Jump to content

Recommended Posts

Seems like I have a dirty virus. Can't run SmitFraudFix. Can't install or run Malwarebytes, even after running rkill.exe. Superantispyware doesn't find anything. Any help would be greatly appreciated!

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Administrator at 21:22:03.01 on Sat 04/02/2011

Internet Explorer: 8.0.6001.18702

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cnn.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

mRun: [Parallels Shared Internet Applications] "c:\program files\parallels\parallels tools\sia\SharedIntApp.exe" /start

mRun: [Parallels Tools Center] "c:\program files\parallels\parallels tools\prl_cc.exe"

mRun: [NWEReboot]

mRun: [<NO NAME>]

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [HostManager] c:\program files\common files\aol\1292570922\ee\AOLSoftware.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

uPolicies-explorer: NoSimpleNetIDList = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\uan3mzak.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 21:23:13.90 ===============

ark.log

Attach.txt

Link to post
Share on other sites

Hello and :welcome:

Your DDS log looks like some windows components are not working correctly.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

It looks like we might be dealing with a file infector here. If that is the case unfortunately a complete reformat is the only way out. However, I'd first like to confirm that.

UPLOAD A FILE

--------------------

We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

c:\windows\system32\srsvc.dll

c:\windows\system32\w32time.dll

c:\windows\system32\wiaservc.dll

If you get the message that the file has already been scanned before, please click Reanalyse file now.

Please post back the results of the scan in your next post.

Link to post
Share on other sites

For srsvc.dll

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: srsvc.dll

Submission date: 2011-04-05 17:04:18 (UTC)

Current status: queued (#11) queued analysing finished

Result: 0/ 42 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.04.06.01 2011.04.05 -

AntiVir 7.11.5.197 2011.04.05 -

Antiy-AVL 2.0.3.7 2011.04.05 -

Avast 4.8.1351.0 2011.04.05 -

Avast5 5.0.677.0 2011.04.05 -

AVG 10.0.0.1190 2011.04.05 -

BitDefender 7.2 2011.04.05 -

CAT-QuickHeal 11.00 2011.04.05 -

ClamAV 0.97.0.0 2011.04.05 -

Commtouch 5.2.11.5 2011.03.24 -

Comodo 8230 2011.04.05 -

DrWeb 5.0.2.03300 2011.04.05 -

Emsisoft 5.1.0.5 2011.04.05 -

eSafe 7.0.17.0 2011.04.05 -

eTrust-Vet None 2011.04.05 -

F-Prot 4.6.2.117 2011.04.05 -

F-Secure 9.0.16440.0 2011.04.05 -

Fortinet 4.2.254.0 2011.04.05 -

GData 22 2011.04.05 -

Ikarus T3.1.1.103.0 2011.04.05 -

Jiangmin 13.0.900 2011.03.31 -

K7AntiVirus 9.96.4303 2011.04.05 -

Kaspersky 7.0.0.125 2011.04.05 -

McAfee 5.400.0.1158 2011.04.05 -

McAfee-GW-Edition 2010.1C 2011.04.05 -

Microsoft 1.6702 2011.04.05 -

NOD32 6017 2011.04.05 -

Norman 6.07.07 2011.04.05 -

Panda 10.0.3.5 2011.04.05 -

PCTools 7.0.3.5 2011.04.04 -

Prevx 3.0 2011.04.05 -

Rising 23.51.05.05 2011.04.02 -

Sophos 4.64.0 2011.04.05 -

SUPERAntiSpyware 4.40.0.1006 2011.04.05 -

Symantec 20101.3.2.89 2011.04.05 -

TheHacker 6.7.0.1.167 2011.04.05 -

TrendMicro 9.200.0.1012 2011.04.05 -

TrendMicro-HouseCall 9.200.0.1012 2011.04.05 -

VBA32 3.12.14.3 2011.04.05 -

VIPRE 8926 2011.04.05 -

ViRobot 2011.4.5.4394 2011.04.05 -

VirusBuster 13.6.288.0 2011.04.05 -

Additional informationShow all

MD5 : 3805df0ac4296a34ba4bf93b346cc378

SHA1 : 09746dbe84432ba54c6dc0b363ba716331c10975

SHA256: b57a14f1b7b0997e619ddd62b73157aa2399a9852166fb58139cbb358a88f6f3

Link to post
Share on other sites

For w32time.dll

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: w32time.dll

Submission date: 2011-04-05 17:22:07 (UTC)

Current status: queued queued (#3) analysing finished

Result: 0/ 42 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.04.06.01 2011.04.05 -

