Jump to content

Help please, can't find infection source

JPD

By JPD
in Resolved Malware Removal Logs

 Share

Recommended Posts

JPD

JPD

Posted
Posted

Hi

My Malwarebytes Anti-Malware keeps flashing up an infected IP address at regular intervals. I have followed the instructions to clean my system with nothing found so far. Please can you advise what to do next :D Many thanks.

Here are my log files:

Malwarebytes' Anti-Malware 1.40

Database version: 2693

Windows 5.1.2600 Service Pack 3

25/08/2009 15:54:07

mbam-log-2009-08-25 (15-54-07).txt

Scan type: Full Scan (C:\|D:\|I:\|)

Objects scanned: 276187

Time elapsed: 1 hour(s), 16 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:49:33, on 27/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Kongsoft\Easy CD Ripper\ezcdrservice.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\giga pocket\GPVSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\sony\giga pocket\USBsircs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Easy CD Ripper Service - Unknown owner - C:\Program Files\Kongsoft\Easy CD Ripper\ezcdrservice.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\giga pocket\GPVSvr.exe

--

End of file - 11920 bytes

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello and welcome to the forum!

Run a scan with RootRepeal, followed by DDS, a scanner tool so I can see the current condition of your machine.

Also, please provide a description of any remaining problems or symptoms you may still have please.

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.

  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the reportTab.png tab at the bottom.
  • Now press the btnScan.png button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    RR_checkbox.jpg
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. saveReport.png
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.

Download and run DDS

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results soon.

    [*]Follow the instructions that pop up for posting the results and then click Ok.

    [*]The black and message box window shall then disappear.

    [*]Please save both log files on your desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Also, please provide a description of any remaining problems or symptoms you may still have please.

With Regards,

Extremeboy

Link to post
Share on other sites
JPD

JPD

Posted
  • Author
Posted

Hi Thank you for your help!

RootRepeal downloaded OK but crashes during scan :

ROOTREPEAL CRASH REPORT

-------------------------

Windows Version: Windows XP SP3

Exception Code: 0xc0000094

Exception Address: 0x004eca19

DDS log file as follows:

DDS (Ver_09-07-30.01) - NTFSx86

Run by Penny Darragh at 8:13:40.37 on 03/09/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1436 [GMT 1:00]

AV: avast! antivirus 4.8.1351 [VPS 090901-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Kongsoft\Easy CD Ripper\ezcdrservice.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Sony\giga pocket\GPVSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\sony\giga pocket\USBsircs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

I:\--=Penny's Data=--\Downloads\RootRepeal\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [kdx] c:\program files\kontiki\KHost.exe -all

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageworkstation\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageworkstation\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [<NO NAME>]

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gigapo~1.lnk - c:\program files\sony\giga pocket\USBsircs.exe

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm

IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: sony-europe.com

Trusted Zone: sonystyle-europe.com

Trusted Zone: vaio-link.com

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240555013905&h=d1a25a87075a99ea0c33fcbcb8439030/&filename=jinstall-6u13-windows-i586-jc.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-26 28544]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-23 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-23 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-23 138680]

R2 Easy CD Ripper Service;Easy CD Ripper Service;c:\program files\kongsoft\easy cd ripper\ezcdrservice.exe [2007-3-17 23552]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-24 232720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-24 19096]

R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-4-4 70016]

R3 PhTVTune;Sony TV Tuner (4830) WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2002-11-4 27520]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-23 352920]

=============== Created Last 30 ================

2009-09-02 22:51 <DIR> --dsh--- c:\documents and settings\penny darragh\IECompatCache

2009-08-27 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure

2009-08-27 15:49 <DIR> --d----- c:\program files\Trend Micro

2009-08-27 08:42 <DIR> --dsh--- c:\documents and settings\penny darragh\PrivacIE

2009-08-27 08:39 <DIR> --dsh--- c:\documents and settings\penny darragh\IETldCache

