Jump to content

Need assistance in fixing a malware problem permanently


gangtom

Recommended Posts

Hi

I'm facing a malware problem from the last 3-4 days, after I'm back to my college from holidays. I see that this problem is prevalent in my college.

I need help to fix this problem once and for all in my computer. I can understand that my network is infected with this malware.

Whenever i try to open a website: it gives 3 different behaviors for different websites.

1. For some websites, it says the DNS lookup failed and Reload this page to fix this problem. Reloading doesn't fix the problem. I can open other websites like twitter.com without changing any network problems. I've repeatedly faced this problem.

2. For some other websites it says:

Browser Upgrade: - "Upgrade your browser to a modern software".

3. Some sites open normally. As i've said, twitter.com opens normally.

Note: These websites are not constant. For example: Problem No. 1 occurs sometimes for twitter.com.

I installed malware bytes to fix this problem (trial version).

I get the following notification from time to time: - Attached - "malware problem.jpg".

I see some changes in the above notification. -Refer to the attachment jpeg-

1. The process reported changes. It can be either - "ntrtscan.exe" or "tmlisten.exe" or "svchost.exe". Refer to the attachment, "protection-log-2011-09-13.txt" in "protection-log-2011-09-13.zip"

Please help me fix this problem once and for all. I'd need your advice to prevent my PC from getting infected with this malware in the future. Any small tips like, "Start your PC without any network connection and connect to your LAN only after the antivirus and anti-malware have started functioning" will do.

I'm really grateful to the people at malwarebytes for this help.

Note: I've followed the steps at http://forums.malwarebytes.org//index.php?showtopic=9573 in the exact same order in posting the attachments, apart from some more info like images, etc.

Note 2: I use Microsoft security essentials - completely updated. I ran a full scan last night.

------------------------------- DDS.txt file content is pasted below. -------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by narsi at 14:25:06 on 2011-09-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1792 [GMT 5.5:30]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Enabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Windows\System32\alg.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Intel\IntelAppStore\bin\ismagent.exe

C:\Program Files\Intel\IntelAppStore\bin\AppUp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\BitTorrent\BitTorrent.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\narsi\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Windows\system32\conhost.exe

C:\Users\narsi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\narsi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\narsi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\narsi\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Users\narsi\Downloads\Defogger.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.in/

uInternet Settings,ProxyOverride = local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

uRun: [googletalk] c:\users\narsi\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun

uRun: [bitTorrent] "c:\program files\bittorrent\BitTorrent.exe"

uRun: [Google Update] "c:\users\narsi\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\ismagent.lnk"

mRun: [intel AppUp(SM) center_Nagware] "c:\program files\intel\intelappstore\bin\AppUp.lnk"

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\narsi\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\narsi\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\narsi\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\users\narsi\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: %SystemRoot%\system32\PrxerDrv.dll

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://150.101.4.94:4343/officescan/console/html/ClientInstall/WinNTChk.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://150.101.4.94:4343/officescan/console/html/ClientInstall/setup.cab

DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://150.101.4.94:4343/officescan/console/html/root/AtxEnc.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.12.112 192.168.12.25

TCP: Interfaces\{B53B3CC0-4540-483D-AC22-48B289B7027B} : DhcpNameServer = 192.168.12.112 192.168.12.25

TCP: Interfaces\{B53B3CC0-4540-483D-AC22-48B289B7027B}\46C696E6B6 : NameServer = 8.8.4.4,4.4.2.2

TCP: Interfaces\{B53B3CC0-4540-483D-AC22-48B289B7027B}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B53B3CC0-4540-483D-AC22-48B289B7027B}\9464D42553 : NameServer = 8.8.4.4,4.4.2.2

TCP: Interfaces\{B53B3CC0-4540-483D-AC22-48B289B7027B}\9464D42553 : DhcpNameServer = 10.8.0.105 10.60.34.135

TCP: Interfaces\{B53B3CC0-4540-483D-AC22-48B289B7027B}\D44494 : NameServer = 8.8.4.4,4.4.2.2

TCP: Interfaces\{B53B3CC0-4540-483D-AC22-48B289B7027B}\D44494 : DhcpNameServer = 192.168.12.112 192.168.12.25

