Jump to content

Battling uacinit.dll and its minions... need help


Recommended Posts

Hi,

I've been fighting what seems to be a rootkit infection. I read and followed the instructions posted in the sticky topic:

I'm infected - What do I do now?... and so now I'm including my HJT log.

The general symptoms are: MBAM finds stuff like:

Memory Modules Infected:

\\?\globalroot\systemroot\system32\UACtolplkttbtsajpe.dll (Trojan.TDSS) -> Delete on reboot.

Files Infected:

\\?\globalroot\systemroot\system32\UACtolplkttbtsajpe.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

But the stuff to be deleted on reboot always resurrects itself. I'm hoping the ninjas here can help me eradicate this.

Thanks,

KM

===BEGIN HJT LOG===

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:38:12 PM, on 6/18/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\apps\sound\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\GearHead\Wheel Mouse\5.3\MOUSE32A.EXE

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\apps\sound\iTunes_{USER}\iTunesHelper.exe

C:\apps\graphics\2d\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\apps\graphics\2d\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe

C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\apps\web\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080102

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwarebytes.org/forums/index.php?showtopic=9573

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080102

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\apps\Utils\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [WinampAgent] C:\apps\sound\Winamp\winampa.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\GearHead\Wheel Mouse\5.3\MOUSE32A.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\apps\sound\iTunes_{USER}\iTunesHelper.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\apps\graphics\2d\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\GODcensoredINGDAMMIT.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\apps\graphics\2d\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe

O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usc.edu

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usc.edu

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - Winlogon Notify: !SASWinLogon - C:\apps\web\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--

End of file - 13746 bytes

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Thank you for your reply! Here is the combo fix log:

ComboFix 09-06-18.02 - Mitch 06/19/2009 10:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1511 [GMT -7:00]

Running from: c:\documents and settings\Mitch\Desktop\foobar.exe

Command switches used :: c:\documents and settings\Mitch\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\program files\driver