2009-08-27 08:29 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll

2009-08-27 08:29 <DIR> --d----- c:\windows\ie8updates

2009-08-27 08:29 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll

2009-08-27 08:29 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll

2009-08-27 08:27 <DIR> -cd-h--- c:\windows\ie8

2009-08-26 22:12 28,544 a------- c:\windows\system32\drivers\pavboot.sys

2009-08-26 22:11 <DIR> --d----- c:\program files\Panda Security

2009-08-24 18:24 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat

2009-08-24 07:51 <DIR> --d----- c:\windows\system32\XPSViewer

2009-08-24 07:50 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-24 07:50 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-24 07:50 117,760 -------- c:\windows\system32\prntvpt.dll

2009-08-24 07:50 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll

2009-08-24 07:50 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-24 07:50 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-08-24 07:50 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-08-24 07:40 <DIR> --d----- c:\program files\MSXML 4.0

2009-08-23 21:47 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll

2009-08-23 21:04 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2009-08-23 21:01 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb

2009-08-23 21:01 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

2009-08-23 21:01 2,560 -------- c:\windows\system32\xpsp4res.dll

2009-08-23 21:00 272,128 -c------ c:\windows\system32\dllcache\bthport.sys

2009-08-23 20:54 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll

2009-08-23 20:54 284,160 -c------ c:\windows\system32\dllcache\pdh.dll

2009-08-23 20:54 110,592 -c------ c:\windows\system32\dllcache\services.exe

2009-08-23 20:54 730,112 -c------ c:\windows\system32\dllcache\lsasrv.dll

2009-08-23 20:54 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll

2009-08-23 20:54 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll

2009-08-23 20:54 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll

2009-08-23 20:54 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll

2009-08-23 20:54 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe

2009-08-23 20:54 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-08-23 20:54 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2009-08-23 20:54 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2009-08-23 20:50 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx

2009-08-23 20:41 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys

2009-08-23 20:41 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-08-23 20:40 333,952 -c------ c:\windows\system32\dllcache\srv.sys

2009-08-23 20:40 331,776 -c------ c:\windows\system32\dllcache\msadce.dll

2009-08-23 20:39 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll

2009-08-23 19:35 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

2009-08-09 09:38 <DIR> --d----- c:\program files\OscilloMeter

2009-08-05 10:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-07-29 05:37 119,808 a------- c:\windows\system32\t2embed.dll

2009-07-29 05:37 81,920 a------- c:\windows\system32\fontsub.dll

2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll

2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll

2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll

2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll

2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll

2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll

2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll

2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe

2009-06-10 15:13 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-06-10 07:14 132,096 a------- c:\windows\system32\wkssvc.dll

============= FINISH: 8:13:55.81 ===============

Details of DDS attach log file attached.

The problems I am still experiencing are random infection detect alerts, mainly but not exclusively from one IP address: 77.37.8.25

I don't want to assume that these infection detect alerts are false positives in case I have a real infection.

I am very grateful for any further guidance.

Attach.rar

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

Run GMER...

Download and Run Scan with GMER

We will use GMER to scan for rootkits.

  • Please download GMER from one of the following locations, and save it to your desktop:

    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click gmerRandomIcon.png or gmerDesktopIcon.png on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.

  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    gmerNoDialog.png

  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)

    [*]Click on btnScan.png and wait for the scan to finish.

    [*]If you see a rootkit warning window, click OK.

    [*]Push btnSave.png and save the logfile to your desktop.

    [*]Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running

*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

Link to post
Share on other sites
JPD

JPD

Posted
  • Author
Posted

Thank you again for your help and advice.

Here is the log file from GMER:

GMER 1.0.15.15077 [pxf1zp1m.exe] - http://www.gmer.net

Rootkit scan 2009-09-03 18:44:10

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB80656B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB8065574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB8065A52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB806514C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB806564E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB806508C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB80650F0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB806576E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB806572E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB80658AE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

That looks fine.

