Jump to content

New possible Malware


Recommended Posts

I think I discovered a new malware, one that Malwarebytes' doesn't detect or cure. It has the following problems:

- Shuts down Malwarebytes after a few seconds, then locks it so Windows cannot find the file or path

- Deletes all System Restore files so you can't Restore your computer to an earlier time.

- Shuts down any .exe that runs an anti-malware program, such as if you use an online anti-malware program using IE.

If this isn't a new malware program, PLEASE tell me how to get rid of this! My desktop and my laptop have this malware program in it, and I have NO clue how to remove it.

Link to post
Share on other sites

This sounds like a ZeroAccess rootkit. Not new, but not something that a tool like MBAM can take care of; it is an advanced rootkit and requires advanced tools/manual fixes to get rid of.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

All right, as requested.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.6000.16982

Run by JM at 12:47:26 on 2011-09-25

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.1476 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\1520680307:2353159333.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\DELL\E-Center\EULALauncher.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103

uWindow Title = Internet Explorer provided by Dell

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide

mRun: [ECenter] "c:\dell\e-center\EULALauncher.exe"

mRun: [Apoint] "c:\program files\delltpad\Apoint.exe"

mRun: [sigmatelSysTrayApp] "%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe"

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"

mRun: [Persistence] "c:\windows\system32\igfxpers.exe"

mRun: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe"

mRun: [broadcom Wireless Manager UI] "c:\windows\system32\WLTRAY.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [<NO NAME>]

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [dscactivate] "c:\dell\dsca.exe" 3

mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"

mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon

mRun: [CanonSolutionMenuEx] "c:\program files\canon\solution menu ex\CNSEMAIN.EXE" /logon

mRun: [iJNetworkScanUtility] "c:\program files\canon\canon ij network scan utility\CNMNSUT.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{8F2E107F-115D-4ADC-95F4-B9C6012E78E4} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{B91EC85F-DF3C-4FBE-93F5-4D07C72C52D5} : DhcpNameServer = 10.0.0.1

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jm\appdata\roaming\mozilla\firefox\profiles\1ols6ld4.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-1-2 73728]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-24 1153368]

R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2011-8-29 45584]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-9-14 3381184]

S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-8-29 3997912]

.

=============== Created Last 30 ================

.

2011-09-25 03:27:05 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f13c3ff6-a8e4-4dad-a13d-c541e9bf294f}\offreg.dll

2011-09-25 03:14:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-25 03:12:42 -------- d-----w- c:\users\jm\appdata\roaming\Malwarebytes

2011-09-25 03:12:35 -------- d-----w- c:\programdata\Malwarebytes

2011-09-25 03:12:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-25 03:12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-25 01:46:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-09-25 01:46:13 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-24 22:08:52 -------- d--h--w- c:\windows\PIF

2011-09-23 15:49:32 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f13c3ff6-a8e4-4dad-a13d-c541e9bf294f}\mpengine.dll

2011-09-20 21:59:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-09-20 21:59:17 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-09-12 03:23:10 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX

2011-09-12 03:23:07 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2011-09-12 03:23:07 -------- d--h--w- c:\programdata\CanonEPP

2011-09-12 03:23:05 -------- d--h--w- c:\programdata\CanonIJMyPrinter

2011-09-12 03:22:16 -------- d-----w- c:\programdata\CanonIJPLM

2011-09-12 03:21:57 -------- d-----w- c:\programdata\Canon IJ Network Tool

2011-09-12 03:21:36 307200 ----a-w- c:\windows\system32\CNC5200L.dll

2011-09-12 03:21:36 114688 ----a-w- c:\windows\system32\CNC5200I.dll

2011-09-12 03:21:35 1335296 ----a-w- c:\windows\system32\CNC5200C.dll

2011-09-12 03:21:35 106496 ----a-w- c:\windows\system32\CNC5200U.dll

2011-09-12 03:21:34 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2011-09-12 03:18:52 -------- d-----w- c:\programdata\CanonIJMSetup

2011-09-12 03:16:33 -------- d-----w- c:\program files\common files\CANON

2011-09-12 03:16:22 -------- d-----w- c:\programdata\CanonIJWSpt

2011-09-12 03:12:27 73216 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAE.DLL

2011-09-12 03:12:27 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAE.DLL

2011-09-12 03:09:32 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL

2011-09-12 03:09:14 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL

2011-09-12 03:08:47 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL

2011-09-12 03:08:47 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL

2011-09-12 03:08:47 -------- d-----w- c:\windows\system32\STRING

2011-09-12 03:06:26 -------- d-----w- c:\program files\Canon

2011-09-12 01:37:39 -------- d-----w- c:\program files\MSECache

2011-09-08 22:51:31 0 ----a-w- c:\programdata\pxis.exe

2011-09-08 22:51:26 0 ----a-w- c:\users\jm\appdata\local\yauw.exe

2011-09-08 22:51:05 0 ----a-w- c:\users\jm\appdata\local\owxa.exe

2011-09-08 22:50:45 0 ----a-w- c:\programdata\vydq.exe

2011-09-08 22:50:40 0 ----a-w- c:\users\jm\appdata\local\hfsn.exe

2011-09-08 22:50:22 -------- d-----w- c:\programdata\fE21101NcJmL21101

2011-09-08 22:50:13 0 ----a-w- c:\programdata\brds.exe

2011-09-08 22:49:58 0 ----a-w- c:\users\jm\appdata\local\ddky.exe

2011-09-07 02:30:38 -------- d-----w- c:\users\jm\appdata\local\Apple Computer

2011-09-07 02:28:54 -------- d-----w- c:\program files\iPod

2011-09-07 02:28:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-09-07 02:28:51 -------- d-----w- c:\program files\iTunes

