Jump to content

Infected, what now?


Recommended Posts

I'm following instructions for what to do when infected. I've scanned with MBAM. Cleaned a lot of it up. Periodically something is still trying to access ip's in China, which realtime MBAM is catching.

I also scanned with the latest Avast, AVG, and Avira. Still having the problem.

Ran DeFogger, got error here's the log:

> > >

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 20:16 on 27/03/2010 (kbgannon)

Checking for autostart values...

HKCU\~\Run values retrieved.

Unable to open HKLM\~\Run key (5)

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

< < <

Please advise. Thanks in advance for your help!

Link to post
Share on other sites

Hello kgan! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install any software or hardware, while work on.

Please follow the instructions on this topic:

http://forums.malwarebytes.org/index.php?showtopic=9573

Finally, post the log files from the GMER and DDS.

Link to post
Share on other sites

Hello kgan! Welcome to MalwareBytes' Anti-Malware Forums!

Please follow the instructions on this topic:

http://forums.malwarebytes.org/index.php?showtopic=9573

Finally, post the log files from the GMER and DDS.

Borislav, thanks for your assisance.

Following the directions.

I ran Defogger. It said there was an error... here's the disable log:

>>> defogger_disable by jpshortstuff (23.02.10.1)

Log created at 09:57 on 28/03/2010 (kbgannon)

Checking for autostart values...

HKCU\~\Run values retrieved.

Unable to open HKLM\~\Run key (5)

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-<<<

Should I continue with the steps and disregard this error message? please advise. Thank you.

Link to post
Share on other sites

Yes, please another logs.

DDS report:

DDS (Ver_10-03-17.01) - NTFSx86

Run by kbgannon at 11:30:56.26 on Sun 03/28/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2272 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\Program Files\Jetico\BCWipe\BCWipeTM.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\PROGRA~1\Jetico\BCWipe\BCResident.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Dell Support Center\gs_agent\dsc.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\eFax Messenger 4.4\J2GTray.exe

C:\Program Files\Jetico\BCWipe\BCWipeTM.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\kbgannon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.thenetcorp.com/

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6090103

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

mDefault_Page_URL = hxxp://www.dell.com

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.dell.com

mSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6090103

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R

mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [bCWipeTM Startup] "c:\program files\jetico\bcwipe\BCWipeTM.exe" startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08dd -f video -m logitech -d 10.5.1.2023

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231551165721

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247414650859

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kbgannon\applic~1\mozilla\firefox\profiles\jzizd25n.default\

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-26 64160]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-27 11608]

R1 fsh;fsh;c:\windows\system32\drivers\fsh.sys [2009-7-24 39360]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-27 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-27 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-27 60936]

R2 BCWipeSvc;BCWipe service;c:\program files\jetico\bcwipe\BCWipeSvc.exe [2009-12-24 95544]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-6 236368]

R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2009-12-16 265728]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-6 19160]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-1-3 51288]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-1-3 43608]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]

S3 getPlus® Installer;getPlus® Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-19 59552]

S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-2-17 20096]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\wn111v2.sys --> c:\windows\system32\drivers\WN111v2.sys [?]

S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [2009-7-24 91496]

=============== Created Last 30 ================

2010-03-28 15:19:40 0 ----a-w- c:\documents and settings\kbgannon\defogger_reenable

2010-03-27 18:45:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf

2010-03-27 13:51:49 0 d-----w- c:\windows\system32\NtmsData

2010-03-27 13:51:01 0 d-----w- c:\docume~1\kbgannon\applic~1\Avira

2010-03-27 13:46:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-03-27 13:46:30 0 d-----w- c:\program files\Avira

2010-03-27 13:46:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-03-27 01:56:50 0 d-----w- c:\program files\AVG

2010-03-26 12:57:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-03-26 04:01:04 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-03-26 04:01:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-03-10 15:10:58 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-04 15:48:21 0 d-----w- c:\docume~1\kbgannon\applic~1\Foxit Software

==================== Find3M ====================

2010-03-28 01:46:17 56959 ----a-w- c:\windows\system32\nvModes.dat

2010-03-08 14:41:48 220112 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2010-03-01 17:24:31 15688 ----a-w- c:\windows\system32\lsdelete.exe

2010-02-17 16:31:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-02-17 16:31:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_PulseUsb_01007.Wdf

2010-02-17 16:28:44 32648 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2010-02-10 15:13:31 77377 ----a-w- c:\windows\hpqins05.dat

2010-01-12 09:35:48 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2010-01-12 09:35:44 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

============= FINISH: 11:31:49.04 ===============

Attach.zip

Link to post
Share on other sites

>>> begin MBAM log <<<

Malwarebytes' Anti-Malware 1.44

Database version: 3915

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

3/27/2010 4:51:31 PM

mbam-log-2010-03-27 (16-51-31).txt

Scan type: Quick Scan

Objects scanned: 140260

Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

>>> end MBAM log <<<

>>> begin protection log <<<

11:08:11 kbgannon MESSAGE Protection started successfully

11:08:23 kbgannon MESSAGE IP Protection started successfully

11:18:24 kbgannon MESSAGE Protection started successfully

11:18:28 kbgannon MESSAGE IP Protection started successfully

11:21:41 kbgannon IP-BLOCK 78.159.112.215

11:21:43 kbgannon IP-BLOCK 78.159.112.215

11:21:47 kbgannon IP-BLOCK 78.159.112.215

11:29:15 kbgannon MESSAGE Protection started successfully

11:29:21 kbgannon MESSAGE IP Protection started successfully

12:01:37 kbgannon MESSAGE Protection started successfully

12:01:45 kbgannon MESSAGE IP Protection started successfully

16:22:07 kbgannon MESSAGE Protection started successfully

16:22:16 kbgannon MESSAGE IP Protection started successfully

17:09:06 kbgannon MESSAGE Protection started successfully

17:09:14 kbgannon MESSAGE IP Protection started successfully

17:12:38 kbgannon MESSAGE Protection started successfully

17:12:48 kbgannon MESSAGE IP Protection started successfully

17:34:04 kbgannon MESSAGE Protection started successfully

17:34:11 kbgannon MESSAGE IP Protection started successfully

17:37:43 kbgannon IP-BLOCK 78.159.112.215

17:37:45 kbgannon IP-BLOCK 78.159.112.215

17:37:49 kbgannon IP-BLOCK 78.159.112.215

21:08:10 kbgannon MESSAGE Protection started successfully

21:08:15 kbgannon MESSAGE IP Protection started successfully

21:16:03 kbgannon MESSAGE Protection started successfully

21:16:12 kbgannon MESSAGE IP Protection started successfully

21:23:51 kbgannon MESSAGE Protection started successfully

21:23:57 kbgannon MESSAGE IP Protection started successfully

21:38:10 kbgannon MESSAGE Protection started successfully

21:38:23 kbgannon MESSAGE IP Protection started successfully

>>> end protection log <<<

Thanks for helping!

Link to post
Share on other sites

Current version of database is 3925 , so pease:

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Current version of database is 3925 , so pease:

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Malwarebytes' Anti-Malware 1.44

Database version: 3926

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

3/29/2010 9:10:02 AM

mbam-log-2010-03-29 (09-10-02).txt

Scan type: Quick Scan

Objects scanned: 155785

Time elapsed: 10 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.