Jump to content

Recommended Posts

I ran Malwarebytes and it removed the xp home security virus. However, the pc now has some issues in that if I download ant executable software and try to run the xxx.exe files, it cannot find the file. Here is the log from my run of Malwarebytes.

What can I do next?

Tx,

Bito

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTBROWSE_SERVICE (Adware.QuestBrowse) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestBrowse Service (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Vito\Local Settings\Application Data\wds.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Vito\Local Settings\Application Data\wds.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Vito\Local Settings\Application Data\wds.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0} (Adware.QuestBrowse) -> Delete on reboot.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome (Adware.QuestBrowse) -> Delete on reboot.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\documents and settings\all users\application data\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\Vito\application data\Sun\Java\deployment\cache\6.0\38\72a57626-7b5460a9 (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Vito\local settings\application data\wds.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Vito\local settings\Temp\icreinstall\pdfconvertersetup(2).exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Vito\local settings\Temp\icreinstall\pdfconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Vito\local settings\Temp\is1972027439\yontoosetup-dropdowndeals-silentinstaller.exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Vito\my documents\downloads\aviconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Vito\my documents\downloads\pdfconvertersetup(2).exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Vito\my documents\downloads\pdfconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

c:\program files\questbrwsearch\questbrwsearch.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.

c:\program files\questbrwsearch\uninstall.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP737\A0376518.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP737\A0377429.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP737\A0377430.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP779\A0385673.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP782\A0385871.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP782\A0385872.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP782\A0385873.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP785\A0386068.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP787\A0386129.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP791\A0386284.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP791\A0386285.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP791\A0387274.dll (Adware.Agent.Gen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\RP791\A0387275.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome.manifest (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\install.rdf (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\extensions\{d9adb0a8-7bfb-498d-9880-ee78a81ccfa0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Here is the output from the Quick Scan. Please not that this was run in Safe Mode/Administrator

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6321

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18702

4/9/2011 11:11:42 PM

mbam-log-2011-04-09 (23-11-42).txt

Scan type: Quick scan

Objects scanned: 195845

Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And here are the log from the DDS:

1)

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Administrator at 23:12:49.53 on Sat 04/09/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1497 [GMT -4:00]

.

FW: McAfee Personal Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll

BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll

TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [siteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe

mRun: [HostManager] c:\program files\common files\aol\1182480163\ee\AOLSoftware.exe

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [DMXLauncher] "c:\program files\sonic\product\media experience\DMXLauncher.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\automa~1.lnk - c:\program files\inetprn\INETPRN1.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~2.lnk - c:\program files\palm\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\handspring\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imaget~1.lnk - c:\program files\sony corporation\image transfer\SonyTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: musicmatch.com\online

DPF: MCodeViewerCab - hxxp://www.connexto.com/OCX/MCodeViewerCab02.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

LSA: Notification Packages = scecli scecli

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\r06kryiq.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll

FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-9 214664]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-8-16 14336]

S2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 135664]

S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-9 359952]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-9 144704]

S2 Wusage;Wusage;c:\program files\wusage8\wusages.exe [2008-3-28 5285472]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-5-28 30192]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-9 606736]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-9 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-9 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-9 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-9 40552]

.

=============== File Associations ===============

.

.txt=

.

=============== Created Last 30 ================

.

2011-04-10 01:44:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Citrix

2011-04-09 21:21:57 -------- d-----w- c:\docume~1\admini~1\applic~1\SiteAdvisor

2011-04-09 21:21:38 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla

2011-04-08 13:34:36 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE

2011-04-08 13:11:43 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2011-04-08 13:11:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-08 13:11:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-08 13:11:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-08 13:11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-08 13:10:59 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

2011-04-05 06:25:26 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{904ecd1e-d1f1-423d-a036-53c8ebccf6ef}\mpengine.dll

2011-03-28 01:52:34 -------- d-----w- c:\program files\Yontoo Layers

2011-03-28 01:52:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer

2011-03-28 01:45:09 98304 ----a-w- c:\windows\system32\redmonnt.dll

2011-03-28 01:43:18 -------- d-----w- c:\program files\FoxTabPDFConverter

2011-03-22 20:17:46 -------- dc-h--w- c:\windows\ie8

2011-03-22 19:46:04 -------- d-----w- c:\program files\Plus! Image

.

==================== Find3M ====================

.

2011-02-09 18:53:31 256 ----a-w- c:\windows\system32\pool.bin

2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2006-06-01 21:39:20 774144 ----a-w- c:\program files\RngInterstitial.dll

.