AntiVir 7.11.5.197 2011.04.05 -

Antiy-AVL 2.0.3.7 2011.04.05 -

Avast 4.8.1351.0 2011.04.05 -

Avast5 5.0.677.0 2011.04.05 -

AVG 10.0.0.1190 2011.04.05 -

BitDefender 7.2 2011.04.05 -

CAT-QuickHeal 11.00 2011.04.05 -

ClamAV 0.97.0.0 2011.04.05 -

Commtouch 5.2.11.5 2011.03.24 -

Comodo 8230 2011.04.05 -

DrWeb 5.0.2.03300 2011.04.05 -

Emsisoft 5.1.0.5 2011.04.05 -

eSafe 7.0.17.0 2011.04.05 -

eTrust-Vet 36.1.8254 2011.04.05 -

F-Prot 4.6.2.117 2011.04.05 -

F-Secure 9.0.16440.0 2011.04.05 -

Fortinet 4.2.254.0 2011.04.05 -

GData 22 2011.04.05 -

Ikarus T3.1.1.103.0 2011.04.05 -

Jiangmin 13.0.900 2011.03.31 -

K7AntiVirus 9.96.4303 2011.04.05 -

Kaspersky 7.0.0.125 2011.04.05 -

McAfee 5.400.0.1158 2011.04.05 -

McAfee-GW-Edition 2010.1C 2011.04.05 -

Microsoft 1.6702 2011.04.05 -

NOD32 6017 2011.04.05 -

Norman 6.07.07 2011.04.05 -

Panda 10.0.3.5 2011.04.05 -

PCTools 7.0.3.5 2011.04.04 -

Prevx 3.0 2011.04.05 -

Rising 23.51.05.05 2011.04.02 -

Sophos 4.64.0 2011.04.05 -

SUPERAntiSpyware 4.40.0.1006 2011.04.05 -

Symantec 20101.3.2.89 2011.04.05 -

TheHacker 6.7.0.1.167 2011.04.05 -

TrendMicro 9.200.0.1012 2011.04.05 -

TrendMicro-HouseCall 9.200.0.1012 2011.04.05 -

VBA32 3.12.14.3 2011.04.05 -

VIPRE 8926 2011.04.05 -

ViRobot 2011.4.5.4394 2011.04.05 -

VirusBuster 13.6.288.0 2011.04.05 -

Additional informationShow all

MD5 : 54af4b1d5459500ef0937f6d33b1914f

SHA1 : fcfc8c04b5c33c149eb9126d7fb5291e79247b2e

SHA256: fa1876888bcb9c72a92369dbed4ff1a8666784523fb41e618fa0919490fcddb9

Link to post
Share on other sites

For wiaservc.dll

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: wiaservc.dll

Submission date: 2011-04-05 17:27:07 (UTC)

Current status: queued queued (#5) analysing finished

Result: 0/ 40 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.04.06.01 2011.04.05 -

AntiVir 7.11.5.197 2011.04.05 -

Antiy-AVL 2.0.3.7 2011.04.05 -

Avast 4.8.1351.0 2011.04.05 -

Avast5 5.0.677.0 2011.04.05 -

AVG 10.0.0.1190 2011.04.05 -

BitDefender 7.2 2011.04.05 -

CAT-QuickHeal 11.00 2011.04.05 -

ClamAV 0.97.0.0 2011.04.05 -

Commtouch 5.2.11.5 2011.03.24 -

Comodo 8230 2011.04.05 -

DrWeb 5.0.2.03300 2011.04.05 -

eSafe 7.0.17.0 2011.04.05 -

eTrust-Vet 36.1.8254 2011.04.05 -

F-Prot 4.6.2.117 2011.04.05 -

F-Secure 9.0.16440.0 2011.04.05 -

Fortinet 4.2.254.0 2011.04.05 -

GData 22 2011.04.05 -

Ikarus T3.1.1.103.0 2011.04.05 -

Jiangmin 13.0.900 2011.03.31 -

K7AntiVirus 9.96.4303 2011.04.05 -

McAfee 5.400.0.1158 2011.04.05 -

McAfee-GW-Edition 2010.1C 2011.04.05 -

Microsoft 1.6702 2011.04.05 -

NOD32 6017 2011.04.05 -

Norman 6.07.07 2011.04.05 -

Panda 10.0.3.5 2011.04.05 -

PCTools 7.0.3.5 2011.04.04 -

Prevx 3.0 2011.04.05 -

Rising 23.51.05.05 2011.04.02 -

Sophos 4.64.0 2011.04.05 -

SUPERAntiSpyware 4.40.0.1006 2011.04.05 -

Symantec 20101.3.2.89 2011.04.05 -

TheHacker 6.7.0.1.167 2011.04.05 -

TrendMicro 9.200.0.1012 2011.04.05 -

TrendMicro-HouseCall 9.200.0.1012 2011.04.05 -

VBA32 3.12.14.3 2011.04.05 -

VIPRE 8926 2011.04.05 -

ViRobot 2011.4.5.4394 2011.04.05 -

VirusBuster 13.6.288.0 2011.04.05 -

Additional informationShow all

MD5 : 8bad69cbac032d4bbacfce0306174c30

SHA1 : 931d552f15f4fcf94b006ad82708fab817370ad3

SHA256: 2aa0da710fcbff38fe8da91ee02e7a4503269347e61f8d3246fca3384bba2305

Link to post
Share on other sites

That looks good, no infections there.

Please run the following tool, then rerun combofix and post me the new log. Note that this tool might throw a bunch of errors; it is quite old and some components are not entirely compatible anymore. However, it ought to do the job.

  • Please download Dial-A-Fix from one of the following mirrors:

    [*]Extract the zip file to your desktop.

    [*]Double click Dial-a-Fix.exe to start the program. Note - you might see an error message regarding Internet Explorer. Just ignore this and continue.

    [*]Press the green double checkmark box (Looks like this: checkmark.png)

    [*]UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

    toUncheck.png

    mainWindow.png

    [*]Click on go

    [*]Exit/Close Dial-A-Fix

Link to post
Share on other sites

Hi Elise,

When I try to run that program, I get the following error: The application failed to initialize properly (Oxc0000033). Click on OK to terminate the application which is the same error I get when trying to open Malwarebytes. I'm assuming that error is tied to the virus I have on the computer. Thank you so much for your help.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.