Jump to content

Recommended Posts

I have followed the instruction about malware removal. below i sthe dds.txt file and i have attached the other files plus my latest log. Thanks for any help you can give.

ps I have included 2 logs as I ran a quick scan after the full scan which found a number of trojans

DDS (Ver_09-12-01.01) - NTFSX64

Run by Norman at 22:31:45.12 on 16/02/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.4091.2600 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

c:\PROGRA~2\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\hh.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Norman\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank

mLocal Page = c:\windows\syswow64\blank.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~2\mcafee\viruss~1\scriptsn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "c:\program files (x86)\roxio\roxio burn\RoxioBurnLauncher.exe"

mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey

mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"

mRunOnce: [sTToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe

StartupFolder: c:\users\norman\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun-x64: [iAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe

mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\norman\appdata\roaming\mozilla\firefox\profiles\d6d45sl2.default\

FF - prefs.js: browser.startup.homepage -

FF - plugin: c:\program files (x86)\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll

FF - plugin: c:\users\norman\appdata\roaming\facebook\npfbplugin_1_0_1.dll

FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-12-24 55280]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-12-24 308296]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-24 203264]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]

R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\McProxy.exe [2010-1-5 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-5 155456]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2009-12-24 23912]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-12-24 172704]

R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-1-5 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-24 102472]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-24 49480]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-12-24 5435904]

R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdgx64.sys [2009-12-24 69152]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-24 215040]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-24 41032]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-24 40904]

=============== Created Last 30 ================

2010-02-16 22:30:49 0 ----a-w- c:\users\norman\defogger_reenable

2010-02-16 22:03:59 0 d-----w- c:\windows\McAfee.com

2010-02-16 21:52:02 0 d-----w- c:\users\norman\appdata\roaming\McAfee

2010-02-15 23:06:03 0 d-----w- c:\users\norman\appdata\roaming\Facebook

2010-02-14 22:46:07 0 d-----w- c:\users\norman\appdata\roaming\Malwarebytes

2010-02-14 22:46:00 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-14 22:46:00 0 d-----w- c:\programdata\Malwarebytes

2010-02-14 22:46:00 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-02-09 20:37:08 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-02-09 20:37:08 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-06 23:01:20 12872 ----a-w- c:\windows\system32\bootdelete.exe

2010-02-06 22:56:08 19016 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-02-06 22:55:52 0 d-----w- c:\programdata\Hitman Pro

2010-02-06 22:55:51 0 d-----w- c:\program files\Hitman Pro 3.5

2010-02-06 22:55:04 0 d-----w- c:\program files (x86)\Hitman Pro 3.5

2010-02-06 00:10:24 0 d-----w- c:\programdata\Apple

2010-01-30 19:35:04 0 d-----w- c:\users\norman\appdata\roaming\LegalSounds

2010-01-30 19:35:01 0 d-----w- c:\program files (x86)\LegalSounds

2010-01-26 22:05:40 389632 ----a-w- c:\windows\system32\winlogon.exe

2010-01-26 22:05:40 2870272 ----a-w- c:\windows\explorer.exe

2010-01-26 22:05:40 2614272 ----a-w- c:\windows\syswow64\explorer.exe

2010-01-21 21:44:21 5961728 ----a-w- c:\windows\syswow64\mshtml.dll

2010-01-21 21:44:20 10976768 ----a-w- c:\windows\syswow64\ieframe.dll

2010-01-21 21:44:19 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-01-21 21:44:19 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-01-21 21:44:19 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-01-21 21:44:19 1224704 ----a-w- c:\windows\syswow64\urlmon.dll

2010-01-21 21:44:19 1192960 ----a-w- c:\windows\system32\wininet.dll

==================== Find3M ====================

2010-01-14 23:16:34 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-01-07 17:43:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2009-12-24 10:30:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf

2009-12-24 10:13:27 3324 ----a-w- c:\windows\system32\drivers\1028_Dell_STU_1745.mrk

2009-12-24 08:36:27 455680 ----a-w- c:\windows\system32\deploytk.dll

2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll

2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll

2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll

2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll

2009-12-19 09:02:52 12288 ----a-w- c:\windows\syswow64\tsbyuv.dll

2009-12-19 09:02:48 1328640 ----a-w- c:\windows\syswow64\quartz.dll

2009-12-19 09:02:46 22016 ----a-w- c:\windows\syswow64\msyuv.dll

2009-12-19 09:02:45 31744 ----a-w- c:\windows\syswow64\msvidc32.dll

2009-12-19 09:02:45 13312 ----a-w- c:\windows\syswow64\msrle32.dll

2009-12-19 09:02:40 84480 ----a-w- c:\windows\syswow64\mciavi32.dll

2009-12-19 09:02:39 50176 ----a-w- c:\windows\syswow64\iyuv_32.dll

2009-12-19 09:02:01 91648 ----a-w- c:\windows\syswow64\avifil32.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:32:30.88 ===============

ark.zip

mbam_log_2010_02_14__23_37_17_.txt

2mbam_log_2010_02_14__23_49_29_.txt

Link to post
Share on other sites

Hey Normanb9,

Welcome to Malwarebytes! I'm Ltangelic and I'll be helping you fix your computer problem.

Before we proceed, here are some things that you can take note of so that the cleaning up process will be more smooth and efficient. Do not worry, the points below are not any form of rules, it's just a few pointers that can ensure that you will get the best help from me. :P

  • To ensure that you are informed of the latest replies to your thread, you may like to right click on Options at the top right hand corner of this page and select "Subscribe to this forum". That way, you will be notified via email when a reply was posted to your thread.
  • If you have any doubts or uncertainty about any part of my instructions, feel free to post on here and ask me about them.
  • Please do NOT attempt to run any tools or do any fixing on your own unless I tell you to, this will avoid any confusion that can occur during the cleaning process. Furthermore, fixing malware problems without sufficient knowledge can be dangerous at times and you can mess up your own computer without knowing.
  • Please do not PM me for malware removal assistance, any request for malware removal assistance should be posted in this thread only. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here. :lol:
  • Please do not start multiple topics (especially when you are already being assisted by an authorised staff). All staff are volunteers on here, starting multiple topics will waste the limited resource of manpower we have here at Malwarebytes, and this can further hinder our ability to assist other users. Please be considerate and stick to one thread.

I'm looking at your log now and will be back with a fix soon. Thanks for your patience and understanding. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.