TCP: Interfaces\{C5855BEC-E195-478F-947A-5404CCACA57F} : DhcpNameServer = 192.168.12.112 192.168.12.25

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\narsi\appdata\roaming\mozilla\firefox\profiles\87dw8z43.default\

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\intel\intelappstore\bin\npAppUp.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\narsi\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\users\narsi\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\narsi\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKslf0727c7b;MpKslf0727c7b;c:\programdata\microsoft\microsoft antimalware\definition updates\{d212096a-c72e-4eaf-85ce-627904ecaa8b}\MpKslf0727c7b.sys [2011-9-14 28752]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-11-8 146000]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-2-8 176128]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-13 366152]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-6-10 59152]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXpflt.sys [2010-10-21 249424]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\TmPreflt.sys [2010-10-21 36432]

R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-11-8 282704]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-13 22216]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2011-4-15 497272]

R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2011-4-15 689680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-2-23 29736]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-8 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-12 136176]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-29 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-8 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-09-14 08:47:23 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d212096a-c72e-4eaf-85ce-627904ecaa8b}\MpKslf0727c7b.sys

2011-09-13 17:32:43 -------- d-----w- c:\users\narsi\appdata\roaming\Malwarebytes

2011-09-13 17:32:33 -------- d-----w- c:\programdata\Malwarebytes

2011-09-13 17:32:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-13 17:32:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-13 16:50:15 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d212096a-c72e-4eaf-85ce-627904ecaa8b}\mpengine.dll

2011-09-12 14:03:42 -------- d-----w- c:\windows\system32\log

2011-09-12 14:02:56 -------- d-----w- c:\program files\Trend Micro

2011-09-11 14:20:34 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2011-09-11 14:20:33 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2011-09-11 14:20:32 223152 ----a-w- c:\windows\system32\drivers\SynTP.sys

2011-09-11 14:20:32 206120 ----a-w- c:\windows\system32\SynCtrl.dll

2011-09-11 14:20:32 169256 ----a-w- c:\windows\system32\SynCOM.dll

2011-09-11 14:20:32 161064 ----a-w- c:\windows\system32\SynTPAPI.dll

2011-09-11 08:48:24 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{110c39cf-8c3c-4ab4-875c-543b9aa8e922}\gapaengine.dll

2011-08-25 09:59:14 -------- d-----w- C:\Output

2011-08-25 09:55:59 -------- d-----w- c:\users\narsi\appdata\roaming\YCanPDF

2011-08-25 09:55:52 -------- d-----w- c:\program files\Okdo Ppt to Word Converter

2011-08-23 22:31:16 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-23 06:31:47 -------- d-----w- c:\users\narsi\appdata\roaming\Tor

2011-08-23 06:31:46 -------- d-----w- c:\program files\Vidalia Bundle

2011-08-21 13:24:54 -------- d-----w- c:\users\narsi\appdata\roaming\com.hyfn.miniclip.desktop.cricket

2011-08-19 23:32:51 -------- d-----w- c:\users\narsi\appdata\roaming\Rovio

2011-08-19 23:31:48 -------- d-----w- c:\program files\Rovio

2011-08-18 23:33:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-08-18 23:33:45 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-08-18 23:33:45 785368 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-08-18 23:33:45 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-08-18 23:33:45 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-08-18 23:33:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-08-18 23:33:45 1846232 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-08-18 23:33:45 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

.

==================== Find3M ====================

.

2011-07-31 11:49:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

============= FINISH: 14:27:01.51 ===============

protection-log-2011-09-13.zip

mbam-log-2011-09-14 (14-14-26).txt

post-94229-0-18353300-1315994097.jpg

Attach.zip

DDS.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Trend Micro and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi Screen317,

Thank you very much for helping me fix this.

I've stopped receiving such notifications from 12 hours or so after uninstalling trend micro anti-virus. I don't know if my computer is disinfected.

I'm attaching the mbam, combofix and dds logs.

Also, I don't understand why i don't see malware bytes antispyware icon in my tray even though i can see mbam process running in task manager and it is enabled in msconfig startup programs.

Thanks,

gangtom

ComboFix.txt

DDS.txt

mbam-log-2011-09-18 (14-52-23).txt

Link to post
Share on other sites

  • Staff

How much time is left in the trial?

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.