Jump to content

Request for support ASAP please???


pgill

Recommended Posts

Hi, I am a newbie and my laptop is suffering from the Internet Security Suite problem and I cannot do anything with it.

I download Malware and ran it in safe mode following the instruction son here and it returned a report with the following. Can someone please help as I am desperate to get this sorted as soon as possible.

Thanks in advance.

ComboFix 10-11-25.06 - Administrator 26/11/2010 23:49:52.1.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1527.1250 [GMT 0:00]

Running from: e:\spyware progs\Combo-Fix.exe

AV: Internet Security Suite *On-access scanning enabled* (Updated) {748DA693-7C28-427C-95D4-5E2185FF19CC}

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Internet Security Suite *enabled* {E6DD6697-E12C-4BB3-8492-ED05C27832B5}

FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\04fa4d

c:\documents and settings\All Users\Application Data\04fa4d\04fa4d1083bc35ce076095a2ef0c5cc8.ocx

c:\documents and settings\All Users\Application Data\04fa4d\35.mof

c:\documents and settings\All Users\Application Data\04fa4d\8bbab484c6b686bb95ad0710e5fadf9d.ocx

c:\documents and settings\All Users\Application Data\04fa4d\9aaaf355c238ee3d77c44fb1d1759849.ocx

c:\documents and settings\All Users\Application Data\04fa4d\9f0256460b2938a3453fa5f80ba5d0f3.ocx

c:\documents and settings\All Users\Application Data\04fa4d\a6a41fc50897b4cc67f9194453291582.ocx

c:\documents and settings\All Users\Application Data\04fa4d\BackUp\Bluetooth.lnk

c:\documents and settings\All Users\Application Data\04fa4d\BackUp\DVD Check.lnk

c:\documents and settings\All Users\Application Data\04fa4d\BackUp\McAfee Security Scan Plus.lnk

c:\documents and settings\All Users\Application Data\04fa4d\d278274b822a51cc001a7a3598c81028.ocx

c:\documents and settings\All Users\Application Data\04fa4d\IS04f_2211.exe

c:\documents and settings\All Users\Application Data\04fa4d\ISS.ico

c:\documents and settings\All Users\Application Data\04fa4d\mozcrt19.dll

c:\documents and settings\All Users\Application Data\04fa4d\sqlite3.dll

c:\documents and settings\All Users\Application Data\04fa4d\wrv1u8z6hsas6avhgdghgk.dll

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.j+|Cv+@J:NGD_DQ{zcxLJS@0

.

((((((((((((((((((((((((( Files Created from 2010-10-26 to 2010-11-26 )))))))))))))))))))))))))))))))

.

2010-11-26 18:14 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 18:14 . 2010-11-26 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-26 18:14 . 2010-11-26 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-26 18:14 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 18:05 . 2010-11-26 20:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-11-26 18:02 . 2010-11-26 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-11-25 22:29 . 2010-11-25 22:35 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-25 22:29 . 2010-11-25 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-11-25 19:34 . 2010-11-25 19:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\ISFQWYULAES

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-03 08:53 . 2009-01-23 14:34 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 184320]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-02 115560]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2010-06-30 5143904]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"CardDetectorZTEMF636"="c:\program files\CardDetector\ZTEMF636\CardDetector.exe" [2008-09-25 274432]

"BEWINTERNET-UKSessionManager"="c:\program files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe" [2008-10-24 131824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-11-23 184320]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1593300831-779023518-3910537989-1528\Scripts\Logon\0\0]

"Script"=\\m2digital.co.uk\NETLOGON\scripts\eMailSignature.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1593300831-779023518-3910537989-1528\Scripts\Logon\1\0]

"Script"=\\M2-man-dc01\NETLOGON\scripts\manchester user.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\OrangeBS\\BEWInternetUK\\Connectivity\\ConnectivityManager.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [03/10/2010 22:43 59240]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/11/2007 15:13 685816]

S1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [03/10/2010 22:54 34792]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 22:43 169320]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/02/2010 17:23 135664]

S2 HealthService;System Center Management;c:\program files\System Center Operations Manager 2007\HealthService.exe [08/05/2009 20:28 27008]

S2 HPM1319RcvFaxSrvc;HP M1319 Receive Fax Service;c:\program files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe [27/03/2008 14:24 348160]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/10/2010 22:43 767208]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [23/01/2009 14:34 23888]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/10/2010 16:01 102448]

S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [26/02/2008 15:22 88192]

S3 HP1319EWS;HP1319EWS;c:\windows\system32\drivers\HP1319EWS.sys [03/08/2009 11:10 12800]

S3 HP1319FAX;HP1319MFP FAX;c:\windows\system32\drivers\HP1319FAX.sys [03/08/2009 11:10 13824]

S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [17/07/2007 01:24 35072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]

S3 PcCGoCls;PcCGoCls;c:\windows\system32\drivers\Pccgocls.sys [26/11/2007 15:15 23712]

S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]

S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [27/04/2010 21:47 103936]

S4 AdtAgent;Operations Manager Audit Forwarding Service;c:\windows\system32\AdtAgent.exe [08/05/2009 20:35 269696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:23]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 17:23]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://cerberus.m2digital.co.uk/dana-cached/sc/JuniperSetupClient.cab

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus

AddRemove-uCertify M70-680 - c:\program files\uCertify\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-26 23:58

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Y??????(?@???????@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4003509843-3595037484-3803056600-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,f0,93,ad,06,f9,21,49,8a,8d,42,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,f0,93,ad,06,f9,21,49,8a,8d,42,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@DACL=(02 0011)

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

@DACL=(02 0011)

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@DACL=(02 0011)

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@DACL=(02 0011)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@DACL=(02 0011)

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@DACL=(02 0011)

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@DACL=(02 0011)

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-11-27 00:01:01

ComboFix-quarantined-files.txt 2010-11-27 00:00

Pre-Run: 8,205,766,656 bytes free

Post-Run: 8,383,324,160 bytes free

- - End Of File - - B36C680414C367F2AA51E1D6CF1D960B

Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs, use "copy/paste".

  • Please download Malwarebytes' Anti-Malware from here
    If you are unable to do this from the infected computer directly, transfer the file from another computer.
  • Download the mbam-setup.exe to your desktop.
  • Now make sure extensions are shown. To do this, please look here
  • Then rename the mbam-setup.exe: mbamsetupexe.png to explorer.exe: mbamsetupexplorer.png
  • Then launch explorer.exe in order to install Malwarebytes' Anti-malware
  • Once Malwarebytes' Anti-Malware is installed, navigate to your Program Files\Malwarebytes' Anti-Malware folder and locate the mbam.exe in there:
    mbamexe.png
    rename it to iexplore.exe:
    rename.png
  • Now doubleclick iexplore.exe to launch Malwarebytes' Anti-malware.
  • Click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart, so please allow MBAM to restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Please don't attach the scans / logs, use "copy/paste".

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.