Jump to content

Trojan.BHO (fsharproj)


Recommended Posts

I've recently acquired a virus that randomly and sporadically redirects me when I attempt to click on URL's on the Google SERP. Additionally, it seems to download a randomly named .png image of the French flag to my temp folder upon start-up and sometimes when I open Firefox. It then opens this image in Live Photo gallery. When I scan with Malwarebytes it finds and successfully removes Trojan.BHO. However, this virus simply reappears in a matter of minutes to hours.

I've pasted my MBAM and DDS logs below and I have attached the ARK and Attach texts.

MBAM-LOG:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7664

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

9/6/2011 4:30:08 PM

mbam-log-2011-09-06 (16-30-08).txt

Scan type: Quick scan

Objects scanned: 171900

Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS/GMER Log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.0.0

Run by Ephectic at 16:30:59 on 2011-09-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.724 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\nlssrv32.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Ralink\Common\RaUI.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\alg.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\rundll32.exe

C:\Users\Ephectic\AppData\Local\Electronic Arts\ElectronicUpdate\Electronicupdt32.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Users\Ephectic\Downloads\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: {119a02f8-05be-4315-aa36-466b83c1d205} - c:\windows\system32\wscui32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [MusicManager] "c:\users\ephectic\appdata\local\programs\google\musicmanager\MusicManager.exe"

uRun: [ElectronicUpdate] c:\users\ephectic\appdata\local\electronic arts\electronicupdate\Electronicupdt32.exe

uRun: [JavaServiceProfile] rundll32.exe "c:\programdata\JavaServiceProfile.dll",DllRegisterServer

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [ElectronicUpdate] c:\users\ephectic\appdata\local\electronic arts\electronicupdate\Electronicupdt32.exe

StartupFolder: c:\users\ephectic\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{82180EC9-9B5E-4AB2-B014-409C92A51615}\E4544574541425 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B9DC7515-F7A2-41D6-BDAE-9232D9654F90} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B9DC7515-F7A2-41D6-BDAE-9232D9654F90}\C696C6D6F6D6D616 : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ephectic\appdata\roaming\mozilla\firefox\profiles\p7x6ngw5.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\ephectic\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\users\ephectic\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\ephectic\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl2f6604b7;MpKsl2f6604b7;c:\programdata\microsoft\microsoft antimalware\definition updates\{d4281230-e604-40dd-8780-659231cce199}\MpKsl2f6604b7.sys [2011-9-6 28752]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2011-3-24 8576]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-21 366640]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-2-21 66560]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2011-3-23 75040]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-15 22712]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-9-15 807936]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-1-17 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-1-17 79360]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-15 41272]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-7 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-17 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-09-06 21:29:22 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d4281230-e604-40dd-8780-659231cce199}\MpKsl2f6604b7.sys

2011-09-06 21:29:13 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d4281230-e604-40dd-8780-659231cce199}\mpengine.dll

2011-09-06 20:51:00 355328 ----a-w- c:\windows\system32\wscui32.dll

2011-09-06 20:50:58 184832 ----a-w- c:\programdata\JavaServiceProfile.dll

2011-09-06 05:53:51 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-06 05:00:19 98816 ----a-w- c:\windows\sed.exe

2011-09-06 05:00:19 518144 ----a-w- c:\windows\SWREG.exe

2011-09-06 05:00:19 256000 ----a-w- c:\windows\PEV.exe

2011-09-06 05:00:19 208896 ----a-w- c:\windows\MBR.exe

2011-09-06 04:38:11 388096 ----a-r- c:\users\ephectic\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-06 04:38:10 -------- d-----w- c:\program files\Trend Micro

2011-08-31 17:59:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 21:17:36 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-23 08:00:47 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2011-08-22 15:18:35 -------- d-----w- c:\users\ephectic\appdata\local\{9ECD47A2-901B-45FD-B573-78576ACA121D}

2011-08-11 23:38:37 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f71460b3-32e4-47c7-a057-b9f5c693ebb9}\gapaengine.dll

.

==================== Find3M ====================

.