Overall not too much going around from what I see in the logs you posted.

Please do the following...

Update Java to Version 6 Update 16

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.

-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.

-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the kaspersky_scan_now.gif button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Kasaccept.png button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the KasperskySettings.png ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Kassave.png button, if you made any changes.

    [*]Now under the Scan section on the left:

    Select My Computer

    [*]The program will now start and scan your system. This will run for a while, be patient and let it finish.

    [*]Once the scan is complete, click on View scan report

    [*]Now, click on the Save Report as button.

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,

Extremeboy

Link to post
Share on other sites
JPD

JPD

Posted
  • Author
Posted

Hi again!

I have updated Java as you suggested.

Here is the Kaspersky Scan log file:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, September 4, 2009

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, September 03, 2009 23:36:26

Records in database: 2743830

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan statistics:

Objects scanned: 139989

Threats found: 1

Infected objects found: 0

Suspicious objects found: 6

Scan duration: 07:51:53

File name / Threat / Threats count

D:\My Documents\OutLook\- old - Penny Darragh.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 2

D:\My Documents\OutLook\- old - Penny Darragh.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2

D:\My Documents\OutLook\Penny Darragh.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2

Selected area has been scanned.

Here is the DDS log file (with 2nd one attached):

DDS (Ver_09-07-30.01) - NTFSx86

Run by Penny Darragh at 9:31:19.89 on 04/09/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1454 [GMT 1:00]

AV: avast! antivirus 4.8.1351 [VPS 090903-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\sony\giga pocket\USBsircs.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Kongsoft\Easy CD Ripper\ezcdrservice.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Sony\giga pocket\GPVSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

I:\--=Penny's Data=--\Downloads\RootRepeal\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.sony-europe.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [kdx] c:\program files\kontiki\KHost.exe -all

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageworkstation\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageworkstation\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [<NO NAME>]

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gigapo~1.lnk - c:\program files\sony\giga pocket\USBsircs.exe

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm

IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: sony-europe.com

Trusted Zone: sonystyle-europe.com

Trusted Zone: vaio-link.com

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-26 28544]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-23 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-23 20560]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-23 138680]

R2 Easy CD Ripper Service;Easy CD Ripper Service;c:\program files\kongsoft\easy cd ripper\ezcdrservice.exe [2007-3-17 23552]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-24 232720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-24 19096]

R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-4-4 70016]

R3 PhTVTune;Sony TV Tuner (4830) WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2002-11-4 27520]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-23 352920]

=============== Created Last 30 ================

2009-09-03 22:01 73,728 a------- c:\windows\system32\javacpl.cpl

2009-09-02 22:51 <DIR> --dsh--- c:\documents and settings\penny darragh\IECompatCache

2009-08-27 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure

2009-08-27 15:49 <DIR> --d----- c:\program files\Trend Micro

2009-08-27 08:42 <DIR> --dsh--- c:\documents and settings\penny darragh\PrivacIE

2009-08-27 08:39 <DIR> --dsh--- c:\documents and settings\penny darragh\IETldCache

2009-08-27 08:29 100,352 -c------ c:\windows\system32\dllcache\iecompat.dll

2009-08-27 08:29 <DIR> --d----- c:\windows\ie8updates

2009-08-27 08:29 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll

2009-08-27 08:29 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll

2009-08-27 08:27 <DIR> -cd-h--- c:\windows\ie8

2009-08-26 22:12 28,544 a------- c:\windows\system32\drivers\pavboot.sys

2009-08-26 22:11 <DIR> --d----- c:\program files\Panda Security

2009-08-24 18:24 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat

2009-08-24 07:51 <DIR> --d----- c:\windows\system32\XPSViewer

2009-08-24 07:50 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-24 07:50 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-24 07:50 117,760 -------- c:\windows\system32\prntvpt.dll

