Jump to content

Infected with the windows security 2011


Recommended Posts


As I was browsing the web today.

Suddenly everything stopped working and a windows security 2011 came up

with those security warnings and all those critical errors.

Now, I downloaded rkill and malware bytes.

rkill gives an access denied message and now it gives an installation error message too.

I used MBAM to do a full scan and removed the infectious files.

But,my pc is still not working properly.

All folders and all drives are showing as empty.

Anways, I downloaded the dds program and am attaching the dds and the attach file here.

Just waiting now to get some help from you guys.



Link to post
Share on other sites

I would like to add that I have done the dds scanning (the results are attached to the above post) in "safe mode with networking"

and am running my laptop in 'safe mode with networking' at the moment.

Hey, since I cant edit the post above.

I want to say that I made an error in saying that it was windows security 2011.

Actually, it was the system fix thing, that is causing all this trouble.


Well I was getting a little impatient and so I was reading what was recommended to one of the persons who had a problem with system fix.

So, I went ahead and tried it.

I had already tried the rkill part, it didnt work.

I did the MABM part and although It wasn't able to update.

It still found a few infectious files and removed them.

After that I used the unhide program and well I can now see the files and folders and everything there.

The problem is that when I try rkill, it still gives the error message of installation error.

And I can still see the systemfix file on my desktop, so it seems that the problem is still there.

But since I have made changes to the previous configuration, therefore I am using the dds program again

and copy pasting the contents of the dds and the attach file, since everybody is pasting it and not attaching it to the post.

Well, here goes:

This is the DDS FILE:


DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by MUDDY at 23:16:24 on 2011-12-13


============== Running Processes ===============



D:\Program Files\Avira\AntiVir Desktop\sched.exe

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\Avira\AntiVir Desktop\avshadow.exe

D:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe

D:\Program Files\Java\jre6\bin\jqs.exe



D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe

D:\Program Files\Windows Media Player\WMPNetwk.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\Program Files\Common Files\Java\Java Update\jusched.exe

D:\Program Files\QuickTime\qttask.exe


D:\Program Files\Dictionary.com\CleverKeys\CK.exe

D:\Program Files\Messenger\msmsgs.exe





D:\Program Files\Mozilla Firefox\firefox.exe

D:\Documents and Settings\MUDDY\Desktop\dds.scr


D:\WINDOWS\System32\svchost.exe -k netsvcs

D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

D:\WINDOWS\system32\svchost.exe -k NetworkService

D:\WINDOWS\system32\svchost.exe -k LocalService

D:\WINDOWS\System32\svchost.exe -k HTTPFilter


============== Pseudo HJT Report ===============


uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyServer =

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - f:\orbitdownloader\orbitcth.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - d:\program files\yontoo layers runtime\YontooIEClient.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - f:\orbitdownloader\GrabPro.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\techsmith\snagit 9\SnagitIEAddin.dll

TB: SeoQuake: {9c590067-8a6a-4db6-b052-069283790b04} - d:\program files\seoquake\SeoQuake.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar.dll

EB: SeoQuake: {9c590067-8a6a-4db6-b052-069283790b04} - d:\program files\seoquake\SeoQuake.dll

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

uRun: [CleverKeys] d:\program files\dictionary.com\cleverkeys\CK.exe

uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background

uRun: [sJelite3Launch] d:\documents and settings\muddy\application data\transcend\sjelite3\SJelite3Launch.exe

uRun: [sEnukeX] "d:\documents and settings\muddy\local settings\application data\senukex\senuke.exe"

uRun: [Google Update] "d:\documents and settings\muddy\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime

IE: &Download by Orbit - f:\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - f:\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - f:\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - f:\orbitdownloader\orbitmxt.dll/202

IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

Trusted Zone: itietendering.com\www

Trusted Zone: tenderwizard.com\www

Trusted Zone: wbcomtax.gov.in

DPF: Microsoft XML Parser for Java - file:///D:/WINDOWS/Java/classes/xmldso.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {9765B508-0C62-4F32-AB7C-D30D0615580B} - hxxp://

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer =

TCP: Interfaces\{6230268D-34A9-42DC-BEA9-21E26726FDBB} : DhcpNameServer =

TCP: Interfaces\{E8EFF05E-62DC-4EF3-8811-2C026E819BA4} : NameServer =,

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - d:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - d:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - d:\program files\stardock\fences\FencesMenu.dll

