dusktilldawnll

Infected?

11 posts in this topic

Hello. I am playing computer repairman on my Mother In Law's laptop. I believe it is infected. Tried to run Malware. Runs for about 5-10 seconds, then program shuts down. I downloaded the dds program. Here is the txt for DDS and ATTACH (I am very inexperienced at repairing infected computers, so I apologize in advance for my inexperience....)

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by Owner at 23:48:45 on 2011-11-13

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2488 [GMT -5:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\995229625:1174449860.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\WINDOWS\system32\svchost.exe"

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Windows Internet Explorer provided by Yahoo!

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uInternet Settings,ProxyOverride = *.local

uWinlogon: Shell=c:\documents and settings\owner\local settings\application data\b9ff513b\X

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [smileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe"

mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.07/uploader2.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219415860750

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Owner/Application%20Data/Smilebox/OzDesktopImporter.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-8-22 48472]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-8-22 43480]

S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]

S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]

S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]

S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]

S2 HPFECP16;HPFECP16;c:\windows\system32\drivers\HPFecp16.sys [1998-7-1 52800]

S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-2 105592]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111017.003\naveng.sys [2011-10-18 86136]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111017.003\navex15.sys [2011-10-18 1576312]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]

.

=============== Created Last 30 ================

.

2011-11-14 01:25:46 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2011-11-14 01:25:46 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-10-18 18:52:19 -------- d-sh--w- c:\documents and settings\owner\local settings\application data\b9ff513b

.

==================== Find3M ====================

.

2011-11-14 04:23:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2003-03-31 12:00:00 94784 --sh--w- c:\windows\twain.dll

2004-08-04 05:56:48 50688 --sh--w- c:\windows\twain_32.dll

2004-08-04 05:56:44 1028096 --sh--w- c:\windows\system32\mfc42.dll

2004-08-04 05:56:44 54784 --sh--w- c:\windows\system32\msvcirt.dll

2004-08-04 05:56:44 413696 --sh--w- c:\windows\system32\msvcp60.dll

2004-08-04 05:56:44 343040 --sh--w- c:\windows\system32\msvcrt.dll

2007-12-04 18:38:13 550912 --sh--w- c:\windows\system32\oleaut32.dll

2004-08-04 05:56:46 83456 --sh--w- c:\windows\system32\olepro32.dll

2004-08-04 05:56:56 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

============= FINISH: 23:49:40.25 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/22/2008 7:13:32 AM

System Uptime: 11/13/2011 11:19:07 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0M277C

Processor: Intel® Core2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1994/800mhz

Processor: Intel® Core2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1994/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 107.159 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Parallel Device

Device ID: ROOT\LEGACY_HPFECP16\0000

Manufacturer:

Name: Parallel Device

PNP Device ID: ROOT\LEGACY_HPFECP16\0000

Service: HPFECP16

.

==== System Restore Points ===================

.

