Jump to content

Recommended Posts

Hi there,

I have a virus, malware or whatever that won't let me access certain sites on the web e.g facebook login, malware updater, other virus uploaders, etc.

I have the following:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19019

Run by Ben at 20:37:03 on 2011-09-16

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2039.867 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SMINST\scheduler.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.facebook.com/

uSearch Bar = Preserve

mStart Page = hxxp://uk.yahoo.com

mDefault_Page_URL = hxxp://uk.yahoo.com

uInternet Settings,ProxyOverride = <local>;*.local

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll

BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0F97B72A-1705-43BB-ABDB-5FED71CA7F0D} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{ED70FCED-5DBE-4862-B6CC-BEB08E656C1D} : DhcpNameServer = 192.168.1.254

Notify: DeviceNP - DeviceNP.dll

Notify: igfxcui - igfxdev.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\eit9icey.default\

FF - plugin: c:\program files\babelgum player\npweb_babelgumplayer_0.9.14.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-5 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-5 309848]

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20080523.001\IDSvix86.sys [2008-5-25 261680]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl103cd85c;MpKsl103cd85c;c:\programdata\microsoft\microsoft antimalware\definition updates\{9365d829-fe60-4bdc-b1c3-a75056730200}\MpKsl103cd85c.sys [2011-9-16 28752]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-5 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-5 54104]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-5 42184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-15 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-15 22216]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-10-3 37936]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]

S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-7-24 30008]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-1 102448]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-7 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]

S4 BabelgumUpdater;BabelgumUpdater;c:\program files\babelgum player\babelgumupdater_service.exe [2008-12-19 13624]

S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]

S4 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-7-24 540448]

S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-3-28 1251720]

.

=============== Created Last 30 ================

.

2011-09-16 14:03:40 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d5318e67-addd-4909-9629-60356bf520e5}\gapaengine.dll

2011-09-16 14:03:40 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9365d829-fe60-4bdc-b1c3-a75056730200}\MpKsl103cd85c.sys

2011-09-16 13:55:09 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9365d829-fe60-4bdc-b1c3-a75056730200}\mpengine.dll

2011-09-16 13:40:04 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-16 11:28:33 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a40dbf5d-3d85-4033-abb0-b547cb5dd1b4}\mpengine.dll

2011-09-16 05:40:52 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-09-15 16:23:30 -------- d-----w- c:\users\ben\appdata\roaming\Malwarebytes

2011-09-15 16:23:15 -------- d-----w- c:\programdata\Malwarebytes

2011-09-15 16:23:11 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-15 16:23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-11 17:30:14 -------- d-----w- c:\users\ben\appdata\roaming\alot

2011-09-06 16:29:54 784136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

2011-09-06 16:28:37 -------- d-----w- c:\programdata\LightScribe

2011-09-05 20:33:43 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-09-05 20:33:40 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-09-05 20:32:38 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-09-05 20:32:28 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-09-05 20:32:18 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-09-05 20:32:16 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-09-05 20:32:14 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-09-05 20:32:06 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-09-05 20:32:05 1161728 ----a-w- c:\windows\system32\mfc42u.dll

2011-09-05 20:31:59 304640 ----a-w- c:\windows\system32\drivers\srv.sys

2011-09-05 20:31:51 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-09-05 20:31:50 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-09-05 20:31:50 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-09-05 20:31:42 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-09-05 20:31:42 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-09-05 20:31:35 2042368 ----a-w- c:\windows\system32\win32k.sys

2011-09-05 20:31:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-05 20:30:31 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-09-05 20:30:31 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-09-05 20:30:06 563200 ----a-w- c:\windows\system32\oleaut32.dll

2011-09-05 20:30:00 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-09-05 20:30:00 323072 ----a-w- c:\windows\system32\sbe.dll

2011-09-05 20:30:00 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-09-05 20:29:59 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-09-05 20:29:24 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-05 20:29:14 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-09-05 20:29:13 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-09-05 20:28:57 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-09-05 20:28:55 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-09-05 19:58:15 276992 ----a-w- c:\windows\system32\schannel.dll

2011-09-05 19:51:20 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-09-05 19:51:16 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-09-05 19:48:15 40112 ----a-w- c:\windows\avastSS.scr

2011-09-05 19:47:29 -------- d-----w- c:\programdata\AVAST Software

2011-09-05 19:47:29 -------- d-----w- c:\program files\AVAST Software

2011-09-05 19:30:08 -------- d-----w- c:\windows\pss

.

==================== Find3M ====================

.

.

============= FINISH: 20:40:16.94 ===============

Attach.zip

Link to post
Share on other sites

Hello and welcome to Malwarebytes.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Watch Topic near the top of the page, then select Immediate Notification. Click on Proceed. If it shows Stop watching topic, it means you are already subscribed.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 5 days, this topic will be closed.

Link to post
Share on other sites

Hello and welcome to Malwarebytes.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Watch Topic near the top of the page, then select Immediate Notification. Click on Proceed. If it shows Stop watching topic, it means you are already subscribed.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 5 days, this topic will be closed.

I have since re-built my system. I haven't lost much. so I am ok. you have all the files requested so if you want to look at it and identify the virus I will help you as much as I can.

C

Link to post
Share on other sites

Hello BigHammo :),

Thanks for getting back to me.

Since you have rebuilt your system, there is no need to pursue the matter further.

Just one thing you should be aware of. In the earlier DDS log, I see two Antivirus (AV) programs. Although AV is essential for keeping your computer free from viruses, having more than one AV will do more harm than protect your computer. They will not only conflict, but will slow down your computer as well. You must only have one installed.

If you have no other questions, I will close this topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.