Jump to content

Windows Command Processor help!


Recommended Posts

Hello Rossel! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

Ask Toolbar

Ask Toolbar Updater

BitTorrent

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Did you read my instructions?

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
In your next reply, post the following log files:

Malwarebytes' Anti-Malware log

a new fresh DDS log file

Then post it with a new fresh DDS log file.
Link to post
Share on other sites

Oh, sorry :) Here they are.

MalwareBytes -

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.03.08

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Ross :: ROSS-PC [administrator]

Protection: Disabled

03/04/2012 16:57:49

mbam-log-2012-04-03 (16-57-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200870

Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Detected: 1

C:\Users\Ross\AppData\Local\VirtualStore\Windows\SysWOW64\6lwvC23 (Virus.Ramnit) -> 3656 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LdoBkcdp (Virus.Ramnit) -> Data: C:\Users\Ross\AppData\Local\dwwoactc\ldobkcdp.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\Ross\AppData\Local\VirtualStore\Windows\SysWOW64\6lwvC23 (Virus.Ramnit) -> Delete on reboot.

C:\Users\Ross\AppData\Local\dwwoactc\ldobkcdp.exe (Virus.Ramnit) -> Quarantined and deleted successfully.

C:\Users\Ross\AppData\Local\Temp\dijvmecybygkeswf.exe (Virus.Ramnit) -> Quarantined and deleted successfully.

(end)

DDS -

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Ross at 16:59:28 on 2012-04-03

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6135.4242 [GMT 1:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe

C:\Windows\SysWOW64\6lwvC23

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\consent.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://uk.ask.com/?l=dis&o=14597

uDefault_Page_URL = hxxp://packardbell.msn.com

mDefault_Page_URL = hxxp://packardbell.msn.com

mStart Page = hxxp://packardbell.msn.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: IE UPDATER: {3543619c-d563-43f7-95ea-4da7e1cc396a} - C:\Users\Ross\AppData\Roaming\IE\bho.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [software Suite SE] "C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe" /run

uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe

uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [LdoBkcdp] C:\Users\Ross\AppData\Local\dwwoactc\ldobkcdp.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [stereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4BB507A5-7B1C-4F22-8954-29B6574B9CDB} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{807E1DD9-EEAA-4725-B4E8-A4EB02D3F546} : DhcpNameServer = 192.168.1.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: IE UPDATER: {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Ross\AppData\Roaming\IE\bho.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [stereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\5onfjeyl.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [2011-7-6 1143416]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110708.032\IDSviA64.sys [2011-7-9 488056]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-31 130008]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-10-21 243232]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-12 136824]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-03 15:58:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E6CE15F-C2F7-4985-9BB0-9B8476BB19F0}\offreg.dll

2012-04-03 15:56:05 -------- d-----w- C:\Users\Ross\AppData\Local\{64841300-97B3-45F7-8076-CE75ED01FE41}

2012-04-03 15:54:34 709968 ----a-w- C:\Windows\isRS-000.tmp

2012-04-03 15:53:23 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E6CE15F-C2F7-4985-9BB0-9B8476BB19F0}\mpengine.dll

2012-04-02 19:31:00 29808 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-04-02 18:47:39 -------- d-----w- C:\Users\Ross\AppData\Local\{2D669C91-E7B1-43E6-B258-ABDDEADE44CC}

2012-04-02 17:04:49 -------- d-----w- C:\Users\Ross\jagexcache1

2012-04-02 16:23:27 -------- d-----w- C:\Users\Ross\AppData\Local\{C834D408-3E24-4141-9A2D-7BA82D8BE365}

2012-04-01 08:27:56 -------- d-----w- C:\Users\Ross\AppData\Roaming\EpicBot

2012-04-01 08:27:46 -------- d-----w- C:\Program Files (x86)\EpicBot

2012-04-01 05:48:27 -------- d-----w- C:\Users\Ross\AppData\Local\{50EF8F41-6846-4CA8-9596-D01D43260661}