RP874: 8/8/2011 4:19:14 AM - System Checkpoint

RP875: 8/9/2011 5:19:14 AM - System Checkpoint

RP876: 8/10/2011 3:00:15 AM - Software Distribution Service 3.0

RP877: 8/11/2011 3:19:14 AM - System Checkpoint

RP878: 8/12/2011 4:19:15 AM - System Checkpoint

RP879: 8/13/2011 5:19:14 AM - System Checkpoint

RP880: 8/14/2011 6:19:14 AM - System Checkpoint

RP881: 8/15/2011 7:19:14 AM - System Checkpoint

RP882: 8/16/2011 8:19:16 AM - System Checkpoint

RP883: 8/17/2011 9:19:17 AM - System Checkpoint

RP884: 8/18/2011 10:19:15 AM - System Checkpoint

RP885: 8/19/2011 11:19:17 AM - System Checkpoint

RP886: 8/20/2011 12:19:24 PM - System Checkpoint

RP887: 8/21/2011 1:19:14 PM - System Checkpoint

RP888: 8/22/2011 2:19:17 PM - System Checkpoint

RP889: 8/23/2011 3:19:14 PM - System Checkpoint

RP890: 8/24/2011 4:19:17 PM - System Checkpoint

RP891: 8/25/2011 5:46:13 PM - System Checkpoint

RP892: 8/26/2011 6:19:14 PM - System Checkpoint

RP893: 8/27/2011 7:19:14 PM - System Checkpoint

RP894: 8/28/2011 8:19:14 PM - System Checkpoint

RP895: 8/29/2011 9:19:17 PM - System Checkpoint

RP896: 8/30/2011 10:19:14 PM - System Checkpoint

RP897: 8/31/2011 11:19:14 PM - System Checkpoint

RP898: 9/2/2011 12:19:17 AM - System Checkpoint

RP899: 9/3/2011 6:05:17 PM - System Checkpoint

RP900: 9/4/2011 6:29:45 PM - System Checkpoint

RP901: 9/5/2011 7:29:45 PM - System Checkpoint

RP902: 9/6/2011 8:41:10 PM - System Checkpoint

RP903: 9/7/2011 11:20:30 PM - System Checkpoint

RP904: 9/8/2011 11:29:45 PM - System Checkpoint

RP905: 9/10/2011 11:17:01 AM - System Checkpoint

RP906: 9/11/2011 11:54:36 AM - System Checkpoint

RP907: 9/15/2011 2:40:41 PM - System Checkpoint

RP908: 9/16/2011 3:00:15 AM - Software Distribution Service 3.0

RP909: 9/17/2011 3:45:18 AM - System Checkpoint

RP910: 9/18/2011 4:45:18 AM - System Checkpoint

RP911: 9/19/2011 5:45:18 AM - System Checkpoint

RP912: 9/20/2011 6:45:18 AM - System Checkpoint

RP913: 9/20/2011 2:59:09 PM - Installed Windows Internet Explorer 8.

RP914: 9/20/2011 3:00:40 PM - Software Distribution Service 3.0

RP915: 9/21/2011 3:00:15 AM - Software Distribution Service 3.0

RP916: 9/22/2011 3:22:20 AM - System Checkpoint

RP917: 9/23/2011 4:22:19 AM - System Checkpoint

RP918: 9/24/2011 5:22:19 AM - System Checkpoint

RP919: 9/25/2011 6:22:19 AM - System Checkpoint

RP920: 9/26/2011 7:22:20 AM - System Checkpoint

RP921: 9/27/2011 8:22:20 AM - System Checkpoint

RP922: 9/28/2011 9:22:22 AM - System Checkpoint

RP923: 9/29/2011 3:00:14 AM - Software Distribution Service 3.0

RP924: 9/30/2011 3:22:19 AM - System Checkpoint

RP925: 10/1/2011 4:22:19 AM - System Checkpoint

RP926: 10/2/2011 5:22:20 AM - System Checkpoint

RP927: 10/3/2011 10:11:21 AM - System Checkpoint

RP928: 10/11/2011 10:13:43 AM - System Checkpoint

RP929: 10/12/2011 10:33:07 AM - System Checkpoint

RP930: 10/13/2011 3:00:14 AM - Software Distribution Service 3.0

RP931: 10/14/2011 3:24:06 AM - System Checkpoint

RP932: 10/15/2011 4:24:05 AM - System Checkpoint

RP933: 10/16/2011 5:23:01 AM - System Checkpoint

RP934: 10/17/2011 6:18:52 AM - System Checkpoint

RP935: 10/18/2011 7:18:54 AM - System Checkpoint

RP936: 10/19/2011 7:32:34 AM - System Checkpoint

RP937: 10/20/2011 8:18:03 AM - System Checkpoint

RP938: 10/21/2011 9:18:03 AM - System Checkpoint

RP939: 10/28/2011 10:05:32 AM - System Checkpoint

RP940: 11/1/2011 12:16:28 PM - System Checkpoint

RP941: 11/5/2011 6:44:31 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Reader 7.0.8

Adobe Shockwave Player 11.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATT-PRT22

Babysitter

Bonjour

Canon Camera Access Library

Canon DIGITAL CAMERA Solution Disk Software Guide

CANON iMAGE GATEWAY MyCamera Download Plugin

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Personal Printing Guide

Canon PowerShot SX30 IS Camera User Guide

Canon Utilities CameraWindow DC 8

Canon Utilities CameraWindow Launcher

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CCleaner (remove only)

