Jump to content

You will be a life saver if you can help....


Recommended Posts

Im infected. I tried running several things including doing system restores prior to finding this program. Hope I didn't screw anything up. Please let me know what I should do next. Here are the logs. If I didn't do something right, please let me know....

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6814

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

6/9/2011 7:24:23 AM

mbam-log-2011-06-09 (07-24-23).txt

Scan type: Full scan (C:\|)

Objects scanned: 286834

Time elapsed: 2 hour(s), 36 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\all users\application data\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6814

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

6/9/2011 7:24:23 AM

mbam-log-2011-06-09 (07-24-23).txt

Scan type: Full scan (C:\|)

Objects scanned: 286834

Time elapsed: 2 hour(s), 36 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\all users\application data\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6814

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

6/9/2011 7:24:23 AM

mbam-log-2011-06-09 (07-24-23).txt

Scan type: Full scan (C:\|)

Objects scanned: 286834

Time elapsed: 2 hour(s), 36 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\all users\application data\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6814

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

6/9/2011 7:24:23 AM

mbam-log-2011-06-09 (07-24-23).txt

Scan type: Full scan (C:\|)

Objects scanned: 286834

Time elapsed: 2 hour(s), 36 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\all users\application data\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Thank you for the response. I had already done this and the logs were on my desktop but I didn't copy them. I was in a hurry. Sorry!!!! I ran the scan again to make sure just now. Here are the logs.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-03.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 6/5/2006 10:18:57 PM

System Uptime: 6/10/2011 12:52:51 AM (12 hours ago)

.

Motherboard: Dell Inc. | | 0RJ272

Processor: Intel® Celeron® M processor 1.50GHz | Microprocessor | 1496/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 33 GiB total, 11.571 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP256: 4/21/2011 9:20:44 AM - Software Distribution Service 3.0

RP257: 4/21/2011 9:30:41 AM - Software Distribution Service 3.0

RP258: 4/21/2011 1:56:20 PM - Software Distribution Service 3.0

RP259: 4/22/2011 8:35:06 AM - Software Distribution Service 3.0

RP260: 4/22/2011 2:51:42 PM - Software Distribution Service 3.0

RP261: 4/23/2011 4:35:09 PM - Software Distribution Service 3.0

RP262: 4/24/2011 9:29:20 PM - Software Distribution Service 3.0

RP263: 4/25/2011 10:58:55 PM - Software Distribution Service 3.0

RP264: 4/26/2011 10:32:26 PM - Printer Driver Amyuni Document Converter 400 Installed

