lose your right to go online. Your ISP does have that right to cancel the service if this type of activity is traced back to their company and then on to your machine.

Your Java is way out of date and needs to be updated, this also puts your machine at risk.
You need to Uninstall all old versions of Java listed in Add/Remove and download the latest version from here:
http://www.java.com/en/download/index.jsp

arcybarrios 0 Beginner · Answer 10 · 2011-05-26T06:43:12+00:00

I seem to be getting more viruses from day to day websites than from a dormant program that has been sitting there for months without being used. But thanks for the slap in the wrist =)

Aside from updating Java, all looks good now?

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 11 · 2011-05-26T06:51:03+00:00

Hey I call it as I see it. The infection found by MSE was the result of the out of date Java.
Anything installed on the computer from previously used P2P can result in infections being brought into the computer if it is opened at a much later date.This is how many of these are set up to work.
Believe me or not, as the read me sticky states, "P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt", since you doubt this then I guess this is complete.

arcybarrios 0 Beginner · Answer 12 · 2011-05-26T07:03:35+00:00

No need to get upset, I do appreciate your help and understand risks of using P2P programs. In this case, I have not used uTorrent since 8/2010. My computer was infected 24 days ago as you pointed out... just doing the math

Java has been uninstalled and reinstalled.

arcybarrios 0 Beginner · Answer 13 · 2011-05-27T22:28:53+00:00

What you say is true, there is a lot of irresponsibility when using P2P programs. I have mine for an "as needed basis" and as I mentioned, I rarely use it.

The past three incidents of viruses I have caught have been from day to day browsing search which is pretty irritating given the fact that I do try and be very careful. I am surprised the Java was outdated as I have my updates turned on and run every week I think.

I hope that this doesn't hinder my opportunities to get further help in the future.

Again, you have been very patient and I really do appreciate your help.

arcybarrios 0 Beginner · Answer 14 · 2011-05-28T01:29:28+00:00

Had never heard of that program!! I will definitely install it.

You are absolutely right about the automatic updates. I had not realized until now that if it isn't running properly and in fact the virus I caught was due to an outdated java I shouldn't run it at all and just check manually for the key softwares... Interesting that microsoft has not caught on to that

arcybarrios 0 Beginner · Answer 15 · 2011-05-28T03:46:47+00:00

Well I have certainly learned many things this evening! I thought Java would be automatically updated with MS automatic updates!!!

Adobe I know for a fact are always on top of things as it constantly nags me to update lol.

I have installed spyware blaster =)