lkjhgfdsa Posted October 31, 2011 ID:490299 Share Posted October 31, 2011 computer contracted a virus the other day. It clamed to be 'system restore' and wanted to run scans and for me to purchase something but instead I went online and downloaded and ran malwarebytes. I'm pretty sure it's gone (hopefully).The virus ended up hiding all my files, desktop icons, and shortcuts within start..I followed the directions given on http://forums.malwarebytes.org//index.php?showtopic=9573so attached are the DDS and Attach reports.Is there anyway to fix it or unhide/get back all thats missing? thanks for you time,lkjhgfdsa.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18813Run by asdfghjkl at 20:19:16 on 2011-10-30Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1428 [GMT -4:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\vfsFPService.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\agrsmsvc.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exeC:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exeC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exeC:\Program Files\Acer\Empowering Technology\Service\ETService.exeC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Acer\Mobility Center\MobilityService.exeC:\Windows\system32\rundll32.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Acer\Acer VCM\RS_Service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exeC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\PLFSetI.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Users\ASDFGH~1\AppData\Local\Temp\RtkBtMnt.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Program Files\Trusteer\Rapport\bin\RapportService.exeC:\Windows\system32\wuauclt.exeC:\PROGRA~1\McAfee\MSC\mcsvrcnt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.bing.com/mStart Page = hxxp://en.us.acer.yahoo.commDefault_Page_URL = hxxp://en.us.acer.yahoo.comuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110901014419.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -schedulermRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hidemRun: [RtHDVCpl] RtHDVCpl.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exemRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [PLFSetI] c:\windows\PLFSetI.exemRun: [eRecoveryService] mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exemRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startupmRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRunOnce: [LogiSPSetupNeedReboot] rundll32.exemRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentuPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exeDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.0.1TCP: Interfaces\{30980EAB-51C5-4D73-93CF-0E7DB106F340} : DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.0.1TCP: Interfaces\{94B7C318-37E5-49C3-81D3-309B28D937FF} : DhcpNameServer = 10.0.0.1Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dllNotify: igfxcui - igfxdev.dllLSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter.============= SERVICES / DRIVERS ===============.R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-3-26 43184]R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-3-21 459728]R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-9-25 56336]R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-12 64648]R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-12 163400]R1 RapportCerberus_32029;RapportCerberus_32029;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\32029\RapportCerberus32_32029.sys [2011-10-18 227312]R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-9-25 70416]R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-9-25 161936]R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-3-26 41456]R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-2-25 21752]R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-3-26 81504]R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-21 24576]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-4 94880]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-12 214904]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-12 214904]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-12 214904]R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-12 165000]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-12 159832]R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-12 148520]R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-2-25 49152]R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-3-26 122368]R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-2-25 131072]R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-9-25 919352]R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-3-26 233472]R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-2-15 595248]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-11 24652]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-12 57432]R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-3-21 54784]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-21 179248]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-21 59288]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-12 337912]R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-2-15 40752]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-1 133104]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-12 85984]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-21 34248]S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-21 40552].=============== Created Last 30 ================.2011-10-30 23:08:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-10-30 18:40:04 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e75489b9-4c7a-493c-a440-15ac6b9bef14}\offreg.dll2011-10-29 18:38:19 -------- d-----w- c:\users\asdfghjkl\appdata\roaming\Malwarebytes2011-10-29 18:38:07 -------- d-----w- c:\programdata\Malwarebytes2011-10-29 18:38:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-10-29 03:54:58 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e75489b9-4c7a-493c-a440-15ac6b9bef14}\mpengine.dll.==================== Find3M ====================.2011-10-20 20:36:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-09-25 23:00:08 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys.============= FINISH: 20:28:45.28 ===============DDS.txtAttach.txt Link to post Share on other sites More sharing options...
LDTate Posted November 1, 2011 ID:491043 Share Posted November 1, 2011 Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs for these tools, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.I suggest you do this:Download unhide.exe & save it to your windows folder: Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7) RebootThis will unhide folders/files that were set to be hidden by the infection you had.Let me know if that solved your problem. Link to post Share on other sites More sharing options...
LDTate Posted November 5, 2011 ID:491940 Share Posted November 5, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts