Jump to content

Is it clean now?


Recommended Posts

I was infected recently - not sure exactly what but I did notice a fake spyware/antivirus program.

Also it took out my wallpaper on my XP Pro SP2 machine.

Initially I wasn't able to launch Malwarebytes, the mbam.exe was gone. Even when I tried to reinstall it it was missing.

Long story short I was able run by getting a copy of from my other machine on a flash drive.

So I was able to run Malwarebytes and it found some issues and fixed them.

However, I'm not sure if everything is gone and clean.

Could you please take a look at the logs and tell me if I need to take further action.

Thanks in advance for your time and effort.

Initial Malwarebytes log showing the infections:

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

10/25/2009 10:00:05 PM

mbam-log-2009-10-25 (22-00-05).txt

Scan type: Full Scan (C:\|)

Objects scanned: 344482

Time elapsed: 2 hour(s), 41 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\99468238 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\All Users\Application Data\99468238\99468238.bat (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bawaruno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\doneluvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kanolalo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\levujiku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Latest Malwarebytes Log

Malwarebytes' Anti-Malware 1.41

Database version: 3037

Windows 5.1.2600 Service Pack 3

10/26/2009 10:37:57 PM

mbam-log-2009-10-26 (22-37-57).txt

Scan type: Quick Scan

Objects scanned: 146787

Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:51:37 PM, on 10/26/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Name of App] C:\Program Files\Samsung\FW LiveUpdate\Liveupdate.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\mazinga\LOCALS~1\temp\HSPERF~1.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\OSSSAC18\PK_2_~1.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\OSSSAC18\DIB89B~1.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\WLIV16MJ\AUDIO_~1.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\OSSSAC18\DIB89D~1.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\EJQNI2CP\WORDCL~1.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\OSSSAC18\DISPLA~3.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\OSSSAC18\L_2_~1.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\EJQNI2CP\DISPLA~4.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\OSSSAC18\DISPLA~4.SH! C:\DOCUME~1\Mazinga\LOCALS~1\TEMPOR~1\Content.IE5\EJQNI2CP\PARENT~1.SH!

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.filenori.co.kr

O15 - Trusted Zone: http://*.filenori.com

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://mpsnet.com/JavaVM3186.exe

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab

O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB

O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F2965546-AD6C-4C52-8A80-2A336FB50CA8} (FilenoriDownloadControl Control) - http://korea.filenori.com/app/FilenoriDownloadControl.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL wbsys.dll kusitozo.dll

O21 - SSODL: mayuzapus - {1ef401c6-8dea-42e1-8d95-eee5fef8bf91} - (no file)

O21 - SSODL: jurenokez - {99ffb361-f1f6-461a-961f-2b56a3879424} - (no file)

O21 - SSODL: migulatab - {1dfc69e6-0654-414a-858e-8dc2dc26bb50} - (no file)

O21 - SSODL: gevikudur - {55eebeb2-bbd6-468f-a517-f2cce17dcf4c} - (no file)

O21 - SSODL: rasuvewol - {5ac92a2b-17db-465d-8936-6f7ebea710a8} - (no file)

O21 - SSODL: bugoruvaf - {d9f5e06e-975b-4422-a754-e00879e0328c} - (no file)

O21 - SSODL: kowodafob - {6e6d75fa-fe01-4959-ad1b-c448bcf828ff} - (no file)

O22 - SharedTaskScheduler: tokatiluy - {1ef401c6-8dea-42e1-8d95-eee5fef8bf91} - (no file)

O22 - SharedTaskScheduler: kupuhivus - {99ffb361-f1f6-461a-961f-2b56a3879424} - (no file)

O22 - SharedTaskScheduler: gahurihor - {1dfc69e6-0654-414a-858e-8dc2dc26bb50} - (no file)

O22 - SharedTaskScheduler: mujuzedij - {55eebeb2-bbd6-468f-a517-f2cce17dcf4c} - (no file)

O22 - SharedTaskScheduler: tokatiluy - {5ac92a2b-17db-465d-8936-6f7ebea710a8} - (no file)

O22 - SharedTaskScheduler: kupuhivus - {d9f5e06e-975b-4422-a754-e00879e0328c} - (no file)

O22 - SharedTaskScheduler: jugezatag - {6e6d75fa-fe01-4959-ad1b-c448bcf828ff} - (no file)

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

O23 - Service: Service1 - Alorica Inc. - C:\Documents and Settings\Mazinga\Desktop\WindowsService1\WindowsService1\bin\Debug\windowsservice1.exe

--

End of file - 10591 bytes

Link to post
Share on other sites

  • Root Admin

STEP 01

With all other applications closed (Taskbar empty), open HijackThis again

and run Do a system scan only and place a check mark on the following items.