2011-09-07 02:26:50 -------- d-----w- c:\users\jm\appdata\local\Apple

2011-09-07 02:23:56 -------- d-----w- c:\program files\Bonjour

2011-09-06 21:15:52 74520 ----a-w- c:\program files\common files\windows live\.cache\287b36d61cc6cda\DSETUP.dll

2011-09-06 21:15:52 484632 ----a-w- c:\program files\common files\windows live\.cache\287b36d61cc6cda\DXSETUP.exe

2011-09-06 21:15:52 1670936 ----a-w- c:\program files\common files\windows live\.cache\287b36d61cc6cda\dsetup32.dll

2011-09-06 21:11:38 -------- d-----w- c:\program files\common files\Windows Live

2011-09-02 15:07:11 -------- d-----w- c:\program files\Yahoo!

2011-09-02 15:04:51 -------- d-----w- c:\users\jm\appdata\local\AOL

2011-09-02 15:04:51 -------- d-----w- c:\users\jm\appdata\local\AIM

2011-09-02 15:02:19 -------- d-----w- c:\programdata\AIM

2011-09-02 15:02:11 -------- d-----w- c:\program files\AIM

2011-09-02 15:02:09 -------- d-----w- c:\program files\common files\Software Update Utility

2011-09-02 15:02:07 -------- d-----w- c:\program files\common files\AOL

2011-09-02 06:00:26 -------- d-----w- c:\program files\VideoLAN

2011-09-02 05:43:29 -------- d-----w- c:\users\jm\appdata\local\Adobe

2011-09-01 07:05:11 378368 ----a-w- c:\windows\system32\winhttp.dll

2011-09-01 07:05:01 268800 ----a-w- c:\windows\system32\es.dll

2011-09-01 07:03:49 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll

2011-09-01 07:03:49 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe

2011-09-01 07:03:49 11776 ----a-w- c:\windows\system32\sbunattend.exe

2011-09-01 07:02:30 130048 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-09-01 07:02:22 274432 ----a-w- c:\windows\system32\raschap.dll

2011-09-01 07:02:21 232960 ----a-w- c:\windows\system32\rastls.dll

2011-08-31 07:59:17 156672 ----a-w- c:\windows\system32\t2embed.dll

2011-08-31 07:59:16 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-08-31 07:59:16 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-08-31 07:59:16 289792 ----a-w- c:\windows\system32\atmfd.dll

2011-08-31 07:59:16 24064 ----a-w- c:\windows\system32\lpk.dll

2011-08-31 07:59:16 10240 ----a-w- c:\windows\system32\dciman32.dll

2011-08-31 07:55:40 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll

2011-08-31 07:55:39 61440 ----a-w- c:\windows\system32\winipsec.dll

2011-08-31 07:55:39 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2011-08-31 07:55:39 272896 ----a-w- c:\windows\system32\polstore.dll

2011-08-31 07:55:07 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-08-31 07:55:07 306688 ----a-w- c:\windows\system32\drivers\srv.sys

2011-08-31 07:54:36 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2011-08-31 07:54:36 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2011-08-31 07:54:36 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2011-08-31 07:54:01 15360 ----a-w- c:\windows\system32\netevent.dll

2011-08-31 07:54:00 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2011-08-31 07:54:00 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2011-08-31 07:54:00 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2011-08-31 07:54:00 19968 ----a-w- c:\windows\system32\ARP.EXE

2011-08-31 07:54:00 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2011-08-31 07:54:00 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2011-08-31 07:54:00 103936 ----a-w- c:\windows\system32\netiohlp.dll

2011-08-31 07:54:00 10240 ----a-w- c:\windows\system32\finger.exe

2011-08-31 07:53:06 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr

2011-08-31 07:53:06 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll

2011-08-31 07:53:04 24064 ----a-w- c:\windows\system32\wtsapi32.dll

2011-08-31 07:53:03 258232 ----a-w- c:\windows\system32\drivers\acpi.sys

2011-08-31 07:53:03 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys

2011-08-31 07:53:03 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys

2011-08-31 07:53:03 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys

2011-08-31 07:53:02 28344 ----a-w- c:\windows\system32\drivers\battc.sys

2011-08-31 07:52:59 542720 ----a-w- c:\windows\system32\sysmain.dll

2011-08-31 07:52:23 194560 ----a-w- c:\windows\system32\WebClnt.dll

2011-08-31 07:52:23 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2011-08-31 07:51:54 123904 ----a-w- c:\windows\system32\L2SecHC.dll