RP265: 4/27/2011 12:22:21 AM - Software Distribution Service 3.0

RP266: 4/27/2011 1:56:00 PM - Software Distribution Service 3.0

RP267: 4/28/2011 3:50:59 PM - System Checkpoint

RP268: 4/28/2011 4:38:56 PM - Software Distribution Service 3.0

RP269: 4/29/2011 6:47:25 PM - Software Distribution Service 3.0

RP270: 4/30/2011 6:52:45 PM - System Checkpoint

RP271: 5/1/2011 9:12:19 AM - Software Distribution Service 3.0

RP272: 5/1/2011 9:25:56 AM - Software Distribution Service 3.0

RP273: 5/2/2011 9:16:19 AM - Software Distribution Service 3.0

RP274: 5/3/2011 3:15:13 PM - Software Distribution Service 3.0

RP275: 5/4/2011 3:57:47 PM - Software Distribution Service 3.0

RP276: 5/4/2011 10:06:31 PM - Software Distribution Service 3.0

RP277: 5/5/2011 5:28:02 PM - Software Distribution Service 3.0

RP278: 5/6/2011 5:48:01 PM - Software Distribution Service 3.0

RP279: 5/12/2011 9:54:58 PM - Software Distribution Service 3.0

RP280: 5/13/2011 7:19:19 AM - Software Distribution Service 3.0

RP281: 5/13/2011 10:26:56 PM - Software Distribution Service 3.0

RP282: 5/15/2011 10:40:38 AM - Software Distribution Service 3.0

RP283: 5/16/2011 11:36:57 AM - Installed Java 6 Update 22

RP284: 5/16/2011 3:43:42 PM - Software Distribution Service 3.0

RP285: 5/17/2011 10:12:30 PM - Software Distribution Service 3.0

RP286: 5/18/2011 7:01:29 PM - Installed Java 6 Update 24

RP287: 5/19/2011 11:00:48 PM - System Checkpoint

RP288: 5/19/2011 11:28:38 PM - Software Distribution Service 3.0

RP289: 5/21/2011 2:11:43 PM - Software Distribution Service 3.0

RP290: 5/22/2011 2:52:02 PM - Software Distribution Service 3.0

RP291: 5/24/2011 9:24:32 AM - Software Distribution Service 3.0

RP292: 5/25/2011 5:48:39 PM - Software Distribution Service 3.0

RP293: 5/27/2011 8:16:34 AM - Software Distribution Service 3.0

RP294: 5/28/2011 9:11:05 AM - Software Distribution Service 3.0

RP295: 5/30/2011 2:46:28 AM - Software Distribution Service 3.0

RP296: 5/30/2011 4:06:03 AM - Software Distribution Service 3.0

RP297: 5/31/2011 11:14:28 PM - Software Distribution Service 3.0

RP298: 6/2/2011 9:31:54 PM - Restore Operation

RP299: 6/2/2011 9:46:45 PM - Software Distribution Service 3.0

RP300: 6/2/2011 10:04:05 PM - Software Distribution Service 3.0

RP301: 6/2/2011 10:54:30 PM - Restore Operation

RP302: 6/2/2011 10:56:17 PM - Restore Operation

RP303: 6/2/2011 11:18:55 PM - Restore Operation

RP304: 6/2/2011 11:47:11 PM - Software Distribution Service 3.0

RP305: 6/3/2011 7:37:30 AM - Printer Driver Amyuni Document Converter 400 Installed

RP306: 6/4/2011 2:40:47 PM - Software Distribution Service 3.0

RP307: 6/5/2011 9:36:52 PM - Software Distribution Service 3.0

RP308: 6/7/2011 8:04:32 AM - Software Distribution Service 3.0

RP309: 6/8/2011 5:37:40 PM - Software Distribution Service 3.0

RP310: 6/10/2011 2:27:30 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Help Viewer CS3

Adobe PDF Library Files

Adobe Photoshop 7.0

Adobe Photoshop CS3

Adobe Reader 7.0

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

AOLIcon

AutoUpdate

Avira AntiVir Personal - Free Antivirus

Bing Bar

Bonjour

Broadcom Management Programs

Conexant HDA D110 MDC V.92 Modem

Corel Paint Shop Pro X

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell System Restore

Dell Wireless WLAN Card

DellSupport

Digital Content Portal

Digital Line Detect

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

Documentation & Support Launcher

ELIcon

EPSON Stylus NX400 Series Printer Uninstall

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver for Mobile

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 24

Java 6 Update 7

Learn2 Player (Uninstall Only)

Logitech Vid HD

Logitech Webcam Software

Logitech Webcam Software Driver Package

Macromedia Shockwave Player

Malwarebytes' Anti-Malware version 1.51.0.1200

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Standard 2006

Microsoft Digital Image Standard 2006 Editor

Microsoft Digital Image Standard 2006 Library

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2006

Microsoft National Language Support Downlevel APIs

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Streets & Trips 2006

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Word 2002

Microsoft Works

Microsoft Works Suite 2006 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Modem Helper

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

OpenOffice.org Installer 1.0

Picasa 2

PowerDVD 5.5

QuickBooks

QuickBooks Simple Start 2010 Free Edition

QuickSet

QuickTime

RealPlayer Basic

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Skype

Link to post
Share on other sites

Here you go!!!!!

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by Kingdom Services at 12:56:20 on 2011-06-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1424 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydial/*http://www.yahoo.com

uDefault_Page_URL = hxxp://www.msn.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{582E7686-E685-494E-8701-0113D4859E45} : DhcpNameServer = 10.0.0.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-9 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-9 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-9 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-9 61960]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-13 24652]

S1 jcjzusoi;jcjzusoi;\??\c:\windows\system32\drivers\jcjzusoi.sys --> c:\windows\system32\drivers\jcjzusoi.sys [?]

