Jump to content

Recommended Posts

I posted primarily the same topic in PC Help but I was suggested to try posting here. Before anything, I'm really sorry but I did delete some registry data only from the 'firefox' and 'internet explorer' folders a few days ago because I got so frustrated, I think that may be some of my problem, but I'm not sure. :( Sorry

I was infected with the "Windows Security 2012" and a clone of it "Windows Privacy Unreg Ver" at the same time, I updated my Malwarebytes last night and renamed it "mbam.com" and that got rid of everything it seems, but now I'm still getting redirected to websites like "get-answers-fast.com" whenever I try to use the internet, especially Google search.

I updated Malwarebytes again this morning and tried scanning again and it said everything was clean but I still get redirected while using the internet, I'm using Firefox, I uninstalled it and reinstalled it but that didn't help either?

I keep getting infected with these same fake Windows Security programs, I'm thinking my USB thumb drive or MP3 player that I've connected to other computers may be infected and they're causing my infections when I connect them to my computer, is this possible and if so, how should I go about fixing them?

Thanks

I posted the two .txt files that I got from DDS, I'm not sure what 'Hijackthis' is, should I download it too and post the log from it? Also here is my most recent Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8351

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

12/11/2011 5:26:03 AM

mbam-log-2011-12-11 (05-26-02).txt

Scan type: Quick scan

Objects scanned: 169138

Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

attach.txt

dds.txt

Link to post
Share on other sites

Hello and :welcome:

No need for HijackThis; this is an older scanner similar to DDS.

Unfortunately you have a nasty rootkit infection, please read the following information first:

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

I don't access any banking or important information through this computer, just trivial things like tumblr and Google. No important or personal files on here either. Although a few months ago someone got into my brother's online bank account and Xbox account and stole a bunch of his money and other things on his computer. Could it have somehow gotten to my computer, I'm not sure if that's possible? I tried reinstalling Windows with the OS CD but it says 'sparrow.sys corrupted' and wont install, so I just ran ComboFix...

Here's the ComboFix report:

ComboFix 11-12-10.01 - Mariah 12/11/2011 9:05.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.104 [GMT -8:00]

Running from: c:\documents and settings\Mariah\My Documents\Downloads\Combo-Fix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Mariah\Application Data\360SE

c:\documents and settings\Mariah\Application Data\360SE\360SE.ini

c:\documents and settings\Mariah\Application Data\360SE\360se_s.ini

c:\documents and settings\Mariah\Application Data\360SE\360seie6.ini

c:\documents and settings\Mariah\Application Data\360SE\data\360sefav.db

c:\documents and settings\Mariah\Application Data\360SE\data\360uyx.db

c:\documents and settings\Mariah\Application Data\360SE\data\BlankData.ini

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\4c31896c2e4b761366b66f76dc3cc898.png

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\4f12a25ee6cc3d6123be77df850e343e.png

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\55bec7be4c0804552178a4bb69546a45.png

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\739ef10f2a2ea5c25bd103957156e6ed.png

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\a02f6462522bb018d699cb7db16a8e7e.png

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\af84481196147f5dfe27ece717c0a074.png

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\b6180b57b66e083b3a34d459cd8be414.png

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\bfa89e563d9509fbc5c6503dd50faf2e.png

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\d0d9b18fd078e00cb9cf8c8a0c780957.png

c:\documents and settings\Mariah\Application Data\360SE\data\cachesnap\d0f58dcfc07f405ed0a58ce494ef1343.png

c:\documents and settings\Mariah\Application Data\360SE\data\FavouriteBar.dat

c:\documents and settings\Mariah\Application Data\360SE\data\history.dat

c:\documents and settings\Mariah\Application Data\360SE\data\ico\29.media.tumblr.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\avc.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\cn.bing.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\cz.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\ddt.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\dgcs.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\dh.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\farm.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\hao.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\hero.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\imgspark.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\mcsd.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\me.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\plsm.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\poker.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\se.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\search8.taobao.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\vampirefreaks.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.baidu.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.bing.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.facebook.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.google.com.hk.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.google.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.imgspark.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.qihoo.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.sogou.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.tumblr.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\www.youdao.com.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\wxfy.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\yahoo.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\ico\zqjl.wan.360.cn.ico