2011-08-31 07:51:52 67584 ----a-w- c:\windows\system32\wlanhlp.dll

2011-08-31 07:51:52 502784 ----a-w- c:\windows\system32\wlansvc.dll

2011-08-31 07:51:52 47104 ----a-w- c:\windows\system32\wlanapi.dll

2011-08-31 07:51:52 299520 ----a-w- c:\windows\system32\wlansec.dll

2011-08-31 07:51:52 289280 ----a-w- c:\windows\system32\wlanmsm.dll

2011-08-31 07:51:07 2048 ----a-w- c:\windows\system32\msxml3r.dll

2011-08-31 07:51:07 1260032 ----a-w- c:\windows\system32\msxml3.dll

2011-08-31 07:51:06 2048 ----a-w- c:\windows\system32\msxml6r.dll

2011-08-31 07:51:06 1406464 ----a-w- c:\windows\system32\msxml6.dll

2011-08-31 07:50:26 216576 ----a-w- c:\windows\system32\msv1_0.dll

2011-08-31 07:49:53 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-31 07:49:52 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-08-31 07:49:52 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-08-31 07:49:20 98816 ----a-w- c:\windows\system32\mfps.dll

2011-08-31 07:49:20 52736 ----a-w- c:\windows\system32\rrinstaller.exe

2011-08-31 07:49:20 2855424 ----a-w- c:\windows\system32\mf.dll

2011-08-31 07:49:20 24576 ----a-w- c:\windows\system32\mfpmp.exe

2011-08-31 07:49:20 2048 ----a-w- c:\windows\system32\mferror.dll

2011-08-31 07:48:26 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-31 07:48:26 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-31 07:47:23 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-08-31 07:46:53 71680 ----a-w- c:\windows\system32\atl.dll

2011-08-31 07:46:23 297472 ----a-w- c:\windows\system32\gdi32.dll

2011-08-31 07:45:53 41984 ----a-w- c:\windows\system32\drivers\monitor.sys

2011-08-31 07:45:53 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-08-31 07:44:32 500736 ----a-w- c:\windows\system32\msdtcprx.dll

2011-08-31 07:44:32 30208 ----a-w- c:\windows\system32\xolehlp.dll

2011-08-31 07:44:04 156160 ----a-w- c:\windows\system32\wkssvc.dll

2011-08-31 07:43:33 36352 ----a-w- c:\windows\system32\tsgqec.dll

2011-08-31 07:43:33 116736 ----a-w- c:\windows\system32\aaclient.dll

2011-08-31 07:43:32 1871872 ----a-w- c:\windows\system32\mstscax.dll

2011-08-31 07:42:54 303616 ----a-w- c:\windows\system32\wmpeffects.dll

2011-08-31 07:41:50 713728 ----a-w- c:\windows\system32\timedate.cpl

2011-08-31 07:40:53 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe

2011-08-31 07:40:53 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll

2011-08-31 07:40:52 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll

2011-08-31 07:40:52 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll

2011-08-31 07:39:20 428032 ----a-w- c:\windows\system32\EncDec.dll

2011-08-31 07:39:20 177152 ----a-w- c:\windows\system32\mpg2splt.ax

2011-08-31 07:39:20 1244672 ----a-w- c:\windows\system32\mcmde.dll

2011-08-31 07:39:19 80896 ----a-w- c:\windows\system32\MSNP.ax

2011-08-31 07:39:19 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-08-31 07:39:18 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-08-31 07:39:18 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-08-31 07:39:18 292352 ----a-w- c:\windows\system32\psisdecd.dll

2011-08-31 07:35:54 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-31 07:35:20 696832 ----a-w- c:\windows\system32\localspl.dll

2011-08-31 07:34:26 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys

2011-08-31 07:34:26 21560 ----a-w- c:\windows\system32\drivers\atapi.sys

2011-08-31 07:34:25 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys

2011-08-31 07:34:25 15928 ----a-w- c:\windows\system32\drivers\pciide.sys

2011-08-31 07:34:25 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys

2011-08-31 07:34:25 110136 ----a-w- c:\windows\system32\drivers\ataport.sys

2011-08-31 07:34:06 2923520 ----a-w- c:\windows\explorer.exe

2011-08-31 07:33:38 7680 ----a-w- c:\windows\system32\lsass.exe

2011-08-31 07:33:38 72704 ----a-w- c:\windows\system32\secur32.dll

2011-08-31 07:33:38 494592 ----a-w- c:\windows\system32\kerberos.dll

2011-08-31 07:33:38 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2011-08-31 07:33:38 175104 ----a-w- c:\windows\system32\wdigest.dll