============= FINISH: 23:13:36.31 ===============

Log 2:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/1/2006 11:34:58 AM

System Uptime: 4/9/2011 10:56:21 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0FJ030

Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 144 GiB total, 19.713 GiB free.

D: is CDROM (UDF)

E: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP692: 1/11/2011 3:00:21 AM - Software Distribution Service 3.0

RP693: 1/12/2011 3:00:23 AM - Software Distribution Service 3.0

RP694: 1/13/2011 3:00:18 AM - Software Distribution Service 3.0

RP695: 1/15/2011 3:03:27 AM - Software Distribution Service 3.0

RP696: 1/16/2011 3:00:21 AM - Software Distribution Service 3.0

RP697: 1/18/2011 3:00:33 AM - Software Distribution Service 3.0

RP698: 1/19/2011 3:00:23 AM - Software Distribution Service 3.0

RP699: 1/20/2011 3:00:36 AM - Software Distribution Service 3.0

RP700: 1/21/2011 3:00:21 AM - Software Distribution Service 3.0

RP701: 1/22/2011 3:03:09 AM - Software Distribution Service 3.0

RP702: 1/23/2011 5:29:52 PM - System Checkpoint

RP703: 1/24/2011 3:00:23 AM - Software Distribution Service 3.0

RP704: 1/25/2011 3:00:52 AM - Software Distribution Service 3.0

RP705: 1/26/2011 3:00:27 AM - Software Distribution Service 3.0

RP706: 1/28/2011 3:00:20 AM - Software Distribution Service 3.0

RP707: 1/29/2011 3:00:27 AM - Software Distribution Service 3.0

RP708: 1/30/2011 3:00:17 AM - Software Distribution Service 3.0

RP709: 2/1/2011 3:00:33 AM - Software Distribution Service 3.0

RP710: 2/2/2011 3:00:22 AM - Software Distribution Service 3.0

RP711: 2/3/2011 3:50:37 PM - System Checkpoint

RP712: 2/4/2011 3:00:18 AM - Software Distribution Service 3.0

RP713: 2/5/2011 3:00:22 AM - Software Distribution Service 3.0

RP714: 2/6/2011 3:00:28 AM - Software Distribution Service 3.0

RP715: 2/7/2011 3:00:56 AM - Software Distribution Service 3.0

RP716: 2/8/2011 3:00:19 AM - Software Distribution Service 3.0

RP717: 2/9/2011 3:00:49 AM - Software Distribution Service 3.0

RP718: 2/9/2011 8:23:28 PM - Removed Adobe

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

MBAM Sentinel... any ideas as to what I need to do next?

I did what you asked me to do.

Tx,

Bito

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay. I wasn't notified of your reply.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Not a problem and thanks for getting back to me.

I performed the steps that you indicated and I have attached the logs with the results.

The machine seems to be working much better already.

Please let me know if there are any next steps.

Tx,

Bito

Hi,

My apologies for the delay. I wasn't notified of your reply.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Combofix Log4-13.txt

DDS-log.txt

Attach-log.txt

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Attached please find the logs from the operations that you indicated. The PC now appears to be running fine. Could it be that now it is clean or do I still need to do some other operation?

If we are done, I thanks you very very much!

Please let me know.

Tx,

Bito

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

ESET Log.txt

checkup-log.txt

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java 6 Update 22

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java 2 Runtime Environment, SE v1.4.2_03

Adobe Reader 9.3.3

Restart your computer.

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don

Link to post
Share on other sites

Hi,

Navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java 6 Update 22

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java 2 Runtime Environment, SE v1.4.2_03

Adobe Reader 9.3.3

Restart your computer.

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don

Link to post
Share on other sites

Hi,

I highly recommend the PRO version of MBAM.

Actually, run Securitycheck again, and post its log please.

Here is the log:

Results of screen317's Security Check version 0.99.10

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

McAfee Security Scan Plus

McAfee Uninstaller

McAfee SecurityCenter

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 24

Adobe Flash Player 10.2.153.1

Adobe Reader X (10.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

McAfee VIRUSS~1 mcshield.exe

McAfee VIRUSS~1 mcsysmon.exe

Windows Defender MsMpEng.exe

``````````End of Log````````````

Can you post a link to MBAM Pro? I only see a product on your site for $24.99

Tx,

Bito

Link to post
Share on other sites

  • Staff

Hi.

Can you post a link to MBAM Pro? I only see a product on your site for $24.99

That is the PRO version (a lifetime license for $24.99).

Before you do that though, it is absolutely essential that you upgrade to Windows XP Service Pack 3. Service Pack 2, which is what you currently have, has vulnerabilities that leave you wide open for re-infection. To upgrade, please visit Windows Update and download all critical updates.

Let me know if the update was successful.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.