2009-08-24 07:50 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll

2009-08-24 07:50 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-24 07:50 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-08-24 07:50 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-08-24 07:40 <DIR> --d----- c:\program files\MSXML 4.0

2009-08-23 21:47 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll

2009-08-23 21:04 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

2009-08-23 21:01 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb

2009-08-23 21:01 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

2009-08-23 21:01 2,560 -------- c:\windows\system32\xpsp4res.dll

2009-08-23 21:00 272,128 -c------ c:\windows\system32\dllcache\bthport.sys

2009-08-23 20:54 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll

2009-08-23 20:54 284,160 -c------ c:\windows\system32\dllcache\pdh.dll

2009-08-23 20:54 110,592 -c------ c:\windows\system32\dllcache\services.exe

2009-08-23 20:54 730,112 -c------ c:\windows\system32\dllcache\lsasrv.dll

2009-08-23 20:54 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll

2009-08-23 20:54 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll

2009-08-23 20:54 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll

2009-08-23 20:54 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll

2009-08-23 20:54 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe

2009-08-23 20:54 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-08-23 20:54 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2009-08-23 20:54 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2009-08-23 20:50 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx

2009-08-23 20:41 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys

2009-08-23 20:41 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-08-23 20:40 333,952 -c------ c:\windows\system32\dllcache\srv.sys

2009-08-23 20:40 331,776 -c------ c:\windows\system32\dllcache\msadce.dll

2009-08-23 20:39 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll

2009-08-23 19:35 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

2009-08-09 09:38 <DIR> --d----- c:\program files\OscilloMeter

2009-08-05 10:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-09-03 22:01 411,368 a------- c:\windows\system32\deploytk.dll

2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-07-29 05:37 119,808 a------- c:\windows\system32\t2embed.dll

2009-07-29 05:37 81,920 a------- c:\windows\system32\fontsub.dll

2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll

2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll

2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll

2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll

2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll

2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll

2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll

2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe

2009-06-10 15:13 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-06-10 07:14 132,096 a------- c:\windows\system32\wkssvc.dll

============= FINISH: 9:31:33.81 ===============

I have been getting no additional symptoms other than Malwarebytes detection alerts, however Malwarebytes Anti-Malware has been disabled for most of the tests, only being enabled during the posting of replies to this forum, so the alerts have been less frequent.

Many thanks for your ongoing help and support, I really appreciate it.

Attach.rar

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

Those log looks good.

Kaspersky detected these infected outlook e-mail folders.

D:\My Documents\OutLook\- old - Penny Darragh.bak

D:\My Documents\OutLook\- old - Penny Darragh.pst

D:\My Documents\OutLook\Penny Darragh.pst

Those look like backups to me and not the actual mail folder that Outlook uses. I suggest you delete thoes, if you don't use it, otherwise, you may keep it. However, please be careful as one or more mails in those folder is infected.

--

Log looks clean, you don't have any infections left on your system.

--

Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :(

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.

Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Congratulations! You now appear clean! :(

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

[*]Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites
JPD

JPD

Posted
  • Author
Posted

Many thanks again for all your help and advice, I will follow it carefully.

Please can I ask one more question before you close this thread? Can you tell me where I can safely check the IP addresses that Malwarebytes Anti-Malware gives in the infection alert windows? I would like to determine whether the possible infection is suspicious or serious!

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

What Malwarebytes detects or flags Ip addresses as malicious means it's "bad". Serious or not, I don't think you should worry. You need to be alerted. If you want to ask what that IP address may be, you can always post back here in this forum. Sometimes, googling the IP address will also give you some information on the infection. However, please be careful when doing so, as sometimes links in google are malicious as well.

If you ever find out or think it may be a false-positive alert, you can post it in this forum: http://www.malwarebytes.org/forums/index.php?showforum=42

With Regards,

Extremeboy

Link to post
Share on other sites
extremeboy

extremeboy

Posted
Posted

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad we could help ;)

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,

Extremeboy

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.