Hosts: http://www.marketsamurai.com

Hosts: marketsamurai.com

Hosts: www.articlemarketingrobot.com

Hosts: articlemarketingrobot.com


================= FIREFOX ===================


FF - ProfilePath - d:\documents and settings\muddy\application data\mozilla\firefox\profiles\re0m83xy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.giveawayoftheday.com/

FF - prefs.js: network.proxy.ftp -

FF - prefs.js: network.proxy.ftp_port - 47784

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 47784

FF - prefs.js: network.proxy.http -

FF - prefs.js: network.proxy.http_port - 47784

FF - prefs.js: network.proxy.socks -

FF - prefs.js: network.proxy.socks_port - 47784

FF - prefs.js: network.proxy.ssl -

FF - prefs.js: network.proxy.ssl_port - 47784

FF - prefs.js: network.proxy.type - 0

FF - component: d:\documents and settings\muddy\application data\mozilla\firefox\profiles\re0m83xy.default\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll

FF - component: d:\documents and settings\muddy\application data\mozilla\firefox\profiles\re0m83xy.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - component: f:\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll

FF - plugin: d:\documents and settings\muddy\local settings\application data\google\update\\npGoogleUpdate3.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: d:\program files\microsoft\office live\npOLW.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npdap.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: d:\program files\mozilla firefox\plugins\npww.dll

FF - plugin: d:\program files\photodex presenter\npPxPlay.dll

FF - plugin: f:\quicktime\plugins\npqtplugin.dll

FF - plugin: f:\quicktime\plugins\npqtplugin.dll

FF - plugin: f:\quicktime\plugins\npqtplugin2.dll

FF - plugin: f:\quicktime\plugins\npqtplugin2.dll

FF - plugin: f:\quicktime\plugins\npqtplugin3.dll

FF - plugin: f:\quicktime\plugins\npqtplugin3.dll

FF - plugin: f:\quicktime\plugins\npqtplugin4.dll

FF - plugin: f:\quicktime\plugins\npqtplugin4.dll

FF - plugin: f:\quicktime\plugins\npqtplugin5.dll

FF - plugin: f:\quicktime\plugins\npqtplugin5.dll

FF - plugin: f:\quicktime\plugins\npqtplugin6.dll

FF - plugin: f:\quicktime\plugins\npqtplugin6.dll

FF - plugin: f:\quicktime\plugins\npqtplugin7.dll


============= SERVICES / DRIVERS ===============


R? a2acc;a2acc


R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86


R? fsssvc;Windows Live Family Safety Service

R? MBAMSwissArmy;MBAMSwissArmy

R? McComponentHostService;McAfee Security Scan Component Host Service

R? nmwcdnsu;Nokia USB Flashing Phone Parent

R? nmwcdnsuc;Nokia USB Flashing Generic

R? qxibpvwp;qxibpvwp


R? umpusbvista;Texas Instruments USB Serial Driver

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache

R? zteusbser;ZTE USB Device for Legacy Serial Communication

S? AntiVirSchedulerService;Avira AntiVir Scheduler

S? AntiVirService;Avira AntiVir Guard

S? avgio;avgio

S? avgntflt;avgntflt



S? fssfltr;fssfltr

S? WinAutomation Service;WinAutomation Service


=============== Created Last 30 ================


2011-12-02 14:12:02 -------- d-----w- d:\documents and settings\muddy\application data\SumatraPDF

2011-12-02 14:11:59 -------- d-----w- d:\program files\OverPDF PDF to Image Converter

2011-12-02 14:11:12 -------- d-----w- d:\documents and settings\muddy\application data\GetRightToGo

2011-11-30 09:39:39 -------- d-----w- d:\program files\PDF to Kindle Converter

2011-11-30 09:11:40 -------- d-----w- d:\documents and settings\muddy\application data\Smart PDF Creator Pro

2011-11-30 09:11:08 -------- d-----w- d:\program files\Smart PDF Creator Pro

2011-11-29 10:58:22 -------- d-----w- d:\documents and settings\all users\application data\XDMessaging

2011-11-28 09:53:32 -------- d-----w- d:\program files\StreamingStar

2011-11-27 16:37:21 -------- d-----w- d:\windows\Replay Converter 4

2011-11-27 16:36:18 -------- d-----w- d:\windows\Replay AV

2011-11-27 16:36:10 -------- d-----w- d:\program files\Replay AV 8

2011-11-27 16:22:31 -------- d-----w- d:\documents and settings\muddy\local settings\application data\CometNetwork