  • O15 - Trusted Zone: http://*.filenori.co.kr
  • O15 - Trusted Zone: http://*.filenori.com
  • O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://mpsnet.com/JavaVM3186.exe
  • O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
  • O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab
  • O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
  • O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///D:/components/hidinputmonitorx.ocx
  • O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
  • O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx
  • O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
  • O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
  • O16 - DPF: {F2965546-AD6C-4C52-8A80-2A336FB50CA8} (FilenoriDownloadControl Control) - http://korea.filenori.com/app/FilenoriDownloadControl.cab
  • O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL wbsys.dll kusitozo.dll
  • O21 - SSODL: mayuzapus - {1ef401c6-8dea-42e1-8d95-eee5fef8bf91} - (no file)
  • O21 - SSODL: jurenokez - {99ffb361-f1f6-461a-961f-2b56a3879424} - (no file)
  • O21 - SSODL: migulatab - {1dfc69e6-0654-414a-858e-8dc2dc26bb50} - (no file)
  • O21 - SSODL: gevikudur - {55eebeb2-bbd6-468f-a517-f2cce17dcf4c} - (no file)
  • O21 - SSODL: rasuvewol - {5ac92a2b-17db-465d-8936-6f7ebea710a8} - (no file)
  • O21 - SSODL: bugoruvaf - {d9f5e06e-975b-4422-a754-e00879e0328c} - (no file)
  • O21 - SSODL: kowodafob - {6e6d75fa-fe01-4959-ad1b-c448bcf828ff} - (no file)
  • O22 - SharedTaskScheduler: tokatiluy - {1ef401c6-8dea-42e1-8d95-eee5fef8bf91} - (no file)
  • O22 - SharedTaskScheduler: kupuhivus - {99ffb361-f1f6-461a-961f-2b56a3879424} - (no file)
  • O22 - SharedTaskScheduler: gahurihor - {1dfc69e6-0654-414a-858e-8dc2dc26bb50} - (no file)
  • O22 - SharedTaskScheduler: mujuzedij - {55eebeb2-bbd6-468f-a517-f2cce17dcf4c} - (no file)
  • O22 - SharedTaskScheduler: tokatiluy - {5ac92a2b-17db-465d-8936-6f7ebea710a8} - (no file)
  • O22 - SharedTaskScheduler: kupuhivus - {d9f5e06e-975b-4422-a754-e00879e0328c} - (no file)
  • O22 - SharedTaskScheduler: jugezatag - {6e6d75fa-fe01-4959-ad1b-c448bcf828ff} - (no file)
    Then Quit All Browsers including the one you're reading this in now.
    Then click on Fix checked and then quit HJT

STEP 02

Please click on START - RUN and type or copy/paste the following into the run line.

cmd /k schtasks /query /FO LIST /V

Please click on START - RUN and type or copy/paste the following into the run line.

cmd /k sc queryex Schedule

Then post back what they say.

STEP 03

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

cmd /k schtasks /query /FO LIST /V

HostName: XP

TaskName: AppleSoftwareUpdate

Next Run Time: 10:42:00, 10/30/2009

Status:

Last Run Time: 10:42:00, 10/23/2009

Last Result: 0

Creator: SYSTEM

Schedule: At 10:42 AM every Fri of every week, starting 3/29/2007

Task To Run: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task

Start In: N/A

Comment: N/A

Scheduled Task State: Enabled

Scheduled Type: Weekly

Start Time: 10:42:00

Start Date: 3/29/2007

End Date: N/A

Days: FRIDAY

Months: N/A

Run As User: NT AUTHORITY\SYSTEM

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: XP

TaskName: McDefragTask

Next Run Time: 01:00:00, 11/15/2009

Status:

Last Run Time: 01:00:00, 6/15/2009

Last Result: 0

Creator: Mazinga

Schedule: At 1:00 AM on day 15 of every month, starting 3/21/2009

Task To Run: c:\PROGRA~1\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f

Start In: N/A

Comment: Disk Defragmenter

Scheduled Task State: Enabled

Scheduled Type: Monthly

Start Time: 01:00:00

Start Date: 3/21/2009

End Date: N/A

Days: 15

Months: JAN,FEB,MAR,APR,MAY,JUN,JUL,AUG,SEP,OCT,NOV,DEC

Run As User: XP\Mazinga

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: XP

TaskName: McQcTask

Next Run Time: 01:00:00, 11/1/2009

Status:

Last Run Time: 01:00:00, 7/1/2009

Last Result: 0

Creator: Mazinga

Schedule: At 1:00 AM on day 1 of every month, starting 3/21/2009

Task To Run: c:\PROGRA~1\mcafee\mqc\QcConsol.exe 14 0

Start In: c:\PROGRA~1\mcafee\mqc

Comment: McAfee McAfee QuickClean

Scheduled Task State: Enabled

Scheduled Type: Monthly

Start Time: 01:00:00

Start Date: 3/21/2009

End Date: N/A

Days: 1

Months: JAN,FEB,MAR,APR,MAY,JUN,JUL,AUG,SEP,OCT,NOV,DEC

Run As User: XP\Mazinga

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: Disabled

HostName: XP

TaskName: shutdown

Next Run Time: Never

Status:

Last Run Time: 05:32:00, 11/1/2007

Last Result: -1073741510

Creator: Mazinga

Schedule: At 5:32 AM on 11/1/2007

Task To Run: C:\Documents and Settings\Mazinga\Desktop\shutdown.bat

Start In: C:\Documents and Settings\Mazinga\Desktop

Comment: N/A

Scheduled Task State: Enabled

Scheduled Type: One Time Only

Start Time: 05:32:00

Start Date: 11/1/2007

End Date: N/A

Days: N/A

Months: N/A

Run As User: XP\Mazinga

Delete Task If Not Rescheduled: Disabled

Stop Task If Runs X Hours and X Mins: 72:0

Repeat: Every: Disabled

Repeat: Until: Time: Disabled

Repeat: Until: Duration: Disabled

Repeat: Stop If Still Running: Disabled

Idle Time: Disabled

Power Management: No Start On Batteries, Stop On Battery Mode

C:\Documents and Settings\Mazinga>

cmd /k sc queryex Schedule

SERVICE_NAME: Schedule

TYPE : 120 WIN32_SHARE_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 888

FLAGS :

DDS.txt

DDS (Ver_09-10-26.01) - NTFSx86

Run by Mazinga at 19:57:42.20 on 10/29/2009 Thu

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.1015.370 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\lexpps.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\system32\notepad.exe

c:\PROGRA~1\mcafee\msc\mcshell.exe

C:\Documents and Settings\Mazinga\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [PowerBar]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [<NO NAME>]

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\mazinga\locals~1\temp\hsperf~1.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\osssac18\pk_2_~1.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\osssac18\dib89b~1.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\wliv16mj\audio_~1.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\osssac18\dib89d~1.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\ejqni2cp\wordcl~1.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\osssac18\displa~3.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\osssac18\l_2_~1.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\ejqni2cp\displa~4.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\osssac18\displa~4.sh! c:\docume~1\mazinga\locals~1\tempor~1\content.ie5\ejqni2cp\PARENT~1.SH!

uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"

mRun: [CHotkey] mHotkey.exe

mRun: [ledpointer] CNYHKey.exe

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [Name of App] c:\program files\samsung\fw liveupdate\Liveupdate.exe

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [NPSStartup]

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - c:\program files\yamaha\midradio player\MidRadio.ocx

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxsrvc.dll

Notify: LMIinit - LMIinit.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

LSA: Notification Packages = scecli takihiru.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mazinga\applic~1\mozilla\firefox\profiles\59f0gg4c.default\

FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\mazinga\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\mazinga\application data\mozilla\plugins\npAbacast.dll

FF - plugin: c:\documents and settings\mazinga\application data\mozilla\plugins\NPAbacheck.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll

FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-2-23 33920]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-2-4 233472]

R2 GLOGODrv;GLOGODrv;c:\windows\system32\drivers\GLOGODrv.sys [2004-10-4 13332]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-22 47640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-21 203280]

R3 cmudax;C-Media Azalia Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-10-3 1385664]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-2-4 36608]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-3 19677]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2009-10-27 04:49:56 0 d-----w- c:\program files\Trend Micro

2009-10-26 06:47:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-10-26 05:17:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-26 05:17:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-25 22:30:17 0 d-----w- c:\docume~1\alluse~1\applic~1\jumidani

2009-10-25 22:30:17 0 d-----w- c:\docume~1\alluse~1\applic~1\gitoribo

2009-10-25 22:30:17 0 d-----w- c:\docume~1\alluse~1\applic~1\fefiyiri

2009-10-23 05:02:39 2713 --sh--w- c:\windows\system32\wurizuto.exe

==================== Find3M ====================

2009-09-16 17:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-09-16 17:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2009-09-16 17:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-09-16 17:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-09-16 17:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

2005-09-09 00:14:36 42496 ----a-w- c:\program files\pidca.dll

2004-03-11 20:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2009-06-13 17:51:44 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-09-16 07:05:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat

============= FINISH: 19:58:49.81 ===============

Attach.txt

I zipped it up and attached it.

Attach.zip

Link to post
Share on other sites

  • Root Admin

Please run the following online scanner and post back the log.

nod32scanner.jpg

Please temporarily
disable
your current Anti-Virus in order to run this Online Scanner.