2011-09-06 21:15:02 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-07 17:11:51 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-07-07 17:11:51 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll

2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 16:32:04.75 ===============

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

MBAM Log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7681

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

9/9/2011 3:27:20 AM

mbam-log-2011-09-09 (03-27-20).txt

Scan type: Quick scan

Objects scanned: 173620

Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Combofix Log:

ComboFix 11-09-09.01 - Ephectic 09/09/2011 3:36.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.951 [GMT -5:00]

Running from: c:\users\Ephectic\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\JavaServiceProfile.dll

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{4a802fee-c3b8-4818-97f2-0f23a7cf1428}

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{4a802fee-c3b8-4818-97f2-0f23a7cf1428}\chrome.manifest

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{4a802fee-c3b8-4818-97f2-0f23a7cf1428}\chrome\xulcache.jar

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{4a802fee-c3b8-4818-97f2-0f23a7cf1428}\defaults\preferences\xulcache.js

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{4a802fee-c3b8-4818-97f2-0f23a7cf1428}\install.rdf

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{776dfa2b-59bb-4a0d-a239-614602cba05a}

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{776dfa2b-59bb-4a0d-a239-614602cba05a}\chrome.manifest

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{776dfa2b-59bb-4a0d-a239-614602cba05a}\chrome\xulcache.jar

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{776dfa2b-59bb-4a0d-a239-614602cba05a}\defaults\preferences\xulcache.js

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{776dfa2b-59bb-4a0d-a239-614602cba05a}\install.rdf

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{90f42b9d-a5a0-4c50-9a1d-658e7d7678a0}

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{90f42b9d-a5a0-4c50-9a1d-658e7d7678a0}\chrome.manifest

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{90f42b9d-a5a0-4c50-9a1d-658e7d7678a0}\chrome\xulcache.jar

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{90f42b9d-a5a0-4c50-9a1d-658e7d7678a0}\defaults\preferences\xulcache.js

c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\extensions\{90f42b9d-a5a0-4c50-9a1d-658e7d7678a0}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))

.

.

2011-09-09 08:43 . 2011-09-09 08:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-09 06:55 . 2011-09-09 06:55 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2666C28C-6A3F-4174-B460-CCCFB95F32CD}\MpKsl7a1b7fcc.sys

2011-09-09 06:55 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2666C28C-6A3F-4174-B460-CCCFB95F32CD}\mpengine.dll

2011-09-08 08:11 . 2011-01-18 04:30 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DC30434-B6D1-4431-91B2-9CAFA88FFE67}\gapaengine.dll

2011-09-06 21:44 . 2011-09-06 21:45 -------- d-----w- c:\program files\CCleaner

2011-09-06 21:15 . 2011-09-06 21:15 -------- d-----w- c:\program files\Common Files\Java

2011-09-06 04:38 . 2011-09-06 04:38 388096 ----a-r- c:\users\Ephectic\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-06 04:38 . 2011-09-06 04:38 -------- d-----w- c:\program files\Trend Micro

2011-08-31 17:59 . 2011-08-31 17:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-24 21:17 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-23 08:00 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-08-11 23:38 . 2011-01-18 04:30 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F71460B3-32E4-47C7-A057-B9F5C693EBB9}\gapaengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-06 21:15 . 2011-04-13 21:24 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-12 02:44 . 2011-01-19 06:52 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-07 17:11 . 2009-06-18 18:58 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-07-07 17:11 . 2009-06-18 18:58 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-07-07 00:52 . 2011-06-15 08:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 00:52 . 2011-06-15 08:36 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-06 21:51 . 2011-06-25 06:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

"MusicManager"="c:\users\Ephectic\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-06-15 12817920]

"ElectronicUpdate"="c:\users\Ephectic\AppData\Local\Electronic Arts\ElectronicUpdate\Electronicupdt32.exe" [2011-09-06 159232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"P17RunE"="P17RunE.dll" [2008-03-28 14848]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-07 273544]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ElectronicUpdate"="c:\users\Ephectic\AppData\Local\Electronic Arts\ElectronicUpdate\Electronicupdt32.exe" [2011-09-06 159232]

.

c:\users\Ephectic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2011-3-23 1824032]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 MpKsl0c48121c;MpKsl0c48121c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2921DC12-1297-49A2-A01F-A40457EBDB7A}\MpKsl0c48121c.sys [x]

R1 MpKsl15f1e982;MpKsl15f1e982;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A4FE5EB-4746-492B-BB1F-247CC8408773}\MpKsl15f1e982.sys [x]

R1 MpKsl1ea5ae1a;MpKsl1ea5ae1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D13742B-BBF4-49DC-AB96-E95FA6461D65}\MpKsl1ea5ae1a.sys [x]

R1 MpKsl27465d51;MpKsl27465d51;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52E1CB52-2FF1-43E7-BD34-89D4CBBA8E06}\MpKsl27465d51.sys [x]

R1 MpKsl2f795243;MpKsl2f795243;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A8AC5FF-B14E-4F76-88A6-C99558CE7D23}\MpKsl2f795243.sys [x]

