Jump to content

Recommended Posts

Just a day ago, my computer had a fake "system restore" virus. It hid everything on my desktop and folders and made it so I was unable to open my Task Manager and Regedit. I made a copy of Regedit and renamed it to open that and was able to change it so I could open the Task Manager. After doing this, I was able to kill the processes that prevented me from doing anything so I was able to use my browser to download Malwarebytes and run it. While running Malwarebytes, I found a way to unhide all my hidden files. Malwarebytes found a couple problems and I restarted after having MB fix it.

However, after restarting, I noticed that my desktop was slower when moving icons around. While at first I was able to open programs, I was soon unable to open anything. I tried running the DDS in the instruction thread, but just like all my other programs, I can't run it.

Programs on start up seem to run just fine so I'm still able to run Malwarebytes. I'm currently running it, but I was wondering if there is a way I can get the DDS to run so I can post those logs here.

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_27

Run by mret at 6:53:10 on 2011-11-04

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2758 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol search\AOLSearch.dll

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol search\AOLSearch.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe

uRun: [Google Update] "c:\documents and settings\mret\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [kava] c:\windows\system32\kavo.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\apache2\bin\ApacheMonitor.exe

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: mswsock.dll

Trusted Zone: leagueoflegends.com\ll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: Interfaces\{4E92E20C-EFA9-46E4-A01E-C59C6FD154E7} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mret\application data\mozilla\firefox\profiles\ckyi4abf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110620235015796&tb_oid=21-06-2011&tb_mrud=21-06-2011

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 54586

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\mret\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\mret\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]

S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2011-6-20 13696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-4 366152]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-20 2214504]

S2 SVNService;SVNService;c:\program files\svnservice\SVNService.exe [2007-3-23 24576]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-20 1691480]

S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [2011-8-17 1034240]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-4 22216]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-04 12:45:45 129095 --sh--r- C:\ipy.cmd

2011-11-04 11:48:46 137216 ------w- c:\windows\system32\kavo0.dll

2011-11-04 11:48:46 129095 --sh--r- c:\windows\system32\kavo.exe

2011-11-04 10:24:03 -------- d-----w- c:\documents and settings\mret\application data\Malwarebytes

2011-11-04 10:23:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-04 10:23:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-04 10:23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-04 09:53:24 135680 ----a-w- c:\windows\system32\u324h.exe

2011-11-04 09:48:45 146432 ----a-w- c:\windows\aoeuh.exe

2011-11-04 05:35:01 -------- d-----w- c:\documents and settings\mret\application data\F6E10

2011-11-03 07:27:20 -------- d-----w- c:\program files\common files\Steam

2011-11-03 07:27:19 -------- d-----w- c:\program files\Steam

2011-11-03 07:20:32 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2011-10-30 04:27:46 -------- d-----w- c:\documents and settings\mret\application data\Stellarium

2011-10-30 04:27:32 -------- d-----w- c:\program files\Stellarium

2011-10-10 18:09:40 4550304 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2011-10-02 02:40:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-22 22:40:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-22 22:40:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2008-07-04 22:21:34 129095 --sh--r- c:\windows\system32\kavo.exe

.

============= FINISH: 6:59:37.75 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.