2012-03-31 08:04:35 -------- d-----w- C:\Users\Ross\AppData\Local\{44793EEA-27B6-4C0A-B19E-0D1175DA4551}

2012-03-30 14:54:09 -------- d-----w- C:\Users\Ross\AppData\Local\{5E95C305-1620-4FE5-AFE4-DC0AD79328C6}

2012-03-28 15:55:37 -------- d-----w- C:\Users\Ross\AppData\Local\{3C51C2D2-8B60-40A2-86B3-235D09839D81}

2012-03-27 16:14:59 -------- d-----w- C:\Users\Ross\AppData\Local\Samsung

2012-03-27 16:14:34 -------- d-----w- C:\Users\Ross\AppData\Roaming\Samsung

2012-03-26 17:33:10 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-03-26 17:33:00 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll

2012-03-26 17:33:00 -------- d-----w- C:\Program Files (x86)\MarkAny

2012-03-26 17:32:12 -------- d-----w- C:\ProgramData\Samsung

2012-03-26 17:32:12 -------- d-----w- C:\Program Files (x86)\Samsung

2012-03-26 17:31:15 -------- d-----w- C:\Users\Ross\AppData\Local\Downloaded Installations

2012-03-25 11:45:50 -------- d-----w- C:\Users\Ross\AppData\Local\{4DE02E97-EF50-4D28-9D19-AF77BBE1821F}

2012-03-25 11:45:39 -------- d-----w- C:\Users\Ross\AppData\Local\{E03890A3-75EB-487A-8926-4B2D8C7F65F5}

2012-03-24 20:15:45 -------- d-----w- C:\Users\Ross\AppData\Local\{0612D7E0-C86D-4193-B4BB-8A11C8691AB4}

2012-03-24 20:15:26 -------- d-----w- C:\Users\Ross\AppData\Local\{E18EC90E-A70C-4BC3-89DD-A2B6F5CF1B52}

2012-03-23 15:46:26 -------- d-----w- C:\Users\Ross\AppData\Local\{FE467B49-C510-49D6-8CF8-711B007DE3A4}

2012-03-23 15:46:04 -------- d-----w- C:\Users\Ross\AppData\Local\{E3C86177-CCF2-42F5-BAAB-1BC88E472945}

2012-03-22 16:53:25 -------- d-----w- C:\Users\Ross\AppData\Local\{16135416-C405-478B-97D0-B390270B7F50}

2012-03-22 16:53:13 -------- d-----w- C:\Users\Ross\AppData\Local\{FEE691FF-3823-436D-861F-8C71E0DA7D19}

2012-03-21 16:56:15 -------- d-----w- C:\Users\Ross\AppData\Local\{3205EF4A-2F6A-445B-B120-BF6360F218C0}

2012-03-20 16:47:44 -------- d-----w- C:\Users\Ross\AppData\Local\{3C9CBD07-443B-43C3-8C51-2417958240F7}

2012-03-20 16:47:32 -------- d-----w- C:\Users\Ross\AppData\Local\{EA9ACD94-DFAB-48C1-80B1-81F0385919F1}

2012-03-19 17:13:45 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-19 17:13:45 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-19 16:53:06 -------- d-----w- C:\Users\Ross\AppData\Local\{8EB2BAFC-0EA0-45D6-B071-03F20444403B}

2012-03-18 14:47:33 -------- d-----w- C:\Users\Ross\AppData\Local\{4FDC8406-A6AE-4DA6-A7E7-2E8F4B23BA72}

2012-03-17 09:17:15 -------- d-----w- C:\Users\Ross\AppData\Local\{C3A57A4F-F3B4-49BC-8161-80A26DB01CB1}

2012-03-17 09:17:04 -------- d-----w- C:\Users\Ross\AppData\Local\{C05EBCEB-3236-413A-AA10-F482F58B46B1}

2012-03-16 18:07:25 -------- d-----w- C:\Users\Ross\AppData\Local\{A7B88535-94DC-40FE-ACDF-8BEB9507FBFF}

2012-03-16 18:07:14 -------- d-----w- C:\Users\Ross\AppData\Local\{34E5D082-E9CE-4CB4-88D3-DB8558FF04CC}