R1 MpKsl38592a5c;MpKsl38592a5c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7E17E02-C5E1-4E02-A4CF-3D91E4951554}\MpKsl38592a5c.sys [x]

R1 MpKsl41accb41;MpKsl41accb41;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D495090-E55B-41D9-BC1D-5CDCEBEAFECC}\MpKsl41accb41.sys [x]

R1 MpKsl4528e458;MpKsl4528e458;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAF8491F-F3F4-493E-B90F-4C105209CA73}\MpKsl4528e458.sys [x]

R1 MpKsl455bbec7;MpKsl455bbec7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A849000B-A43E-4814-AED2-3D43EFDEDEEE}\MpKsl455bbec7.sys [x]

R1 MpKsl5e3d6e09;MpKsl5e3d6e09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29782247-0CE9-4F73-89EC-939CA0E2D5A2}\MpKsl5e3d6e09.sys [x]

R1 MpKsl61d758e9;MpKsl61d758e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15ED8B00-32D7-45C1-B9C7-50EAB00E3C4D}\MpKsl61d758e9.sys [x]

R1 MpKsl655c947b;MpKsl655c947b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C138C10C-49B1-4D36-A8AB-A8515314A087}\MpKsl655c947b.sys [x]

R1 MpKsl72111097;MpKsl72111097;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D413A7CE-245E-4082-A3D1-2C54350778E3}\MpKsl72111097.sys [x]

R1 MpKsla7121534;MpKsla7121534;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52E1CB52-2FF1-43E7-BD34-89D4CBBA8E06}\MpKsla7121534.sys [x]

R1 MpKslbf1c29b1;MpKslbf1c29b1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{952BB4F5-91D3-44D6-A611-133EF20596A4}\MpKslbf1c29b1.sys [x]

R1 MpKslc50d4125;MpKslc50d4125;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E2BB232-F8C2-4617-B7CE-F0CAC3EB124C}\MpKslc50d4125.sys [x]

R1 MpKslcc301615;MpKslcc301615;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3AD37078-3612-4897-B5E6-4C729356FD28}\MpKslcc301615.sys [x]

R1 MpKsldabfa41c;MpKsldabfa41c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A849000B-A43E-4814-AED2-3D43EFDEDEEE}\MpKsldabfa41c.sys [x]

R1 MpKslf63797cb;MpKslf63797cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD221F71-DE01-474B-A3B1-0C172AF831B3}\MpKslf63797cb.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-18 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-18 79360]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 MpKsl7a1b7fcc;MpKsl7a1b7fcc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2666C28C-6A3F-4174-B460-CCCFB95F32CD}\MpKsl7a1b7fcc.sys [2011-09-09 28752]

S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\System32\drivers\VCdRom.sys [2001-12-19 8576]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-02-21 66560]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-09-15 807936]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - MPKSL2F6604B7

*NewlyCreated* - MPKSL61BD648B

*NewlyCreated* - MPKSL7A1B7FCC

*NewlyCreated* - PWTOQKOW

*Deregistered* - MpKsl2f6604b7

*Deregistered* - MpKsl61bd648b

*Deregistered* - pwtoqkow

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651665934-3003190261-2492166182-1001Core.job

- c:\users\Ephectic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 23:53]

.

2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2651665934-3003190261-2492166182-1001UA.job

- c:\users\Ephectic\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 23:53]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Ephectic\AppData\Roaming\Mozilla\Firefox\Profiles\p7x6ngw5.default\

FF - prefs.js: browser.startup.homepage - about:home

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-JavaServiceProfile - c:\programdata\JavaServiceProfile.dll

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-09 03:44:37

ComboFix-quarantined-files.txt 2011-09-09 08:44

ComboFix2.txt 2011-09-06 05:54

ComboFix3.txt 2011-09-06 05:09

.

Pre-Run: 17,342,550,016 bytes free

Post-Run: 17,154,740,224 bytes free

- - End Of File - - B24804F6AFCD576C85507BFC2AC3B59C

And for some reason DDS isn't generating any logs. It finishes and closes.

Link to post
Share on other sites

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

So run ComboFix again? Trying to understand the thought process here... are we just banking on the possibility that if we run it enough times it will eventually get rid of it? I can tell you that I ran it twice before I came to this forum--along with a few other things. I'm just not feeling confident that four is the magic number here.

... but if you say so...

Link to post
Share on other sites

  • Staff

Hi,

That was an error on my part. Sorry about that.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.