Jump to content

Recommended Posts

Hi malwarebytes people,

I apologize for my limited computer knowledge, so in the most basic way, here is my story.

I was infected with the "fake alert fab!" trojan on 06/12/2011. Prior to this event I was using Mcafee AOL Security. Although i suspect now that some of those files may have been corrupt as I had recently uninstalled and re-installed the Mcafee software. I did have trouble during the re-install and it took a couple of tries before it appeared to work. After the "malware event" Mcafee keep detecting and quarantining items. That is when I decided to use Microsoft Security Essentials as my security software.

Since reading your forums I was able to "unhide" my files and desktop. Although my programs are there...they are empty. I tried to re-install my printer with install disk but a Windows comes up saying "spooler service not started".

Also when trying to turn on Windows Firewall it says "Windows Firewall/Internet Connection Sharing Service is not turned on" and it cannot start it.

Here is the MBAM and DDS reports that you need. I hope you can help me with my issues.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6877

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/17/2011 8:05:00 PM

mbam-log-2011-06-17 (20-05-00).txt

Scan type: Quick scan

Objects scanned: 194850

Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by sandy at 20:13:04 on 2011-06-17

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.aol.com/

uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll

mWinlogon: userinit=userinit.exe,

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [DLCCCATS] rundll32 \3\DLCCtime.dll,_RunDLLEntry@16

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{36188291-F171-43E8-AD99-AE39A43B09A7} : DhcpNameServer = 192.168.1.1 192.168.1.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-06-17 19:23:40 131072 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCJSWR.DLL

2011-06-17 19:23:40 106496 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCINSR.DLL

2011-06-17 19:23:39 430080 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCUTIL.DLL

2011-06-17 19:23:39 188416 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCUNST.EXE

2011-06-17 19:23:38 221184 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCINST.EXE

2011-06-17 19:23:38 176128 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCINSB.DLL

2011-06-17 19:23:38 155648 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCINS.DLL

2011-06-17 19:23:37 983092 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCGF.DLL

2011-06-17 19:23:36 65536 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCCFG.DLL

2011-06-17 19:23:36 159744 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCADV.EXE

2011-06-17 19:23:36 139264 ----a-w- c:\temp\{9f5fbc24-efe2-4f90-b498-ec0fb7d47d15}\dlcc\DLCCFIRE.EXE

2011-06-17 15:31:37 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ee1522a-1848-4fb6-ae14-b52a4569288c}\MpKsla23d240c.sys

2011-06-17 15:31:35 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-06-17 15:31:04 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ee1522a-1848-4fb6-ae14-b52a4569288c}\mpengine.dll

2011-06-17 15:03:51 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-17 15:03:46 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-17 15:03:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-16 14:55:18 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-16 14:38:06 -------- d-----w- c:\program files\Microsoft Security Client

2011-06-16 11:52:07 -------- d-----w- c:\windows\system32\MpEngineStore

2011-06-16 11:50:28 -------- d-----w- C:\3e2a810d38d2be92a2a7389674a21c

2011-06-12 16:05:17 4224 ----a-w- c:\windows\system32\beep.sys

2011-06-12 15:40:43 -------- d-----w- c:\windows\system32\Adobe

2011-06-12 15:30:04 -------- d-----w- c:\documents and settings\sandy\application data\Malwarebytes

2011-06-12 15:29:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-10 18:10:43 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{a25113b8-28a3-4841-93c6-8118fcf8ff40}\mpengine.dll

2011-06-03 10:49:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-06-16 15:01:30 52352 ----a-w- c:\windows\system32\drivers\VolSnap.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 20:13:19.64 ===============

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.