Jump to content

DJ_I_AM

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by DJ_I_AM

  1. Sorry buddy Thanks for the help but the person was in direr need of this net book back and settled for a wipe out and clean install of her os which went well .. thanks anyways as your guys help is always appreciated! Which i could have helped you help me but the response time is to slow to be honest. ( no offense ) hey great minds aint plenty full or we would all fix our own issues..LOL Keep it up Maniac
  2. Thank you. And here are those reports Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5424 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/30/2010 1:21:05 PM mbam-log-2010-12-30 (13-20-45).txt Scan type: Full scan (C:\|) Objects scanned: 208432 Time elapsed: 50 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\qnpn7rjv93lf (Trojan.FakeAlert) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AND AFTER REMOVAL/Quarantine: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5424 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/30/2010 1:21:10 PM mbam-log-2010-12-30 (13-21-10).txt Scan type: Full scan (C:\|) Objects scanned: 208432 Time elapsed: 50 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\qnpn7rjv93lf (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS Attached THANK YOU AHEAD OF TIME FOR YOUR TIME. Attach.zip
  3. Good evening all. i really need your help with this one. This is a co-workers DELL mini Ispiron (intel ATOM) w/ Windows7 Starter. other than that i know nothing else so blease understand. Malwarebytes-program_error_updating (12029, 0, WinHttpSendRequest) Windows Updates (cannot update)-code 80072efe Here are the logs as requested: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5363 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/29/2010 6:33:40 PM mbam-log-2010-12-29 (18-33-40).txt Scan type: Full scan (C:\|) Objects scanned: 209017 Time elapsed: 42 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS DDS (Ver_10-12-12.02) - NTFSx86 Run by Moniece at 19:08:18.01 on Wed 12/29/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.410 [GMT -8:00] SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Dell\DellComms\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\System32\rundll32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Program Files\WSED\WSED.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Battery Meter\BTMeter.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\CapsLKNotify\CapsLKNotify.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Moniece\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KDRHZJM\dds[1].com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Bar = Preserve uInternet Settings,ProxyServer = http=127.0.0.1:59274 uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.0.30\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer mRun: [WSED] c:\program files\wsed\WSED.exe mRun: [<NO NAME>] mRun: [bTMeter] c:\program files\battery meter\BTMeter.exe mRun: [broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [DellComms] "c:\program files\dell\dellcomms\bin\sprtcmd.exe" /P DellComms mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware2\mbam.exe" /runcleanupscript mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\moniece\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\moniece\appdata\roaming\mozilla\firefox\profiles\4wj0vya7.default\ FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll ============= SERVICES / DRIVERS =============== R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-26 13680] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-12-19 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-12-19 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-12-19 482432] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101215.001\IDSvix86.sys [2010-12-18 353912] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-9-14 81920] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-29 363344] R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\dell\dellcomms\bin\sprtsvc.exe [2009-5-5 206064] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-14 143840] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-9-14 94720] R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2009-9-14 635168] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-14 122880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-29 20952] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-14 165888] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-14 167936] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-12-19 48688] S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-12-19 117640] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-19 102448] =============== Created Last 30 ================ 2010-12-30 01:47:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-30 01:47:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-30 01:47:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-29 20:24:56 -------- d-----w- c:\users\moniece\appdata\local\Mozilla 2010-12-29 20:24:43 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 8 2010-12-21 21:46:09 388096 ----a-r- c:\users\moniece\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2010-12-21 21:46:09 -------- d-----w- c:\program files\Trend Micro 2010-12-21 21:28:07 -------- d-----w- c:\program files\Microsoft Security Client 2010-12-21 21:27:54 240008 ----a-w- c:\windows\system32\drivers\netio.sys 2010-12-21 21:27:54 1285000 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-12-21 21:03:38 -------- d-----w- c:\users\moniece\appdata\local\Diagnostics 2010-12-21 20:40:33 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2910c933-89e6-4254-ade6-c2dd73d544a9}\mpengine.dll 2010-12-19 19:13:38 -------- d-----w- c:\users\moniece\appdata\roaming\Malwarebytes 2010-12-19 19:06:30 -------- d-----w- c:\progra~2\Malwarebytes 2010-12-19 18:14:15 48688 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symndisv.sys 2010-12-19 18:14:15 36400 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symndis.sys 2010-12-19 18:14:15 217136 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symtdi.sys 2010-12-19 18:14:14 89904 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symfw.sys 2010-12-19 18:14:14 43696 ----a-w- c:\windows\system32\drivers\nis\1008000.029\srtspx.sys 2010-12-19 18:14:14 33072 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symids.sys 2010-12-19 18:14:14 310320 ----a-w- c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys 2010-12-19 18:14:14 308272 ----a-w- c:\windows\system32\drivers\nis\1008000.029\srtsp.sys 2010-12-19 18:14:14 259632 ----a-w- c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys 2010-12-19 18:13:52 482432 ----a-w- c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys 2010-12-19 18:13:49 -------- d-----w- c:\windows\system32\drivers\nis\1008000.029 2010-12-19 18:06:40 -------- d-----w- c:\progra~2\Symantec 2010-12-18 22:14:33 -------- d-----w- c:\users\moniece\appdata\local\SupportSoft 2010-12-18 22:12:01 -------- d-----w- c:\users\moniece\appdata\roaming\Dell 2010-12-18 22:11:30 -------- d-----w- c:\users\moniece\appdata\local\Stardock_Corporation 2010-12-18 21:56:49 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2010-12-18 21:56:26 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-12-18 21:56:15 -------- d-----w- c:\program files\Symantec 2010-12-18 21:56:15 -------- d-----w- c:\program files\common files\Symantec Shared ==================== Find3M ==================== =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84315555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8431b7b0]; MOV EAX, [0x8431b82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x81850458] -> \Device\Harddisk0\DR0[0x842F44D0] 3 CLASSPNP[0x8600459E] -> ntkrnlpa!IofCallDriver[0x81850458] -> [0x84223918] 5 ACPI[0x85EA53B2] -> ntkrnlpa!IofCallDriver[0x81850458] -> \IdeDeviceP0T0L0-0[0x8421C610] \Driver\atapi[0x842F53D8] -> IRP_MJ_CREATE -> 0x84315555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD1600BEVT-75ZCT2___________________11.01A11#5&3525fcc3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! sectors 312581806 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. ============= FINISH: 19:10:21.15 =============== Please let me know if i missed anything. ART ark___attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.