c:\documents and settings\Mariah\Application Data\360SE\data\pluginbar.dat

c:\documents and settings\Mariah\Application Data\360SE\data\StatusBar.dat

c:\documents and settings\Mariah\Application Data\360SE\data\switch.ini

c:\documents and settings\Mariah\Application Data\360SE\data\URLTitle.ini

c:\documents and settings\Mariah\Application Data\360SE\data\user.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtAddons\ExtStats.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtAddons\ExtStats.ini.cfg

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtBank\bank.dll

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtBank\bank2.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtBank\ExtBank.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtBank\stat.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\360Doctor.exe

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\ax.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\bhoshield.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\doctor.dll

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\doctor.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\DoctorSyn.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\ExtDoctor.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\HttpClientW.dll

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\rule.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDoctor\rule.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtDownload\extdownload1.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtLoginMagic\ExtLoginMagic.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\extpageblank\stat.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtPages\urlopt.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtProxy\proxy.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\360pyx.db

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\BinConfig2.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\ExtYouxi.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\cqgd.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\ddt.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\dgwm.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\frg.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\frxz.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\hhsh.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\mhxx.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\tdyx.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\yjjh.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\yxyz.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\icons\zwjs.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\promlib.dll

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\stat3.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\ExtYouxi\ver.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Favorites\Favorites.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Favorites\Favorites2.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Favorites\Log\360log_2011_07_18.log

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Favorites\Log\360log_2011_07_19.log

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Favorites\titleopt.dll

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Pluginbar\data.dll

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Pluginbar\icon\shouji.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Pluginbar\icon\youxi.ico

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Pluginbar\Pluginbar.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Pluginbar\stat.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\Pluginbar\ver.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SafeCentral\esimple.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SafeCentral\SafeCentral.in

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SafeCentral\SafeCentral.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SafeCentral\safehfc.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SafeCentral\SafeProtect.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SafeCentral\sc.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SafeCentral\urllib.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SafeCentral\urllibauth.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SafeCentral\urllibw.dat

c:\documents and settings\Mariah\Application Data\360SE\Extensions\SnapPlugin\stat.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\TranslatorPlugin\stat.ini

c:\documents and settings\Mariah\Application Data\360SE\Extensions\TranslatorPlugin\translate.ini

c:\documents and settings\Mariah\Application Data\360SE\pd\se_june2.ini

c:\documents and settings\Mariah\Application Data\360SE\seup.ini

c:\documents and settings\Mariah\Application Data\360SE\stat.ini

c:\documents and settings\Mariah\Application Data\360SE\v3update\updatecfg.ini

c:\documents and settings\Mariah\Application Data\360SE\v3update\v3download\~3A.tmp

c:\documents and settings\Mariah\Application Data\360SE\v3update\v3download\~3B.tmp

c:\documents and settings\Mariah\Application Data\360SE\v3update\v3download\~3C.tmp

c:\documents and settings\Mariah\Application Data\360SE\v3update\v3download\~3D.tmp

c:\documents and settings\Mariah\Application Data\360SE\v3update\v3download\~3E.tmp

c:\documents and settings\Mariah\Application Data\360SE\v3update\v3download\~3F.tmp