2012-03-15 18:19:59 -------- d-----w- C:\Program Files (x86)\MStory V83

2012-03-14 21:13:20 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 21:13:19 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 21:13:17 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 17:02:18 -------- d-----w- C:\Users\Ross\AppData\Local\{9A9FEFE8-A474-4E73-88E0-747F10FBDB6B}

2012-03-14 17:02:06 -------- d-----w- C:\Users\Ross\AppData\Local\{9FA83A4F-4B5D-4FEF-8C59-6DF8883245FE}

2012-03-12 16:47:59 -------- d-----w- C:\Users\Ross\AppData\Local\{26C1E9F2-F060-4882-B5C5-5B524A2DFA46}

2012-03-11 14:58:37 -------- d-----w- C:\Program Files (x86)\NEXON

2012-03-11 14:57:21 -------- d-----w- C:\Users\Ross\AppData\Local\{BF911B20-1419-432D-8D3E-4CCFAAB6A717}

2012-03-11 14:57:10 -------- d-----w- C:\Users\Ross\AppData\Local\{E3255D69-E22B-44D4-A230-835252D3609B}

2012-03-11 12:42:58 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat

2012-03-11 12:42:57 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe

2012-03-11 12:40:23 -------- d-----w- C:\Users\Ross\AppData\Local\{9B455D06-D7DE-4A2E-A505-40D61CD0D2AA}

2012-03-11 12:32:13 -------- d-----w- C:\Users\Ross\AppData\Local\{B9A3FA14-5C11-43DF-BE24-D2809B53398F}

2012-03-10 20:51:53 -------- d-----w- C:\Download

2012-03-10 08:11:15 -------- d-----w- C:\Users\Ross\AppData\Local\{E0496AE5-F15A-49CA-A5A3-7D060398A45D}

2012-03-10 08:11:04 -------- d-----w- C:\Users\Ross\AppData\Local\{1F3034FF-573E-4C79-9F35-0D9C6E16A617}

2012-03-08 20:16:06 -------- d-----w- C:\Program Files (x86)\FreeTime

2012-03-06 17:59:55 -------- d-----w- C:\Users\Ross\AppData\Local\{D36A0A6A-74C6-4318-A713-D36D5A958EBF}

2012-03-05 17:06:17 -------- d-----w- C:\Users\Ross\AppData\Local\{D7F32A38-5E47-4A68-89CA-157DC225A122}

2012-03-05 17:06:04 -------- d-----w- C:\Users\Ross\AppData\Local\{0C024CFA-A331-4019-9201-413F9C1ED40A}

2012-03-05 16:58:15 -------- d-----w- C:\Users\Ross\AppData\Roaming\Malwarebytes

2012-03-05 16:58:11 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-05 16:58:11 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-05 16:58:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-05 16:56:16 -------- d-----w- C:\Users\Ross\AppData\Local\{EBECF7D1-1635-46F4-B96D-1D62F723B09B}

2012-03-04 17:21:26 -------- d-----w- C:\Users\Ross\AppData\Local\dwwoactc

.

==================== Find3M ====================

.

2012-03-11 15:36:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-15 23:24:40 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2012-02-15 23:24:38 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys

2012-02-01 10:14:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2011-09-04 16:54:36 510163640 ----a-w- C:\Program Files (x86)\Knight_Online_03072011.exe

.

============= FINISH: 17:01:45.85 ===============

Link to post
Share on other sites

The infection that you can see in the MBAM scan, Ramnit is what we call a file-infector. These are particularly malicious, in that they infect all of your legitimate programs.

The problem is... the virus is very buggy, so it does not do a good job of infecting your files, so any attempt to disinfect and possibly save your files would be futile, in that, due to the buggy virus, we cannot properly disinfect your files.

What I highly recommend now is a reformat and a reinstallation of Windows XP. You may backup and save all files except programs (meaning pictures and documents are okay), because if you backup any executable files and HTML files, they will transfer to your clean system, and you will be reinfected.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.