Jump to content

Infection?


Kyo
 Share

Recommended Posts

Right, so recently, I restored my computer due to Avast finding a couple of viruses during a scan (didn't bother looking into how to remove them).

Once I finished restoring the computer, I went along and downloaded the free version of Malwarebytes and SUPERAntispyware. All was well for a few days, but I noticed that Malwarebytes was blocking quite a few incoming IP's. Only tonight has the program started to pick up outgoing IP's. I figured this isn't normal, and I should reach out for help. I scanned with Malwarebytes (Quick Scan) first, but I found nothing. Just to be safe though, I came here and followed the steps found in the sticky.

I'll attach the DDS logs to this post.

Please Ignore the last two attachments. I had Avast running and I'm fairly certain that messed with the results.

We look for post with 0 replies, so when you posted to your own log, we assumed you were being helped.

Don't reply to you're own topic. Wait for someone to help

Okay... someone deleted my second post and cluster the two. Please Download THE SECOND PAIR of attachments, not the first. I didn't have an edit verb. :T

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01

Run by Me at 21:42:52 on 2011-11-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.85 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

.

============== Pseudo HJT Report ===============

.

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{1D10BD5F-7C7B-4897-9DCE-32CB2C89676D} : DhcpNameServer = 68.87.73.246 68.87.71.230

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\me\application data\mozilla\firefox\profiles\f6qp92fc.default\

FF - plugin: c:\program files\byond\bin\npbyond.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-4 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-4 320856]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-4 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-4 44768]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-6 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-6 22216]

R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-11-4 254720]

R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-11-4 398720]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-4 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-4 136176]

.

=============== Created Last 30 ================

.

2011-11-11 02:20:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-06 15:37:34 -------- d-----w- c:\program files\Smart-ActiveX

2011-11-06 15:30:54 -------- d-----w- c:\windows\pss

2011-11-06 15:11:16 -------- d-sh--w- c:\documents and settings\me\PrivacIE

2011-11-06 14:50:58 -------- d-----w- c:\documents and settings\me\Shared

2011-11-06 14:50:58 -------- d-----w- c:\documents and settings\me\Incomplete

2011-11-06 14:48:57 69632 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-06 14:40:46 -------- d-----w- c:\documents and settings\me\application data\MP3Rocket

2011-11-06 14:40:30 -------- d-----w- c:\program files\MP3 Rocket

2011-11-06 10:02:14 -------- d-----w- c:\documents and settings\me\application data\Malwarebytes

2011-11-06 10:01:14 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-06 10:00:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-06 10:00:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-06 09:52:36 -------- d-----w- c:\documents and settings\me\application data\SUPERAntiSpyware.com

2011-11-06 09:51:55 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-06 09:51:55 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-11-05 18:36:40 135168 ----a-w- c:\windows\system32\igfxres.dll

2011-11-05 03:44:41 -------- d-----w- c:\program files\BYOND

2011-11-05 01:40:37 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-11-05 01:39:53 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-11-05 01:39:10 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-11-05 01:38:04 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-11-05 01:38:02 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-11-05 01:35:46 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-11-05 01:35:40 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-11-04 14:55:51 -------- d-----w- c:\windows\VMUVC

2011-11-04 14:55:37 73728 ----a-w- c:\windows\system32\exvmuvc.ax

2011-11-04 14:55:37 254720 ----a-w- c:\windows\system32\drivers\VMUVC.sys

2011-11-04 14:55:37 188416 ----a-w- c:\windows\system32\vvftUVC.ax

2011-11-04 14:55:36 98304 ----a-w- c:\windows\system32\VMCtrl.ax

2011-11-04 14:55:36 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll

2011-11-04 14:55:36 516096 ----a-w- c:\windows\system32\VMUVC.ax

2011-11-04 14:55:36 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys

2011-11-04 14:55:36 11776 ----a-w- c:\windows\system32\VMUVC.dll

2011-11-04 14:55:31 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2011-11-04 14:55:24 -------- d-----w- c:\program files\Vimicro Corporation

2011-11-04 09:37:16 -------- d-----w- c:\program files\CCleaner

2011-11-04 09:35:16 -------- d-----w- c:\documents and settings\me\local settings\application data\Temp

2011-11-04 09:34:56 -------- d-----w- c:\documents and settings\me\local settings\application data\Google

2011-11-04 08:35:49 -------- d-sh--w- c:\documents and settings\me\IETldCache

2011-11-04 08:34:01 -------- d-----w- c:\documents and settings\me\application data\Toribash

2011-11-04 08:33:14 -------- d-----w- C:\Games

2011-11-04 08:33:12 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-11-04 08:32:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-04 08:30:35 -------- d-----w- c:\windows\ie8updates

2011-11-04 08:29:39 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-11-04 08:29:38 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-11-04 08:29:38 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-11-04 08:29:38 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-11-04 08:29:38 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-11-04 08:29:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-11-04 08:29:36 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll