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

Dell Touchpad

Dell Wireless WLAN Card

Disney Princess Royal Horse Show

Easy-Link internet launch pad

Fashion Craze

Google Toolbar for Internet Explorer

Google Update Helper

Happy Tails Animal Shelter

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB896344)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB935448)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP DeskJet 690C Series (Remove only)

HP Photo Printing Software

hp psc 700 series

HP Share-to-Web

Intel® Graphics Media Accelerator Driver

iTunes

J2SE Runtime Environment 5.0 Update 11

JumpStart Advanced Language Club

JumpStart Animal Field Trip

KODAK EASYSHARE Gallery Upload ActiveX Control

LiveUpdate 3.0 (Symantec Corporation)

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft English TTS Engine

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft Streets & Trips 2007 with GPS Locator

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

MobileMe Control Panel

MSN

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

O2Micro Flash Memory Card Reader Driver (x86)

PowerDVD

Publix Preschool Pals

Putt Putt Saves the Zoo

QuickTime

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Roxio Easy Media Creator

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981349)

Sesame Street - Let's Go To Preschool

Smilebox

Spybot - Search & Destroy

Supermarket Mania

Symantec AntiVirus

Synaptics Pointing Device Driver

TTS Wrapper

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB925876)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB943729)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WeatherBug

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows Presentation Foundation

Windows Search 4.0

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Wireless USB Card

XML Paper Specification Shared Components Pack 1.0

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

11/13/2011 9:13:20 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}

11/13/2011 9:13:20 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service YahooAUService with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}

11/13/2011 8:41:01 PM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the file specified.

11/13/2011 8:41:01 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The system cannot find the file specified.

11/13/2011 8:41:01 PM, error: Service Control Manager [7000] - The Dell Wireless WLAN Tray Service service failed to start due to the following error: The system cannot find the file specified.

11/13/2011 8:40:58 PM, error: NIC1394 [5002] - 1394 Net Adapter : Has determined that the adapter is not functioning properly.

11/13/2011 8:38:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SAVRT SAVRTPEL SYMTDI

11/13/2011 8:28:21 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/13/2011 11:19:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

Thanks in advance for your help.

Chris

Share this post


Link to post
Share on other sites

Hello Chris! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please follow the instructions here to run ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#use

When you are ready, please post the log.txt in your next reply.

Share this post


Link to post
Share on other sites

Hello Maniac. Thanks a lot for your help in this matter. See log report:

ComboFix 11-11-14.03 - Owner 11/14/2011 22:05:38.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2401 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\U

c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\U\80000000.@

c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\U\800000cb.@

c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\U\800000cf.@

c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\X

c:\documents and settings\Owner\My Documents\icwx25a.dun

c:\program files\Common Files\System\Uninstall

c:\windows\$NtUninstallKB5947$

c:\windows\$NtUninstallKB5947$\1373067589

c:\windows\$NtUninstallKB5947$\3120517435\@

c:\windows\$NtUninstallKB5947$\3120517435\L\omwfxmij

c:\windows\$NtUninstallKB5947$\3120517435\loader.tlb

c:\windows\$NtUninstallKB5947$\3120517435\U\@00000001

c:\windows\$NtUninstallKB5947$\3120517435\U\@000000c0

c:\windows\$NtUninstallKB5947$\3120517435\U\@000000cb

c:\windows\$NtUninstallKB5947$\3120517435\U\@000000cf

c:\windows\$NtUninstallKB5947$\3120517435\U\@80000000

c:\windows\$NtUninstallKB5947$\3120517435\U\@800000c0

c:\windows\$NtUninstallKB5947$\3120517435\U\@800000cb

c:\windows\$NtUninstallKB5947$\3120517435\U\@800000cf

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\995229625

c:\windows\system32\

c:\windows\system32\c_75746.nls

.

Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected

Restored copy from - The cat found it :)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_b9ff513b

.

.

((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))

.

.