2011-08-31 07:33:37 1233920 ----a-w- c:\windows\system32\lsasrv.dll

2011-08-31 07:33:36 272384 ----a-w- c:\windows\system32\schannel.dll

2011-08-31 07:33:12 24064 ----a-w- c:\windows\system32\netcfg.exe

2011-08-31 07:28:50 1585664 ----a-w- c:\windows\system32\setupapi.dll

2011-08-31 07:26:58 549888 ----a-w- c:\windows\system32\rpcss.dll

2011-08-31 07:25:51 9728 ----a-w- c:\windows\system32\LAPRXY.DLL

2011-08-31 07:25:51 223232 ----a-w- c:\windows\system32\WMASF.DLL

2011-08-31 07:25:51 2048 ----a-w- c:\windows\system32\asferror.dll

2011-08-31 07:25:37 25600 ----a-w- c:\windows\system32\amxread.dll

2011-08-31 07:25:37 14848 ----a-w- c:\windows\system32\apilogen.dll

2011-08-31 07:23:57 2031104 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 07:23:49 14848 ----a-w- c:\windows\system32\wshrm.dll

2011-08-31 07:23:49 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys

2011-08-31 07:22:49 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2011-08-31 07:22:49 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2011-08-31 07:22:49 312320 ----a-w- c:\windows\system32\msdrm.dll

2011-08-31 07:22:49 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2011-08-31 07:22:49 154112 ----a-w- c:\windows\system32\secproc_ssp.dll

2011-08-31 07:22:48 515584 ----a-w- c:\windows\system32\RMActivate.exe

2011-08-31 07:22:48 472576 ----a-w- c:\windows\system32\secproc.dll

2011-08-31 07:22:47 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2011-08-31 07:22:47 473088 ----a-w- c:\windows\system32\secproc_isv.dll

2011-08-31 07:22:30 83968 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-08-31 07:22:29 24576 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-08-31 07:07:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-08-31 07:07:30 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-08-31 07:07:29 1686528 ----a-w- c:\windows\system32\gameux.dll

2011-08-31 07:07:01 996352 ----a-w- c:\windows\system32\WMNetMgr.dll

2011-08-31 07:07:01 94720 ----a-w- c:\windows\system32\logagent.exe

2011-08-31 07:06:38 84480 ----a-w- c:\windows\system32\INETRES.dll

2011-08-31 07:06:38 737792 ----a-w- c:\windows\system32\inetcomm.dll

2011-08-31 07:06:27 60928 ----a-w- c:\windows\system32\msasn1.dll

2011-08-31 07:06:17 1645568 ----a-w- c:\windows\system32\connect.dll

2011-08-31 07:06:04 788992 ----a-w- c:\windows\system32\rpcrt4.dll

2011-08-31 07:05:46 31232 ----a-w- c:\windows\system32\httpapi.dll

2011-08-31 07:05:45 396800 ----a-w- c:\windows\system32\drivers\http.sys

2011-08-31 07:05:45 24064 ----a-w- c:\windows\system32\nshhttp.dll

2011-08-31 07:04:29 321536 ----a-w- c:\windows\system32\WSDApi.dll

2011-08-31 07:04:22 99840 ----a-w- c:\windows\system32\poqexec.exe

2011-08-31 07:04:10 -------- d-----w- c:\program files\MSXML 4.0

2011-08-31 07:03:23 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2011-08-31 07:03:23 22528 ----a-w- c:\windows\system32\msyuv.dll

2011-08-31 07:03:23 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2011-08-31 07:03:22 88576 ----a-w- c:\windows\system32\avifil32.dll

2011-08-31 07:03:22 82944 ----a-w- c:\windows\system32\mciavi32.dll

2011-08-31 07:03:22 65024 ----a-w- c:\windows\system32\avicap32.dll

2011-08-31 07:03:22 31232 ----a-w- c:\windows\system32\msvidc32.dll

2011-08-31 07:03:22 13312 ----a-w- c:\windows\system32\msrle32.dll

2011-08-31 07:03:22 1327616 ----a-w- c:\windows\system32\quartz.dll

2011-08-31 07:03:22 123904 ----a-w- c:\windows\system32\msvfw32.dll

2011-08-31 07:03:07 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-08-30 06:05:02 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2011-08-30 06:04:49 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-08-30 03:44:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-30 03:35:55 -------- d-----w- c:\users\jm\appdata\local\Mozilla

2011-08-30 03:34:05 713016 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2011-08-30 03:34:03 269272 ----a-w- c:\program files\mozilla firefox\updater.exe

2011-08-30 03:34:03 21976 ----a-w- c:\program files\mozilla firefox\plc4.dll

2011-08-30 03:34:03 19416 ----a-w- c:\program files\mozilla firefox\xpcom.dll

2011-08-30 03:34:03 19416 ----a-w- c:\program files\mozilla firefox\plds4.dll

2011-08-30 03:34:03 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-08-30 03:34:03 166872 ----a-w- c:\program files\mozilla firefox\softokn3.dll