c:\windows\system32\drivers\UACnqvhtxingxjpxqg.sys

c:\windows\system32\UACifjfwcdpfnunxbc.dat

c:\windows\system32\UACkbcihutcyidpywo.log

c:\windows\system32\UACnlbjhwhehsbehei.dll

c:\windows\system32\UACsjnjqown.dat

c:\windows\system32\UACsrrwndmlgfivruv.log

c:\windows\system32\UACtolplkttbtsajpe.dll

c:\windows\system32\UACuipbqjnlhhikbit.log

c:\windows\system32\UACxnjsyidsnwylixx.dll

c:\windows\system32\UACxnlafitmxhmbwmh.dll

c:\windows\system32\UACyhdaokopeaxpvmv.dll

c:\windows\system32\_003329_.tmp.dll

c:\windows\system32\_003330_.tmp.dll

c:\windows\system32\_003331_.tmp.dll

c:\windows\system32\_003332_.tmp.dll

c:\windows\system32\_003336_.tmp.dll

c:\windows\system32\_003337_.tmp.dll

c:\windows\system32\_003338_.tmp.dll

c:\windows\system32\_003339_.tmp.dll

c:\windows\system32\_003340_.tmp.dll

c:\windows\system32\_003341_.tmp.dll

c:\windows\system32\_003342_.tmp.dll

c:\windows\system32\_003343_.tmp.dll

c:\windows\system32\_003344_.tmp.dll

c:\windows\system32\_003345_.tmp.dll

c:\windows\system32\_003348_.tmp.dll

c:\windows\system32\_003349_.tmp.dll

c:\windows\system32\_003351_.tmp.dll

c:\windows\system32\_003352_.tmp.dll

c:\windows\system32\_003353_.tmp.dll

c:\windows\system32\_003355_.tmp.dll

c:\windows\system32\_003356_.tmp.dll

c:\windows\system32\_003358_.tmp.dll

c:\windows\system32\_003359_.tmp.dll

c:\windows\system32\_003361_.tmp.dll

c:\windows\system32\_003362_.tmp.dll

c:\windows\system32\_003363_.tmp.dll

c:\windows\system32\_003364_.tmp.dll

c:\windows\system32\_003365_.tmp.dll

c:\windows\system32\_003366_.tmp.dll

c:\windows\system32\_003368_.tmp.dll

c:\windows\system32\_003369_.tmp.dll

c:\windows\system32\_003370_.tmp.dll

c:\windows\system32\_003371_.tmp.dll

c:\windows\system32\_003372_.tmp.dll

c:\windows\system32\_003373_.tmp.dll

c:\windows\system32\_003374_.tmp.dll

c:\windows\system32\_003375_.tmp.dll

c:\windows\system32\_003378_.tmp.dll

c:\windows\system32\_003379_.tmp.dll

c:\windows\system32\_003380_.tmp.dll

c:\windows\system32\_003381_.tmp.dll

c:\windows\system32\_003382_.tmp.dll

c:\windows\system32\_003383_.tmp.dll

c:\windows\system32\_003384_.tmp.dll

c:\windows\system32\_003386_.tmp.dll

c:\windows\system32\_003387_.tmp.dll

c:\windows\system32\_003388_.tmp.dll

c:\windows\system32\_003389_.tmp.dll

c:\windows\system32\_003390_.tmp.dll

c:\windows\system32\_003391_.tmp.dll

c:\windows\system32\_003393_.tmp.dll

c:\windows\system32\_003396_.tmp.dll

c:\windows\system32\_003397_.tmp.dll

c:\windows\system32\_003401_.tmp.dll

c:\windows\system32\_003402_.tmp.dll

c:\windows\system32\_003404_.tmp.dll

c:\windows\system32\_003407_.tmp.dll

c:\windows\system32\_003409_.tmp.dll

c:\windows\system32\_003410_.tmp.dll

c:\windows\system32\_003411_.tmp.dll

c:\windows\system32\_003412_.tmp.dll

c:\windows\system32\_003415_.tmp.dll

c:\windows\system32\_003416_.tmp.dll

c:\windows\system32\_003417_.tmp.dll

c:\windows\system32\_003418_.tmp.dll

c:\windows\system32\_003419_.tmp.dll

c:\windows\system32\_003424_.tmp.dll

c:\windows\system32\_003426_.tmp.dll

c:\windows\system32\cookie1.dat

c:\windows\system32\drivers\UACnqvhtxingxjpxqg.sys

c:\windows\system32\tb.dr

c:\windows\system32\UACifjfwcdpfnunxbc.dat

c:\windows\system32\uacinit.dll

c:\windows\system32\UACkbcihutcyidpywo.log

c:\windows\system32\UACnlbjhwhehsbehei.dll

c:\windows\system32\UACsrrwndmlgfivruv.log

c:\windows\system32\UACtolplkttbtsajpe.dll

c:\windows\system32\UACuipbqjnlhhikbit.log

c:\windows\system32\UACxnjsyidsnwylixx.dll

c:\windows\system32\UACxnlafitmxhmbwmh.dll

c:\windows\system32\UACyhdaokopeaxpvmv.dll

c:\windows\system32\ypmqpcqe.ini

c:\windows\wiaserviv.log

c:\windows\wiaservv.log

----- BITS: Possible infected sites -----

hxxp://downloadsoftwareserver.com

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\i386\proquota.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

-------\Legacy_DRIVER

-------\Legacy_DRIVERDRV

-------\Service_driver

-------\Service_driverdrv

((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))

.

2009-06-19 17:50 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe

2009-06-19 17:50 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

2009-06-18 22:25 . 2009-03-05 05:28 89088 -c--a-w- c:\documents and settings\All Users\Application Data\Symantec\Cached Installs\{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}\System32\atl71.dll

2009-06-18 09:29 . 2009-06-18 17:07 117760 ----a-w- c:\documents and settings\Mitch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-06-18 09:29 . 2009-06-18 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-06-18 09:26 . 2009-06-18 09:26 -------- d-----w- c:\documents and settings\Mitch\Application Data\SUPERAntiSpyware.com

2009-06-18 09:26 . 2009-06-18 09:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-06-18 05:19 . 2009-06-18 05:19 -------- d-----w- c:\documents and settings\Nankyung\Local Settings\Application Data\RapidSolution

2009-06-18 05:18 . 2009-06-18 05:18 -------- d-----w- c:\documents and settings\Nankyung\Application Data\WTablet

2009-06-18 02:11 . 2009-06-18 02:11 1 ---h--w- c:\windows\jmmark2.dat

2009-06-17 20:33 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-06-17 10:19 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 10:19 . 2009-06-17 10:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-17 10:19 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-15 07:58 . 2009-06-15 07:58 -------- d-----w- c:\windows\system32\Adobe

2009-06-09 22:03 . 2009-06-09 22:04 -------- d-----w- c:\documents and settings\Mitch\Application Data\ZoomBrowser EX

2009-06-09 07:06 . 2009-06-09 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Ableton

2009-06-09 07:06 . 2009-06-09 07:06 -------- d-----w- c:\documents and settings\Mitch\Application Data\Ableton

2009-05-30 09:13 . 2009-05-30 09:13 -------- d-----w- c:\documents and settings\Mitch\.thumbnails

2009-05-30 05:17 . 2009-05-30 05:17 390664 ----a-w- c:\documents and settings\Mitch\Application Data\Real\RealPlayer\Update\RealPlayer11.exe

2009-05-27 04:38 . 2009-06-19 17:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-19 17:58 . 2009-03-27 05:01 -------- d-----w- c:\documents and settings\Mitch\Application Data\WTablet

2009-06-18 22:27 . 2008-01-06 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-06-18 22:26 . 2008-01-06 09:20 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-06-18 22:26 . 2009-06-18 22:26 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-06-18 22:26 . 2009-06-18 22:26 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-06-18 22:26 . 2009-06-18 22:26 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-06-18 22:26 . 2009-06-18 22:26 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-06-18 22:26 . 2008-01-06 09:20 -------- d-----w- c:\program files\Symantec