2011-11-15 02:58 . 2010-02-24 13:11 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-11-14 23:16 . 2011-11-14 23:17 -------- d-----w- C:\a8532bab8cd41525a9

2011-11-14 01:58 . 2011-11-14 01:58 -------- d-----w- c:\documents and settings\Administrator

2011-11-14 01:25 . 2004-08-04 04:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2011-11-14 01:25 . 2004-08-04 04:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-11-01 16:45 . 2011-11-01 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2011-11-01 16:45 . 2011-11-01 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-10-18 18:52 . 2011-11-15 03:15 -------- d-sh--w- c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-14 04:23 . 2011-06-26 16:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-31 22:00 . 2011-06-26 16:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2003-03-31 12:00 94784 --sh--w- c:\windows\twain.dll

2004-08-04 05:56 50688 --sh--w- c:\windows\twain_32.dll

2004-08-04 05:56 1028096 --sh--w- c:\windows\system32\mfc42.dll

2004-08-04 05:56 54784 --sh--w- c:\windows\system32\msvcirt.dll

2004-08-04 05:56 413696 --sh--w- c:\windows\system32\msvcp60.dll

2004-08-04 05:56 343040 --sh--w- c:\windows\system32\msvcrt.dll

2007-12-04 18:38 550912 --sh--w- c:\windows\system32\oleaut32.dll

2004-08-04 05:56 83456 --sh--w- c:\windows\system32\olepro32.dll

2004-08-04 05:56 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2011-09-29 313160]

"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]

"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-01-17 109304]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]

"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-03-16 487424]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 22:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-12-14 15:44 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2007-10-09 23:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 05:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-01-09 21:01 166424 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-01-09 21:02 141848 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-01-09 21:02 137752 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-11-06 14:50 16855552 ----a-w- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-06-27 15:38 888832 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=

"c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\Smilebox\\SmileboxTray.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

.

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/2/2011 7:02 AM 105592]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [8/22/2008 8:21 AM 48472]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [8/22/2008 8:21 AM 43480]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 11:47 AM 135664]

S2 HPFECP16;HPFECP16;c:\windows\system32\drivers\HPFecp16.sys [7/1/1998 1:55 AM 52800]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 11:47 AM 135664]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 5:34 AM 115952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:52]

.

2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://forums.malwarebytes.org/

mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75

DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Owner/Application%20Data/Smilebox/OzDesktopImporter.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-14 22:20

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\system32\wbem\Performance\WmiApRpl_new.h 738 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3216)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Java\jre1.5.0_11\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2011-11-14 22:28:06 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-15 03:27

.

Pre-Run: 117,370,208,256 bytes free

Post-Run: 117,655,482,368 bytes free

.

- - End Of File - - 9FC950952518B1C34E1383F894441881

Thanks again,

Chris

Share this post


Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Share this post


Link to post
Share on other sites

Here is latest log:

ComboFix 11-11-15.06 - Owner 11/15/2011 19:25:11.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2171 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b

c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\@

c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\loader.tlb

.

.

((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))

.

.

2011-11-15 04:17 . 2011-11-15 04:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search

2011-11-15 02:58 . 2010-02-24 13:11 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-11-14 23:16 . 2011-11-14 23:17 -------- d-----w- C:\a8532bab8cd41525a9

2011-11-14 01:58 . 2011-11-14 01:58 -------- d-----w- c:\documents and settings\Administrator

2011-11-14 01:25 . 2004-08-04 04:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2011-11-14 01:25 . 2004-08-04 04:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-11-01 16:45 . 2011-11-01 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2011-11-01 16:45 . 2011-11-01 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-14 04:23 . 2011-06-26 16:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-31 22:00 . 2011-06-26 16:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2003-03-31 12:00 94784 --sh--w- c:\windows\twain.dll

2004-08-04 05:56 50688 --sh--w- c:\windows\twain_32.dll

2004-08-04 05:56 1028096 --sh--w- c:\windows\system32\mfc42.dll

2004-08-04 05:56 54784 --sh--w- c:\windows\system32\msvcirt.dll

2004-08-04 05:56 413696 --sh--w- c:\windows\system32\msvcp60.dll

2007-12-04 18:38 550912 --sh--w- c:\windows\system32\oleaut32.dll

2004-08-04 05:56 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-15_03.20.38 )))))))))))))))))))))))))))))))))))))))))

.