S1 MpKsl021702ed;MpKsl021702ed;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6fb50286-9fa1-4c10-8758-6086293fdd17}\mpksl021702ed.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6fb50286-9fa1-4c10-8758-6086293fdd17}\MpKsl021702ed.sys [?]

S1 MpKsl0c5e678d;MpKsl0c5e678d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{001dbdb0-ea12-4cb1-87ff-d617de4ac6c3}\mpksl0c5e678d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{001dbdb0-ea12-4cb1-87ff-d617de4ac6c3}\MpKsl0c5e678d.sys [?]

.

=============== Created Last 30 ================

.

2011-06-09 21:24:57 -------- d-----w- c:\windows\system32\NtmsData

2011-06-09 21:24:25 -------- d-----w- c:\documents and settings\kingdom services\application data\Avira

2011-06-09 21:19:12 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-09 21:19:11 -------- d-----w- c:\program files\Avira

2011-06-09 21:19:11 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-06-09 03:33:59 -------- d-sh--w- c:\documents and settings\kingdom services\IECompatCache

2011-06-09 03:13:39 -------- d-----w- c:\documents and settings\kingdom services\application data\Malwarebytes

2011-06-09 02:57:48 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-09 02:57:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-09 02:57:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-08 21:53:09 -------- d--h--w- c:\windows\msdownld.tmp

2011-06-08 21:51:49 -------- d-----w- c:\program files\Bing Bar Installer

2011-06-07 21:13:45 -------- d-s---w- C:\ComboFix

2011-06-03 03:34:32 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-03 03:34:32 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-03 03:15:31 -------- d-----w- c:\windows\LastGood(2)

2011-05-18 01:14:55 -------- d-----w- c:\documents and settings\kingdom services\local settings\application data\Mozilla

2011-05-16 15:37:34 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-16 14:57:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-05-01 13:09:59 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-05-01 13:09:57 56 --sh--r- c:\windows\system32\3333A9591B.sys

2011-04-18 12:41:38 1409 ----a-w- c:\windows\QTFont.for

2011-04-11 02:52:57 88 --sh--r- c:\windows\system32\1B59A93333.sys

2007-04-19 05:54:04 16083128 ----a-w- c:\program files\Dreamweaver.exe

2007-04-19 05:22:16 293917848 ----a-w- c:\program files\Dreamweaver CS3 (9.0).exe

.

============= FINISH: 12:57:28.16 ===============

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

I downloaded combo fix. When it ran, it popped up a C:\ screeb titled "." It is blue and blank with a blinking cursor. I then got a popup that was titled Patched Volsnap.sys!! And the message was - The Driver 'VOLSNAP.SYS' is patched with a rootkit. Attempting to disinfected. This may take several minutes. I clicked ok and nothing happened.

Link to post
Share on other sites

To update on this, that blue froze my computer. I had to restart. When I restarted, I tried to run combofix again and now it doesn't give me that volsnap.sys message but it does give me the blue box with the blinking line and I can't exit out of it.

Link to post
Share on other sites

Thank you for the additional information, this is very helpful.

Unfortunately this is a nasty rootkit infection. Please read the following first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

What all is involed in reformatting my computer. This computer was is a used computer and I have no OS disks with it.

I think based on what I've read, I'd like to reformat my computer, but is that able to be done without any of the original cds?

Link to post
Share on other sites

Hi, unfortunately you will most likely need the installation disk(s). If the computer is a Dell/Acer/HP, it is possible it has a recovery partition. If you are not sure, please let me know what the computer's manufacturer is.

Link to post
Share on other sites

Glad to hear everything went fine. :) Please find below some useful information. If you have any other question, just let me know!

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Link to post
Share on other sites

Thank you for all your help. Even though we had to resort to reformatting, you have provided me with a lot of information for the future. I downloaded Avira A/V and and Malwarebytes' Anti-Malware. I currently don't have a firewall, but will be investing in one soon.

Again, thank you and it was a pleasure working with you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.