2011-08-30 03:34:03 15494104 ----a-w- c:\program files\mozilla firefox\xul.dll

2011-08-30 03:34:03 142296 ----a-w- c:\program files\mozilla firefox\ssl3.dll

2011-08-30 03:34:03 109528 ----a-w- c:\program files\mozilla firefox\smime3.dll

2011-08-30 03:22:48 171520 ----a-w- c:\windows\system32\wintrust.dll

2011-08-30 03:22:42 97792 ----a-w- c:\windows\system32\cabview.dll

2011-08-30 03:21:17 45584 ----a-w- c:\windows\system32\drivers\ssfmonm.sys

2011-08-30 03:21:17 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys

2011-08-30 03:21:17 181008 ----a-w- c:\windows\system32\drivers\ssidrv.sys

2011-08-30 03:18:09 -------- dc-h--w- c:\programdata\{61D227D1-25DF-4A97-9428-6C9A27015CDA}

2011-08-30 03:17:37 2421760 ----a-w- c:\windows\system32\wucltux.dll

2011-08-30 03:17:25 87552 ----a-w- c:\windows\system32\wudriver.dll

2011-08-30 03:17:17 -------- d-----w- c:\program files\Webroot

2011-08-30 03:17:06 33792 ----a-w- c:\windows\system32\wuapp.exe

2011-08-30 03:17:06 171608 ----a-w- c:\windows\system32\wuwebv.dll

2011-08-30 03:16:04 -------- d-----w- c:\programdata\Webroot

2011-08-30 03:16:03 -------- d-----w- c:\users\jm\appdata\local\PackageAware

2011-08-30 03:08:22 -------- d-----w- c:\users\jm\appdata\local\Google

2011-08-30 03:08:20 -------- d-----w- c:\users\jm\appdata\local\MediaDirect

2011-08-30 03:08:07 -------- d-----w- C:\Intel

2011-08-30 03:03:44 -------- d-sh--we C:\Documents and Settings

.

==================== Find3M ====================

.

2011-09-01 07:04:51 62464 ----a-w- c:\windows\system32\l3codeca.acm

2011-09-01 07:04:51 220672 ----a-w- c:\windows\system32\l3codecp.acm

2011-09-01 07:04:36 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui

2011-09-01 07:04:15 8147968 ----a-w- c:\windows\system32\wmploc.DLL

2011-09-01 07:04:13 7680 ----a-w- c:\windows\system32\spwmp.dll

2011-09-01 07:04:12 43520 ----a-w- c:\windows\system32\msdxm.tlb

2011-09-01 07:04:12 4096 ----a-w- c:\windows\system32\msdxm.ocx

2011-09-01 07:04:12 4096 ----a-w- c:\windows\system32\dxmasf.dll

2011-09-01 07:04:12 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2011-09-01 07:04:12 18432 ----a-w- c:\windows\system32\amcompat.tlb

2011-08-31 07:57:37 72704 ----a-w- c:\windows\system32\admparse.dll

2011-08-31 07:57:36 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2011-08-31 07:57:35 832512 ----a-w- c:\windows\system32\wininet.dll

2011-08-31 07:57:29 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-08-31 07:57:29 48128 ----a-w- c:\windows\system32\mshtmler.dll

2011-08-31 07:57:29 389120 ----a-w- c:\windows\system32\html.iec

2011-08-31 07:57:27 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 07:57:24 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-31 07:57:23 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2011-08-31 07:57:20 56320 ----a-w- c:\windows\system32\iesetup.dll

2011-08-31 07:28:14 5632 ----a-w- c:\windows\system32\drivers\en-us\sermouse.sys.mui

2011-08-31 07:26:57 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-08-31 07:25:37 40960 ----a-w- c:\windows\apppatch\apihex86.dll

2011-08-31 07:07:33 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2011-08-31 07:07:32 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-08-31 07:07:31 537600 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-08-31 07:07:31 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-08-31 07:07:31 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 12:50:06.04 ===============

Link to post
Share on other sites

This is indeed a ZeroAccess infection. Please read the following first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Here's the log.

ComboFix 11-09-24.04 - JM 09/25/2011 15:22:29.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.2023 [GMT -4:00]

Running from: c:\users\JM\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\brds.exe

c:\programdata\pxis.exe

c:\programdata\vydq.exe

c:\users\JM\AppData\Local\ddky.exe

c:\users\JM\AppData\Local\hfsn.exe

c:\users\JM\AppData\Local\owxa.exe

c:\users\JM\AppData\Local\yauw.exe

c:\users\JM\AppData\Roaming\Microsoft\Windows\Templates\aedw.exe

c:\users\JM\AppData\Roaming\Microsoft\Windows\Templates\jvia.exe

c:\users\JM\AppData\Roaming\Microsoft\Windows\Templates\lwul.exe

c:\users\JM\AppData\Roaming\Microsoft\Windows\Templates\npey.exe

c:\windows\$NtUninstallKB12056$\1941807962\@

c:\windows\$NtUninstallKB12056$\1941807962\bckfg.tmp

c:\windows\$NtUninstallKB12056$\1941807962\cfg.ini

c:\windows\$NtUninstallKB12056$\1941807962\Desktop.ini

c:\windows\$NtUninstallKB12056$\1941807962\keywords

c:\windows\$NtUninstallKB12056$\1941807962\kwrd.dll

c:\windows\$NtUninstallKB12056$\1941807962\L\qnbwvoto

c:\windows\$NtUninstallKB12056$\1941807962\lsflt7.ver

c:\windows\$NtUninstallKB12056$\1941807962\U\00000001.@

c:\windows\$NtUninstallKB12056$\1941807962\U\00000002.@

c:\windows\$NtUninstallKB12056$\1941807962\U\80000000.@

c:\windows\$NtUninstallKB12056$\1941807962\U\80000032.@

c:\windows\$NtUninstallKB12056$\2026754737

c:\windows\system32\comct332.ocx

c:\windows\$NtUninstallKB12056$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_73bda35a

.