- 2003-03-31 12:00 . 2011-11-15 03:24 79360 c:\windows\system32\perfc009.dat

+ 2003-03-31 12:00 . 2011-11-15 04:20 79360 c:\windows\system32\perfc009.dat

+ 2003-03-31 12:00 . 2011-11-15 04:20 465640 c:\windows\system32\perfh009.dat

- 2003-03-31 12:00 . 2011-11-15 03:24 465640 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2011-09-29 313160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]

"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-01-17 109304]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]

"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-03-16 487424]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 22:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-12-14 15:44 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2007-10-09 23:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 05:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-01-09 21:01 166424 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-01-09 21:02 141848 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-01-09 21:02 137752 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-11-06 14:50 16855552 ----a-w- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-06-27 15:38 888832 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=

"c:\\WINDOWS\\system32\\WgaTray.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\Smilebox\\SmileboxTray.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

.

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/2/2011 7:02 AM 105592]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [8/22/2008 8:21 AM 48472]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [8/22/2008 8:21 AM 43480]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 11:47 AM 135664]

S2 HPFECP16;HPFECP16;c:\windows\system32\drivers\HPFecp16.sys [7/1/1998 1:55 AM 52800]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 11:47 AM 135664]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 5:34 AM 115952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:52]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/

mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75

DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Owner/Application%20Data/Smilebox/OzDesktopImporter.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-15 19:34

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-11-15 19:36:15

ComboFix-quarantined-files.txt 2011-11-16 00:36

ComboFix2.txt 2011-11-15 03:41

ComboFix3.txt 2011-11-15 03:28

.

Pre-Run: 118,011,412,480 bytes free

Post-Run: 118,020,845,568 bytes free

.

- - End Of File - - 6117F3E29821B8931525807EE092CF1F

Speed is 100% faster. Computer seems to be running great...

Thanks again for your help.

Chris

Share this post


Link to post
Share on other sites

Glad to hear that, Chris!

Let's make some additional scans:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Next:

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Share this post


Link to post
Share on other sites

ESET log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a4ba5b3ed8b3fc4a9f21f6941998aa9c

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-17 02:39:29

# local_time=2011-11-16 09:39:29 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=81572

# found=30

# cleaned=30

# scan_time=3848

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\b9ff513b\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\b9ff513b\U\800000cb.@.vir a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\b9ff513b\U\800000cf.@.vir probably a variant of Win32/Kryptik.JDI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP938\A0075048.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP938\A0075059.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP938\A0075069.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP938\A0075079.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP939\A0076079.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP940\A0076358.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076370.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076381.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076385.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076389.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076398.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076402.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077402.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077406.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077414.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077418.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077422.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077427.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077435.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077439.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077452.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077513.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077540.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077564.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP942\A0078564.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP942\A0078672.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

MALWARE:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8178

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

11/16/2011 8:23:46 PM

mbam-log-2011-11-16 (20-23-46).txt

Scan type: Quick scan

Objects scanned: 191011

Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thanks,

Chris

Share this post


Link to post
Share on other sites

I have good news for you => You're system is clean! :)

Here are some tips to prevent future malware problems:

You need to ensure that you have the latest versions of: Adobe Reader and Java. Before you download and install the latest versions is important to uninstall them, so for this purpose: Click Start => Control Panel => Add or Remove Programs highlight them and click on Remove button. Next, click on each of the programs to download it:

Slowly and carefully install applications and then restart your computer.

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

At this stage, you don't need the online scanner, so:

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Please manually delete DDS.

Some quick tips:

  1. Firewall - Your Windows OS has a built-in firewall, but it is weak and in no way good for the current requirements for optimal security, so I recommend you choose a suitable firewall on my advice below. A firewall will protect you from attacks coming from the global network. Without a firewall your computer is susceptible to being hacked and taken over. Here some good free firewall solutions:

[*]Alternative browser - Due to the large market share of Internet Explorer, it is a top target of the writers of malware, so we recommend using an alternative browser. There are many better alternatives to Internet Explorer regarding security, features and speed such as:

[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.

Safe surfing! ;)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.