Jump to content

Advanced virus Remover


rhays

Recommended Posts

Okay let's try this again

I have done all in the tutorial I Think

My last malwarebytes log:

Malwarebytes' Anti-Malware 1.41

Database version: 3258

Windows 5.1.2600 Service Pack 3

11/29/2009 4:11:21 PM

mbam-log-2009-11-29 (16-11-21).txt

Scan type: Quick Scan

Objects scanned: 108118

Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ark.zip

dds log:

DDS (Ver_09-11-29.01) - NTFSx86

Run by Roger at 21:32:56.29 on Mon 11/30/2009

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2486 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\EzBackup\EZ-Backup Manager\EzBackup.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Home Server\WHSConnector.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Documents and Settings\Roger\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll

TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: vedilune.dll c:\windows\system32\fenoyoyu.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: jokinameg - {79a850ae-adfd-496e-a4ba-b55f5051e77e} - c:\windows\system32\fenoyoyu.dll

SSODL: zeradumib - {870af123-b0ab-44fc-9f0f-962c24e8ebba} - c:\windows\system32\fenoyoyu.dll

SSODL: rimekoveh - {3387685e-f6cb-4cfd-bf6e-4cdeadba19f0} - c:\windows\system32\fenoyoyu.dll

SSODL: milazabim - {3691080a-71f6-47b8-9d8b-a6adba7d6649} - c:\windows\system32\fenoyoyu.dll

SSODL: faletunom - {92cd9095-8c68-4e61-9103-1e672bd9d1dc} - c:\windows\system32\fenoyoyu.dll

SSODL: dolidurag - {764cc29e-8342-4e5c-a493-2f7db118b711} - c:\windows\system32\fenoyoyu.dll

SSODL: fuyopeyuj - {6fa92de6-4e9c-4c5a-9843-457cc97138d2} - c:\windows\system32\fenoyoyu.dll

SSODL: defuwowot - {bab8b927-a883-40bd-aedc-cc0a94ce9a41} - c:\windows\system32\fenoyoyu.dll

STS: jugezatag: {79a850ae-adfd-496e-a4ba-b55f5051e77e} - c:\windows\system32\fenoyoyu.dll

STS: mujuzedij: {870af123-b0ab-44fc-9f0f-962c24e8ebba} - c:\windows\system32\fenoyoyu.dll

STS: gahurihor: {3387685e-f6cb-4cfd-bf6e-4cdeadba19f0} - c:\windows\system32\fenoyoyu.dll

STS: gahurihor: {3691080a-71f6-47b8-9d8b-a6adba7d6649} - c:\windows\system32\fenoyoyu.dll

STS: tokatiluy: {92cd9095-8c68-4e61-9103-1e672bd9d1dc} - c:\windows\system32\fenoyoyu.dll

STS: jugezatag: {764cc29e-8342-4e5c-a493-2f7db118b711} - c:\windows\system32\fenoyoyu.dll

STS: kupuhivus: {6fa92de6-4e9c-4c5a-9843-457cc97138d2} - c:\windows\system32\fenoyoyu.dll

STS: mujuzedij: {bab8b927-a883-40bd-aedc-cc0a94ce9a41} - c:\windows\system32\fenoyoyu.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Notification Packages = scecli dufogawi.dll

Hosts: 192.168.1.106 HP000E7FD66B8F

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\roger\applic~1\mozilla\firefox\profiles\j7gsmy0h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]

R2 BCMNTIO;BCMNTIO;d:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-10-9 3744]

R2 EZ-Backup Manager;EZ-Backup Manager;c:\program files\ezbackup\ez-backup manager\EzBackup.exe [2006-10-1 1123840]

R2 MAPMEM;MAPMEM;d:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-10-9 3904]

R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2009-10-7 376680]

R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [2009-10-31 219072]

R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [2009-10-31 5120]

R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [2009-10-31 8704]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2006-10-1 194304]

S2 gupdate1c9eafe5b6961f4;Google Update Service (gupdate1c9eafe5b6961f4);c:\program files\google\update\GoogleUpdate.exe [2009-6-11 133104]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2007-9-6 46368]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-29 19160]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-12-01 02:28:37 0 ----a-w- c:\documents and settings\roger\defogger_reenable

2009-11-29 19:54:42 0 d-----w- c:\docume~1\roger\applic~1\Malwarebytes

2009-11-29 19:54:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-29 19:54:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-29 19:54:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-29 19:54:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-11-28 16:18:22 0 d-----w- c:\program files\Microsoft Security Essentials

2009-11-28 15:06:30 0 ----a-w- c:\windows\system32\26500.exe

2009-11-28 14:46:30 0 ----a-w- c:\windows\system32\6334.exe

2009-11-28 14:05:35 410 ----a-w- c:\windows\BRWMARK.INI

2009-11-28 14:05:34 26 ----a-w- c:\windows\BRPP2KA.INI

2009-11-28 13:51:21 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-28 12:54:49 0 ----a-w- c:\windows\system32\18467.exe

2009-11-27 02:44:21 741 ----a-w- c:\windows\system32\spyware.bac

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 00:33:23 38400 --sha-w- c:\windows\system32\nukubufa.dll

2009-08-29 00:33:23 61952 --sha-w- c:\windows\system32\wogunawa.dll

============= FINISH: 21:33:30.89 ===============

attached should be the two zip files

While the system is up and running fine now

I have an issue that started after the second running of the malware program

I had to run it twice because it apparently didn't get all out that was needed,

The avr came back after the first scan.

Anyway the issue I have is all the icons on my desktop are highlighted.

While not a big deal if anyone can tell me how to fix it I would appreciate it.

I assume? that it is a registry entry gone haywire?

Thanks in advance

Attach.zip

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

My apologies for the delay.

Please update MBAM, run a Quick Scan, and post its log.

Next, please download and run this version of ComboFix:

http://tinyurl.com/ycc4ls4

Ensure that all protection programs are disabled before proceeding, and be sure to install the Recovery Console when prompted to.

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.