c:\windows\$NtUninstallKB64991$

c:\windows\$NtUninstallKB64991$\3361551746\@

c:\windows\$NtUninstallKB64991$\3361551746\bckfg.tmp

c:\windows\$NtUninstallKB64991$\3361551746\cfg.ini

c:\windows\$NtUninstallKB64991$\3361551746\Desktop.ini

c:\windows\$NtUninstallKB64991$\3361551746\keywords

c:\windows\$NtUninstallKB64991$\3361551746\kwrd.dll

c:\windows\$NtUninstallKB64991$\3361551746\L\eyxnbero

c:\windows\$NtUninstallKB64991$\3361551746\lsflt7.ver

c:\windows\$NtUninstallKB64991$\3361551746\U\00000001.@

c:\windows\$NtUninstallKB64991$\3361551746\U\00000002.@

c:\windows\$NtUninstallKB64991$\3361551746\U\00000004.@

c:\windows\$NtUninstallKB64991$\3361551746\U\80000000.@

c:\windows\$NtUninstallKB64991$\3361551746\U\80000004.@

c:\windows\$NtUninstallKB64991$\3361551746\U\80000032.@

c:\windows\$NtUninstallKB64991$\3900498540

.

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected

Restored copy from - The cat found it :)

.

((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))

.

.

2011-12-11 16:51 . 2004-08-12 14:01 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys

2011-12-11 16:51 . 2004-08-12 14:01 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-12-07 16:33 . 2011-12-07 16:34 -------- d-----w- C:\$WIN_NT$.~BT

2011-12-07 16:31 . 2004-08-12 13:59 18944 ----a-w- c:\windows\system32\lprmon.dll

2011-12-07 16:31 . 2004-08-12 13:59 22528 ----a-w- c:\windows\system32\lpdsvc.dll

2011-12-05 02:51 . 2011-12-05 02:51 -------- d-----w- c:\windows\system32\LogFiles

2011-12-05 02:20 . 2011-12-05 02:20 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-12-03 02:32 . 2011-12-03 02:32 -------- d-----w- c:\documents and settings\Mariah\Application Data\Malwarebytes

2011-12-03 02:12 . 2011-12-03 02:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-12-03 02:11 . 2011-12-03 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-03 02:11 . 2011-12-11 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-03 02:11 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-03 00:06 . 2011-12-03 00:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-21 04:04 . 2011-12-11 00:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

S1 qutmdserv;Quantum DeepScanner Servers;\??\c:\windows\system32\drivers\qutmdrv.sys --> c:\windows\system32\drivers\qutmdrv.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Mariah\Application Data\Mozilla\Firefox\Profiles\oa6eae6d.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-11 09:17

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-12-11 09:22:08 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-11 17:22

.

Pre-Run: 78,464,356,352 bytes free

Post-Run: 78,625,013,760 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot Loader]

Timeout=2

Default=c:\$win_nt$.~bt\BOOTSECT.DAT

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Setup"

.

- - End Of File - - 9F79894A7DD737D05B2244DE838E394A

Link to post
Share on other sites

Yes internet works and I've yet to have any redirects and my computer seems faster :) Thank you!

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8352

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

12/11/2011 10:38:58 AM

mbam-log-2011-12-11 (10-38-58).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)

Objects scanned: 178789

Time elapsed: 28 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi, I'm glad to hear that! :)

UPDATE XP

--------------

Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

I installed 59 Microsoft updates from the website and Service Pack 3 and then ran ESET online scanner, here is the log from it:

Also, should I delete the Qoobox folder from ComboFix?

C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera\Opera\cache\g_0008\opr000TJ.tmp JS/Exploit.Pdfka.PGF.Gen trojan deleted - quarantined

C:\Documents and Settings\Mariah\Application Data\Sun\Java\Deployment\cache\6.0\31\3fc8dd5f-5a51cf34 a variant of Win32/Kryptik.WQU trojan cleaned by deleting - quarantined

C:\Documents and Settings\Mariah\Application Data\Sun\Java\Deployment\cache\6.0\58\7cdf58ba-5c27981f multiple threats deleted - quarantined

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\425fcbd0-616e2c88 a variant of Win32/Kryptik.WQU trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir a variant of Win32/Rootkit.Kryptik.FW trojan cleaned by deleting - quarantined

Link to post
Share on other sites

These were just remnants, which means you're good to go! :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.