Feb

14

Malware disabled windows xp startup process

Filed Under Virus | 

Hi

I have Dell XPS M140 laptop and recently had a malware/spyware attack which disabled the XP startup process. I tried running Norton and few other virus and spywares , but it is getting disabled. Below is the DDS log, can someone please help to fix this issue? Thanks in advance.

DDS (Ver_09-01-18.01) - NTFSx86 MINIMAL

Run by X at 13:52:39.43 on Sun 01/18/2009

Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: {1bc4466b-a618-4f09-9efc-70c9df39020f} - c:\windows\system32\geBtRljg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.1.0.33\IPSBHO.DLL

BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfCuRkk.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [prunnet] "c:\windows\system32\prunnet.exe"

uRun: [gadcom] "c:\documents and settings\dushmanthi\application data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [prunnet] "c:\windows\system32\prunnet.exe"

mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe"

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRunOnce: [ashMaiSv] c:\progra~1\alwils~1\avast4\ashMaiSv.exe /i

dPolicies-system: DisableRegistryTools = 1 (0×1)

IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

Notify: khfCuRkk - khfCuRkk.dll

AppInit_DLLs: ewrluo.dll ftmiss.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfCuRkk.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\geBtRljg

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-01-16 15:00 <DIR> –d—– c:\program files\XoftSpySE

2008-12-21 17:27 <DIR> –d—– c:\program files\a-squared Anti-Malware

2008-12-21 16:33 61,440 a——- c:\windows\system32\~.exe

2008-12-20 21:21 35,888 a—-r– c:\windows\system32\drivers\SymIM.sys

2008-12-20 21:21 124,464 a——- c:\windows\system32\drivers\SYMEVENT.SYS

2008-12-20 21:21 60,808 a——- c:\windows\system32\S32EVNT1.DLL

2008-12-20 21:21 10,635 a——- c:\windows\system32\drivers\SYMEVENT.CAT

2008-12-20 21:21 806 a——- c:\windows\system32\drivers\SYMEVENT.INF

2008-12-20 21:21 <DIR> –d—– c:\program files\Symantec

2008-12-20 21:20 <DIR> –d—– c:\windows\system32\drivers\NAV

2008-12-20 21:20 <DIR> –d—– c:\program files\Norton AntiVirus

2008-12-20 21:20 <DIR> –d—– c:\docume~1\alluse~1\applic~1\Norton

2008-12-20 21:20 <DIR> –d—– c:\program files\NortonInstaller

2008-12-20 21:20 <DIR> –d—– c:\docume~1\alluse~1\applic~1\NortonInstaller

2008-12-20 19:18 1,661,209 —sh— c:\windows\system32\wbeijlwv.ini

2008-12-20 19:18 93,696 a——- c:\windows\system32\vwljiebw.dll

2008-12-20 19:16 135,168 a——- c:\windows\system32\ftmiss.dll

2008-12-20 19:16 135,168 a——- c:\windows\system32\retxxgeg.dll

2008-12-20 19:12 <DIR> –d—– c:\temp\REX81

2008-12-20 19:11 57,856 a——- c:\windows\system32\xxyxWNHw.dll

2008-12-20 19:11 135,168 a——- c:\windows\system32\ewrluo.dll

2008-12-20 19:11 135,168 a——- c:\windows\system32\fcywvyxe.dll

2008-12-20 19:09 11,990 a–sh— c:\windows\system32\gjlRtBeg.ini2

2008-12-20 19:09 11,990 a–sh— c:\windows\system32\gjlRtBeg.ini

2008-12-20 19:09 286,208 a——- c:\windows\system32\geBtRljg.dll

2008-12-20 19:05 57,856 a——- c:\windows\system32\awttutQg.dll

2008-12-20 19:04 <DIR> –d—– c:\docume~1\dushma~1\applic~1\gadcom

2008-12-20 19:04 45,056 a——- c:\windows\system32\hgGASifG.dll

2008-12-20 19:04 57,856 a——- c:\windows\system32\ljJAQIXq.dll

2008-12-20 19:04 57,856 a——- c:\windows\system32\khfCuRkk.dll

2008-12-20 19:03 70,656 a——- c:\windows\system32\prunnet.exe

==================== Find3M ====================

2008-12-13 01:40 3,593,216 ——– c:\windows\system32\dllcache\mshtml.dll

2008-12-06 18:52 6,788 a–sh— c:\windows\system32\KGyGaAvL.sys

2008-11-17 15:04 2,306,113 a——- c:\windows\system32\GPhotos.scr

2008-10-24 06:21 455,296 ——– c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 07:36 286,720 a——- c:\windows\system32\gdi32.dll

2008-10-23 07:36 286,720 ——– c:\windows\system32\dllcache\gdi32.dll

2008-06-07 14:08 269 a——- c:\program files\common files\ladu

2008-06-07 13:05 269 a——- c:\program files\common files\ladu915

2007-07-24 17:37 56,912 a——- c:\documents and settings\dushmanthi\g2mdlhlpx.exe

2006-08-11 10:11 56 —shr– c:\windows\system32\135A9A902A.sys

2008-09-21 16:33 0 a–sh— c:\windows\system32\ninukoso.dll

2008-09-21 16:33 0 a–sh— c:\windows\system32\segorado.dll

2008-09-21 16:33 0 a–sh— c:\windows\system32\zojetiru.dll

2008-09-03 21:03 32,768 a–sh— c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 13:56:02.48 ===============

==== Installed Programs ======================

a-squared Anti-Malware 4.0

ABC (remove only)

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Media Player

Adobe Reader 8.1.2

Advertisement Service

altcompare

Anti-Trojan Shield 2

AOLIcon

avast! Antivirus

Broadcom Management Programs

Conexant HDA D110 MDC V.92 Modem

Corel Paint Shop Pro X

Corel Photo Album 6

CueCard (remove only)

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Game Console

Dell Support Center (Support Software)

DellSupport

Digital Line Detect

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

EarthLink setup files

ELIcon

ESPNMotion

FastStone Photo Resizer 2.6

GemMaster Mystic

Get High Speed Internet!

Glary Utilities 2.5.3

Google Earth

Google Toolbar for Internet Explorer

Google Updater

High Definition Audio Driver Package - KB835221

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB952287)

HTML Executable IERuntime

Welcome to linabbs njgirl :)

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows
Double click ComboFix.exe and follow the prompts.
It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

Related Posts:

written by lina \\ tags: , , , , , , , , , , , , , , , , , , , , , , , ,

Comments

Leave a Reply

You must be logged in to post a comment.