.

((((((((((((((((((((((((( Files Created from 2011-08-25 to 2011-09-25 )))))))))))))))))))))))))))))))

.

.

2011-09-25 19:31 . 2011-09-25 19:31 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F13C3FF6-A8E4-4DAD-A13D-C541E9BF294F}\offreg.dll

2011-09-25 19:29 . 2011-09-25 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-25 03:14 . 2011-09-25 03:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-25 03:12 . 2011-09-25 03:12 -------- d-----w- c:\programdata\Malwarebytes

2011-09-25 03:12 . 2011-09-25 03:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-25 03:12 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-25 01:46 . 2011-09-25 02:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-09-25 01:46 . 2011-09-25 01:46 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-24 23:24 . 2011-09-24 23:24 -------- d-----w- c:\windows\Sun

2011-09-24 22:08 . 2011-09-24 22:08 -------- d--h--w- c:\windows\PIF

2011-09-23 15:49 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F13C3FF6-A8E4-4DAD-A13D-C541E9BF294F}\mpengine.dll

2011-09-20 21:59 . 2011-09-20 21:59 -------- dc----w- c:\windows\system32\DRVSTORE

2011-09-20 21:59 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-09-20 21:59 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-09-20 21:56 . 2011-09-20 21:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-09-20 21:56 . 2011-09-20 21:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-09-20 21:56 . 2011-09-20 21:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-09-20 21:56 . 2011-09-20 21:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-09-20 21:56 . 2011-09-20 21:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-09-20 21:56 . 2011-09-20 21:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-09-20 21:56 . 2011-09-20 21:56 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-09-20 21:52 . 2011-09-20 21:52 -------- d-----w- c:\programdata\Apple

2011-09-12 03:23 . 2011-09-12 03:23 -------- d--h--w- c:\programdata\CanonIJSolutionMenuEX

2011-09-12 03:23 . 2011-09-12 03:23 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2011-09-12 03:23 . 2011-09-12 03:23 -------- d--h--w- c:\programdata\CanonEPP

2011-09-12 03:23 . 2011-09-12 03:23 -------- d--h--w- c:\programdata\CanonIJMyPrinter

2011-09-12 03:22 . 2011-09-17 15:00 -------- d-----w- c:\programdata\CanonIJPLM

2011-09-12 03:21 . 2011-09-12 03:21 -------- d-----w- c:\programdata\Canon IJ Network Tool

2011-09-12 03:21 . 2010-03-18 23:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll

2011-09-12 03:21 . 2010-03-18 21:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll

2011-09-12 03:21 . 2010-03-18 21:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll

2011-09-12 03:21 . 2010-03-18 21:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll

2011-09-12 03:21 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2011-09-12 03:18 . 2011-09-12 03:18 -------- d-----w- c:\programdata\CanonIJMSetup

2011-09-12 03:16 . 2011-09-12 03:16 -------- d-----w- c:\program files\Common Files\CANON

2011-09-12 03:16 . 2011-09-12 03:16 -------- d-----w- c:\programdata\CanonIJWSpt

2011-09-12 03:12 . 2011-09-12 03:12 -------- d--h--w- c:\programdata\CanonBJ

2011-09-12 03:12 . 2010-08-25 09:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL

2011-09-12 03:12 . 2010-08-25 09:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL

2011-09-12 03:11 . 2011-09-12 03:11 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-09-12 03:09 . 2010-08-25 09:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL

2011-09-12 03:09 . 2010-03-11 07:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL

2011-09-12 03:08 . 2011-09-12 03:08 -------- d-----w- c:\windows\system32\STRING

2011-09-12 03:08 . 2010-02-05 09:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL

2011-09-12 03:08 . 2010-02-05 09:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL

2011-09-12 03:06 . 2011-09-12 03:23 -------- d-----w- c:\program files\Canon

2011-09-12 01:37 . 2011-09-12 01:37 -------- d-----w- c:\program files\MSECache

2011-09-08 22:50 . 2011-09-08 23:15 -------- d-----w- c:\programdata\fE21101NcJmL21101

2011-09-07 02:28 . 2011-09-20 21:58 -------- d-----w- c:\program files\iPod

2011-09-07 02:28 . 2011-09-20 21:59 -------- d-----w- c:\program files\iTunes

2011-09-07 02:28 . 2011-09-07 02:29 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-09-07 02:27 . 2011-09-20 21:55 -------- d-----w- c:\program files\QuickTime