2009-06-18 05:35 . 2008-01-06 09:20 -------- d-----w- c:\program files\Symantec AntiVirus

2009-06-18 05:19 . 2008-01-05 06:13 41824 ----a-w- c:\documents and settings\Nankyung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-09 22:04 . 2008-12-20 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser

2009-05-28 04:14 . 2008-01-02 15:19 -------- d-----w- c:\program files\Google

2009-05-20 02:46 . 2008-01-20 05:22 368640 ----a-w- c:\windows\system32\ReWire.dll

2009-05-20 02:46 . 2008-01-20 05:22 233472 ----a-w- c:\windows\system32\REX Shared Library.dll

2009-04-15 05:36 . 2009-04-15 05:36 495616 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\EncodingBackend\lame_enc.dll

2009-04-15 05:10 . 2009-04-15 05:10 466944 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll

2009-04-15 05:10 . 2009-04-15 05:10 197912 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll

2009-04-15 05:10 . 2009-04-15 05:10 177432 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll

2009-04-15 05:10 . 2009-04-15 05:10 169240 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll

2009-04-15 05:10 . 2009-04-15 05:10 136472 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll

2009-04-15 05:10 . 2009-04-15 05:09 1258776 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll

2009-04-11 08:27 . 2008-09-04 07:02 1915520 ----a-w- c:\documents and settings\Mitch\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 68856]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-15 8523776]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-27 178712]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-12 1015808]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"WinampAgent"="c:\apps\sound\Winamp\winampa.exe" [2007-12-20 37376]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-26 185896]

"LWBMOUSE"="c:\program files\GearHead\Wheel Mouse\5.3\MOUSE32A.EXE" [2002-05-24 357376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-15 81920]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]

"iTunesHelper"="c:\apps\sound\iTunes_Mitch\iTunesHelper.exe" [2008-09-11 289576]

"Acrobat Assistant 7.0"="c:\apps\graphics\2d\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-05 115560]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-15 1626112]

c:\documents and settings\Mitch\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-19 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-12-16 25214]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-19 113664]

Alias SketchBook Snapshot.lnk - c:\apps\graphics\2d\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe [2005-6-3 233472]

ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-12-19 253952]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\apps\web\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 19:05 356352 ----a-w- c:\apps\web\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\apps\\web\\BitComet\\BitComet.exe"=

"c:\\apps\\graphics\\3d\\Autodesk\\Maya2008\\bin\\maya.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\apps\\sound\\iTunes_Mitch\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Quake2\\quake2.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14074:TCP"= 14074:TCP:BitComet 14074 TCP

"14074:UDP"= 14074:UDP:BitComet 14074 UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"8085:TCP"= 8085:TCP:driver

R1 SASDIFSV;SASDIFSV;c:\apps\web\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\apps\web\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 1:45 AM 124832]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 1:30 PM 79168]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/26/2009 10:00 PM 1373480]

S2 SqtechUsb;SCAN05C/D USB Driver;c:\windows\system32\drivers\Fusb100.sys [3/15/2008 12:05 AM 64769]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/14/2009 11:23 PM 101936]

S3 SASENUM;SASENUM;c:\apps\web\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

S4 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe --> c:\cygwin\bin\cygrunsrv.exe [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\apps\programming\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 8:01 AM 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]

c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)

Notify-NavLogon - (no file)

SafeBoot-Symantec Antvirus

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.malwarebytes.org/forums/index.php?showtopic=9573

uInternet Settings,ProxyOverride = *.local

IE: &D&ownload &with BitComet - c:\apps\web\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\apps\web\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\apps\web\BitComet\BitComet.exe/AddAllLink.htm

IE: Convert link target to Adobe PDF - c:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

Trusted Zone: turbotax.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-19 10:59

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)

c:\apps\web\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3464)

c:\program files\GearHead\Wheel Mouse\5.3\MOUDL32A.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PSIService.exe

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\windows\system32\WTablet\Wacom_TabletUser.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\apps\graphics\2d\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-06-19 11:02 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-19 18:02

Pre-Run: 20,351,991,808 bytes free

Post-Run: 20,307,562,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

337 --- E O F --- 2008-10-14 06:32

Link to post
Share on other sites

  • Staff

Hi,

This looks Ok again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

Thanks very much for your help! Things seem to be back to normal. I am including the log result of a full system scan from Malwarebytes below. I am able to keep Symantec Endpoint Protection running now, so I will run a full system scan using that as well and see if anything turns up. Should I run HJT again as well?

Thanks,

KM

===Begin MBAM log===

Malwarebytes' Anti-Malware 1.38

Database version: 2309

Windows 5.1.2600 Service Pack 2

6/20/2009 2:44:37 AM

mbam-log-2009-06-20 (02-44-37).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 391057

Time elapsed: 2 hour(s), 26 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

No need to run HJT since the Combofix log actually shows more than HijackThis does and that one looked clean again. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

Thank you very much for your help!

Hi,

No need to run HJT since the Combofix log actually shows more than HijackThis does and that one looked clean again. :P

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.