2011-11-27 16:22:31 -------- d-----w- d:\documents and settings\muddy\application data\CometNetwork

2011-11-20 07:30:52 -------- d-sh--w- d:\windows\system32\AI_RecycleBin

2011-11-20 07:30:43 -------- d-----w- d:\documents and settings\muddy\local settings\application data\Stardock

2011-11-20 07:30:35 -------- d-----w- d:\program files\W3i, LLC


==================== Find3M ====================


2011-11-20 07:55:48 118784 ----a-w- d:\windows\web\wallpaper\Waterfalls Animated Wallpaper.exe

2011-11-20 07:30:41 118784 ----a-w- d:\windows\web\wallpaper\waterfalls animated wallpaper dir\uninstall.exe

2011-10-29 07:32:00 1409 ----a-w- d:\windows\QTFont.for

2008-01-15 06:47:52 2655000 -c--a-w- d:\program files\Awcl.exe


============= FINISH: 23:16:39.70 ===============

And this is the ATTACH FILE:


==== Installed Programs ======================



7-Zip 4.64


Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop CS

Adobe Shockwave Player 11.5

Advanced SystemCare 3

Anime Studio Pro 8.0

Article Marketing Robot

Auslogics BoostSpeed

Avira AntiVir Personal - Free Antivirus




Compatibility Pack for the 2007 Office system

Conexant HD Audio

Content Transfer

Dictionary.com CleverKeys

eToken PKI Client 5.1


FileZilla Client 3.5.1

Flash Movie Player 1.5

Foxit Reader

Google Chrome

Google Talk (remove only)

Google Toolbar for Internet Explorer


Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

HP Help and Support

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

Java Auto Updater

Java 6 Update 21

Junk Mail filter update

K-Lite Codec Pack 4.7.5 (Basic)

Keyword Sweetspotter

LinkFinder Pro

Malwarebytes' Anti-Malware

Market Samurai

McAfee Security Scan Plus

Micro Niche Finder 5.0

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office Live Add-in 1.3

Microsoft Office XP Professional with FrontPage

Microsoft Reader

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.7

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mobipocket Creator 4.2

Mobipocket Reader 6.2

Mozilla Firefox 8.0.1 (x86 en-US)





Nokia Connectivity Cable Driver

Norton PartitionMagic

Norton PartitionMagic 8.0

NVIDIA Drivers

Orbit Downloader

PC Connectivity Solution


PDFRead 1.8.2

Photodex Presenter

ProShow Producer


Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB982381)

Segoe UI



Skype™ 4.0

Smart Defrag

Snagit 9.1.1


Software Informer 1.1

Stealth Keyword Competition Analyzer 2.0

Synaptics Pointing Device Driver

TextPad 5

The Automator





UBot Studio

Update for Windows Internet Explorer 8 (KB2447568)

Update or Uninstall SENukeX

uRex Video Converter Platinum

Video Watermark Pro

VLC media player 1.1.9

WebFldrs XP


WinAce Archiver


Windows Driver Package - Nokia pccsmcfd (08/22/2008

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Wondershare PDF Converter (Build 2.6.2)


Yontoo Layers Runtime 1.10.01


==== End Of File ===========================

Just installed the latest version of MABM and it updated and worked properly.

Deleted a few more infectious files.

Am posting its log file here:

Malwarebytes' Anti-Malware


Database version: 8365

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

12/14/2011 12:42:54 AM

mbam-log-2011-12-14 (00-42-54).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Objects scanned: 363998

Time elapsed: 38 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{c243bfc3-d925-4a60-b131-39de6af9289c}\RP804\A0106343.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

e:\system volume information\_restore{c243bfc3-d925-4a60-b131-39de6af9289c}\RP804\A0106344.exe (Trojan.Ubot) -> Quarantined and deleted successfully.

f:\system volume information\_restore{c243bfc3-d925-4a60-b131-39de6af9289c}\RP804\A0106345.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

f:\system volume information\_restore{c243bfc3-d925-4a60-b131-39de6af9289c}\RP804\A0106346.exe (Trojan.Ubot) -> Quarantined and deleted successfully.

d:\documents and settings\all users\Desktop\privacy protection.lnk (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:


  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.