2011-09-07 02:27 . 2011-09-20 21:55 -------- d-----w- c:\programdata\Apple Computer

2011-09-07 02:26 . 2011-09-20 21:54 -------- d-----w- c:\program files\Apple Software Update

2011-09-07 02:23 . 2011-09-20 21:52 -------- d-----w- c:\program files\Bonjour

2011-09-07 02:23 . 2011-09-07 02:28 -------- d-----w- c:\program files\Common Files\Apple

2011-09-06 21:11 . 2011-09-06 21:11 -------- d-----w- c:\program files\Common Files\Windows Live

2011-09-06 13:44 . 2011-09-06 13:44 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-09-02 15:15 . 2011-09-08 20:56 -------- d-----w- c:\programdata\Yahoo! Companion

2011-09-02 15:10 . 2011-09-02 14:22 -------- d-----w- c:\programdata\Yahoo!

2011-09-02 15:07 . 2011-09-02 15:15 -------- d-----w- c:\program files\Yahoo!

2011-09-02 15:02 . 2011-09-02 15:02 -------- d-----w- c:\programdata\AIM

2011-09-02 15:02 . 2011-09-02 15:02 -------- d-----w- c:\program files\AIM

2011-09-02 15:02 . 2011-09-02 15:02 -------- d-----w- c:\program files\Common Files\Software Update Utility

2011-09-02 15:02 . 2011-09-02 15:02 -------- d-----w- c:\program files\Common Files\AOL

2011-09-02 06:00 . 2011-09-02 06:00 -------- d-----w- c:\program files\VideoLAN

2011-09-01 07:05 . 2011-09-01 07:05 378368 ----a-w- c:\windows\system32\winhttp.dll

2011-09-01 07:05 . 2011-09-01 07:05 268800 ----a-w- c:\windows\system32\es.dll

2011-09-01 07:03 . 2011-09-01 07:03 66048 ----a-w- c:\program files\Windows Sidebar\sbdrop.dll

2011-09-01 07:03 . 2011-09-01 07:03 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

2011-09-01 07:03 . 2011-09-01 07:03 11776 ----a-w- c:\windows\system32\sbunattend.exe

2011-09-01 07:02 . 2011-09-01 07:02 130048 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-09-01 07:02 . 2011-09-01 07:02 274432 ----a-w- c:\windows\system32\raschap.dll

2011-09-01 07:02 . 2011-09-01 07:02 232960 ----a-w- c:\windows\system32\rastls.dll

2011-08-31 07:59 . 2011-08-31 07:59 156672 ----a-w- c:\windows\system32\t2embed.dll

2011-08-31 07:59 . 2011-08-31 07:59 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-08-31 07:59 . 2011-08-31 07:59 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-08-31 07:59 . 2011-08-31 07:59 289792 ----a-w- c:\windows\system32\atmfd.dll

2011-08-31 07:59 . 2011-08-31 07:59 24064 ----a-w- c:\windows\system32\lpk.dll

2011-08-31 07:59 . 2011-08-31 07:59 10240 ----a-w- c:\windows\system32\dciman32.dll

2011-08-31 07:55 . 2011-08-31 07:55 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll

2011-08-31 07:55 . 2011-08-31 07:55 61440 ----a-w- c:\windows\system32\winipsec.dll

2011-08-31 07:55 . 2011-08-31 07:55 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2011-08-31 07:55 . 2011-08-31 07:55 272896 ----a-w- c:\windows\system32\polstore.dll

2011-08-31 07:55 . 2011-08-31 07:55 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-08-31 07:55 . 2011-08-31 07:55 306688 ----a-w- c:\windows\system32\drivers\srv.sys

2011-08-31 07:54 . 2011-08-31 07:54 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2011-08-31 07:54 . 2011-08-31 07:54 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2011-08-31 07:54 . 2011-08-31 07:54 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2011-08-31 07:54 . 2011-08-31 07:54 15360 ----a-w- c:\windows\system32\netevent.dll

2011-08-31 07:54 . 2011-08-31 07:54 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2011-08-31 07:54 . 2011-08-31 07:54 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2011-08-31 07:54 . 2011-08-31 07:54 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2011-08-31 07:54 . 2011-08-31 07:54 19968 ----a-w- c:\windows\system32\ARP.EXE

2011-08-31 07:54 . 2011-08-31 07:54 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2011-08-31 07:54 . 2011-08-31 07:54 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2011-08-31 07:54 . 2011-08-31 07:54 103936 ----a-w- c:\windows\system32\netiohlp.dll

2011-08-31 07:54 . 2011-08-31 07:54 10240 ----a-w- c:\windows\system32\finger.exe

2011-08-31 07:53 . 2011-08-31 07:53 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr

2011-08-31 07:53 . 2011-08-31 07:53 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll

2011-08-31 07:53 . 2011-08-31 07:53 24064 ----a-w- c:\windows\system32\wtsapi32.dll