Using Internet Explorer:

  • Vista and Windows 7
    users need to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select
    "Run as Administrator"
    from the context menu.

  • Click
    here
    to run the Eset Online Scanner using Internet Explorer.

  • Click on the
    ESET Online Scanner
    button.

  • Click on the checkbox
    Yes, I accpet the Terms of Use
    and click on the Start button.

  • By default the ActiveX installer will be blocked by Internet Explorer. You should see a yellow banner at the top of the Window.

  • Click the top of the Window and select "Run ActiveX
    C
    ontrol" and then click the
    Run
    button on the next dialog box.

  • Click the
    Retry
    button if prompted to resend the request to load and run the ActiveX control from ESET

  • Make sure you
    Uncheck
    the
    Remove found threats
    checkbox in case we need you to submit a copy of any files found.

  • Click on the
    Advanced settings
    selection in the middle and place a checkmark on the following items

  • Scan for potentially unwanted applications

  • Scan for potentially unsafe applications

  • Enable Anti-Stealth technology

  • Under Current scan targets: click the Change... item and make sure it's set to Local drives and the Operating memory

  • Then click on the Start button and it will start downloading signature database files to update the program
  • Once the database files are downloaded it should automatically start scanning your system for threats.
  • When the scanner is done please click on the List of found threats and click on Export to text file...
  • Save the file as NOD32_SCAN.TXT to your Desktop
  • Click the << Back button. For now do not uninstall the program or delete the quarantine files, just click the Finish button.
  • The next screen is advertisement to purchase the product. You can just close that window for now.
  • If we need to run the program later on it can be ran from here: C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
  • Open the file you saved to your Desktop as NOD32_SCAN.TXT and select all and copy/paste it back on your next reply

Using Another Browser

  • Please click
    here
    to launch the application which installs and launches ESET Online Scanner in a separate window.

  • You will first need to save the file to your Desktop and double-click on it to run it.
    Vista and Windows 7
    users need to right-click and choose
    "Run as Administrator"

  • You will should be prompted with "
    Do you want to run this file?
    ", click on the Run button.

  • Click on the checkbox
    Yes, I accpet the Terms of Use
    and click on the Start button.

  • The program will download further files to use with the scanner and allow you to change options.

  • Make sure you
    Uncheck
    the
    Remove found threats
    checkbox in case we need you to submit a copy of any files found.

  • Click on the
    Advanced settings
    selection in the middle and place a checkmark on the following items

  • Scan for potentially unwanted applications

  • Scan for potentially unsafe applications

  • Enable Anti-Stealth technology

  • Under Current scan targets: click the Change... item and make sure it's set to Local drives and the Operating memory

  • Then click on the Start button and it will start downloading signature database files to update the program
  • Once the database files are downloaded it should automatically start scanning your system for threats.
  • When the scanner is done please click on the List of found threats and click on Export to text file...
  • Save the file as NOD32_SCAN.TXT to your Desktop
  • Click the << Back button. For now do not uninstall the program or delete the quarantine files, just click the Finish button.
  • The next screen is advertisement to purchase the product. You can just close that window for now.
  • If we need to run the program later on it can be ran from here: C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
  • Open the file you saved to your Desktop as NOD32_SCAN.TXT and select all and copy/paste it back on your next reply

Link to post
Share on other sites

  • Root Admin

Okay please go ahead and uninstall NOD32 and download the following tool and run it. When asked to reboot please do.

http://oldtimer.geekstogo.com/OTC.exe

Then run this one more time and we should be done.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log

Link to post
Share on other sites

I think we're looking good! (crossing my fingers)

Malwarebytes' Anti-Malware 1.41

Database version: 3064

Windows 5.1.2600 Service Pack 3

10/30/2009 11:38:51 PM

mbam-log-2009-10-30 (23-38-51).txt

Scan type: Quick Scan

Objects scanned: 147859

Time elapsed: 9 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Root Admin

Great, all looks good now.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.

So how did I get infected in the first place?

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.

Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster

Download it from
here

Find here the tutorial on how to use Spyware Blaster
here

Install WinPatrol

Download it from
here

Here you can find information about how WinPatrol works
here

Install FireTrust SiteHound

You can find information and download it from
here

Install hpHosts

Download it from
here

hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,

tracking and malicious websites. This prevents your computer from connecting to these untrusted sites

by redirecting them to 127.0.0.1 which is your own local computer.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Visit Microsoft often to get the latest updates for your computer.

Note 1:

If you are running Windows XP
SP2
, you should upgrade to
SP3
.

Note 2:

Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.

The security suite can then be reinstalled afterwards.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.

I recommend
Online Armor Free

A little outdated but good reading on

how to prevent Malware

Keep safe online and happy surfing.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.