2011-08-31 07:53 . 2011-08-31 07:53 258232 ----a-w- c:\windows\system32\drivers\acpi.sys

2011-08-31 07:53 . 2011-08-31 07:53 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys

2011-08-31 07:53 . 2011-08-31 07:53 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys

2011-08-31 07:53 . 2011-08-31 07:53 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys

2011-08-31 07:53 . 2011-08-31 07:53 28344 ----a-w- c:\windows\system32\drivers\battc.sys

2011-08-31 07:52 . 2011-08-31 07:52 542720 ----a-w- c:\windows\system32\sysmain.dll

2011-08-31 07:52 . 2011-08-31 07:52 194560 ----a-w- c:\windows\system32\WebClnt.dll

2011-08-31 07:52 . 2011-08-31 07:52 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2011-08-31 07:51 . 2011-08-31 07:51 123904 ----a-w- c:\windows\system32\L2SecHC.dll

2011-08-31 07:51 . 2011-08-31 07:51 67584 ----a-w- c:\windows\system32\wlanhlp.dll

2011-08-31 07:51 . 2011-08-31 07:51 502784 ----a-w- c:\windows\system32\wlansvc.dll

2011-08-31 07:51 . 2011-08-31 07:51 47104 ----a-w- c:\windows\system32\wlanapi.dll

2011-08-31 07:51 . 2011-08-31 07:51 299520 ----a-w- c:\windows\system32\wlansec.dll

2011-08-31 07:51 . 2011-08-31 07:51 289280 ----a-w- c:\windows\system32\wlanmsm.dll

2011-08-31 07:51 . 2011-08-31 07:51 2048 ----a-w- c:\windows\system32\msxml3r.dll

2011-08-31 07:51 . 2011-08-31 07:51 1260032 ----a-w- c:\windows\system32\msxml3.dll

2011-08-31 07:51 . 2011-08-31 07:51 2048 ----a-w- c:\windows\system32\msxml6r.dll

2011-08-31 07:51 . 2011-08-31 07:51 1406464 ----a-w- c:\windows\system32\msxml6.dll

2011-08-31 07:50 . 2011-08-31 07:50 216576 ----a-w- c:\windows\system32\msv1_0.dll

2011-08-31 07:49 . 2011-08-31 07:49 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-31 07:49 . 2011-08-31 07:49 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-08-31 07:49 . 2011-08-31 07:49 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-08-31 07:49 . 2011-08-31 07:49 98816 ----a-w- c:\windows\system32\mfps.dll

2011-08-31 07:49 . 2011-08-31 07:49 52736 ----a-w- c:\windows\system32\rrinstaller.exe

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-01 07:04 . 2011-09-01 07:04 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui

2011-08-31 07:57 . 2011-08-31 07:57 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2011-08-31 07:28 . 2011-08-31 07:28 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui

2011-08-31 07:28 . 2011-08-31 07:28 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui

2011-08-31 07:28 . 2011-08-31 07:28 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui

2011-08-31 07:28 . 2011-08-31 07:28 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui

2011-08-31 07:28 . 2011-08-31 07:28 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui

2011-08-31 07:28 . 2011-08-31 07:28 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui

2011-08-31 07:25 . 2011-08-31 07:25 40960 ----a-w- c:\windows\apppatch\apihex86.dll

2011-08-31 07:07 . 2011-08-31 07:07 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2011-08-31 07:07 . 2011-08-31 07:07 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-08-31 07:07 . 2011-08-31 07:07 537600 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-08-31 07:07 . 2011-08-31 07:07 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-08-31 07:07 . 2011-08-31 07:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-10 15:43 . 2011-09-10 15:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]

"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]

"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-09-14 1382984]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-2 50688]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2011-5-27 65588]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2011-07-11 45584]

S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-09-14 3381184]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080103

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\JM\AppData\Roaming\Mozilla\Firefox\Profiles\1ols6ld4.default\

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\windows\system32\STacSV.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-09-25 15:38:27 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-25 19:38

.

Pre-Run: 93,425,483,776 bytes free

Post-Run: 93,296,054,272 bytes free

.

- - End Of File - - E3C0A75142DE0B6CC355E2F61EA0AEB8

Link to post
Share on other sites

Hi again, looks like that took care of the infection. Next lets see what files need permissions restored.

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).

* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

Link to post
Share on other sites

* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

How do I run this without using cmd? After I ran that last program you suggested, many of my programs now say that there was an illegal operation on a registration key marked for deletion. They all say that. Firefox, WinRar, cmd, etc... All of the major programs. The only way I was able to get Junction was to download and unzip it on a different computer then transfer it over.

Link to post
Share on other sites

  • 2 weeks later...

Yes, I am still with you.

On second thought, I'm just gonna do a System Reformat and redo everything. I don't wanna take the chance of this happening again.

But just for future reference, is there something I can do to prevent Rootkits from entering my system again? Both my desktop and my laptop had this problem.

Link to post
Share on other sites

Please let me know if you need help with the reformat/reinstall.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.