2011-11-04 08:27:51 -------- dc-h--w- c:\windows\ie8

2011-11-04 08:06:00 -------- d-----w- c:\windows\system32\scripting

2011-11-04 08:06:00 -------- d-----w- c:\windows\l2schemas

2011-11-04 08:05:59 -------- d-----w- c:\windows\system32\en

2011-11-04 08:05:59 -------- d-----w- c:\windows\system32\bits

2011-11-04 08:01:48 -------- d-----w- c:\windows\network diagnostic

2011-11-04 07:56:09 -------- d-----w- c:\windows\EHome

2011-11-04 07:52:05 -------- d-----r- c:\program files\Skype

2011-11-04 07:33:43 -------- d-----w- c:\windows\ServicePackFiles

2011-11-04 07:26:57 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys

2011-11-04 07:26:57 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys

2011-11-04 07:26:57 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys

2011-11-04 07:22:54 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-04 07:22:14 41184 ----a-w- c:\windows\avastSS.scr

2011-11-04 07:21:50 -------- d-----w- c:\program files\AVAST Software

2011-11-04 07:21:50 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-11-04 07:13:19 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-11-04 07:13:19 272128 ------w- c:\windows\system32\drivers\bthport.sys

2011-11-04 07:13:12 357888 -c----w- c:\windows\system32\dllcache\srv.sys

2011-11-04 07:13:06 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2011-11-04 07:12:50 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2011-11-04 07:12:50 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2011-11-04 07:12:38 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2011-11-04 07:09:47 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-11-04 07:08:52 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-11-04 07:08:45 -------- d-----w- c:\documents and settings\me\application data\Paltalk

2011-11-04 07:08:39 -------- d-----w- c:\windows\Paltalk Messenger

2011-11-04 07:08:38 -------- d-----w- c:\program files\Paltalk Messenger

2011-11-04 06:41:33 24064 ----a-w- c:\windows\system32\IntelNic.dll

2011-11-04 06:41:33 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys

2011-11-04 06:41:33 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys

2011-11-04 06:41:33 12288 ----a-w- c:\windows\system32\e100bmsg.dll

2011-11-04 06:41:33 118784 ----a-w- c:\windows\system32\Prounstl.exe

2011-11-04 06:41:33 -------- d-----w- C:\drvrtmp

2011-11-04 06:40:07 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2011-11-04 06:40:06 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2011-11-04 06:40:05 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2011-11-04 06:40:01 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys

2011-11-04 06:38:17 -------- d-----w- c:\windows\system32\ReinstallBackups

2011-11-04 06:37:25 -------- d-----w- c:\program files\Broadcom

2011-11-04 06:36:13 618880 ----a-w- c:\windows\system32\drivers\IntelC52.sys

2011-11-04 06:36:13 49152 ----a-w- c:\windows\system32\mhwt.dll

2011-11-04 06:36:13 47360 ----a-w- c:\windows\system32\drivers\IntelC53.sys

2011-11-04 06:36:13 36880 ----a-w- c:\windows\system32\drivers\mohfilt.sys

2011-11-04 06:36:13 172032 ----a-w- c:\windows\system32\intelmoh.dll

2011-11-04 06:36:13 1339776 ----a-w- c:\windows\system32\drivers\IntelC51.sys

2011-11-04 06:08:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-11-04 06:08:28 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2011-11-04 06:04:09 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2011-11-04 06:04:09 -------- d-----w- c:\windows\system32\PreInstall

2011-11-04 06:04:08 -------- d--h--w- c:\windows\$hf_mig$

2011-11-04 06:01:13 -------- d-----w- c:\windows\system32\SoftwareDistribution

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 21:44:58.31 ===============

dds.txt

attach.txt

dds.txt

attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

MBAM Log;

ComboFix Log;

ComboFix 11-11-19.01 - Me 11/19/2011 2:59.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.416 [GMT -5:00]

Running from: c:\documents and settings\Me\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\drvrtmp

.

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))

.

.

2011-11-17 16:31 . 2011-11-17 16:31 -------- d-----w- C:\Perfect World Entertainment

2011-11-04 08:33 . 2011-11-04 08:33 -------- d-----w- C:\Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-28 07:06 . 2004-08-12 13:56 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2004-08-12 14:02 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2004-08-12 14:02 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-08-12 13:59 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2004-08-12 13:57 385024 ------w- c:\windows\system32\html.iec

2011-11-10 19:20 . 2011-11-04 08:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\documents and settings\Me\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-17 3303000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-03-14 08:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-11-14 02:13 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]

2008-08-29 21:27 143360 ----a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BYOND\\bin\\byond.exe"=

"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

"c:\\Documents and Settings\\Me\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1058:TCP"= 1058:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/4/2011 2:22 AM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2011 2:22 AM 320856]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/12/2004 9:06 AM 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2011 2:22 AM 20568]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 2:44 AM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 2:44 AM 22216]

R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [11/4/2011 9:55 AM 254720]

R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [11/4/2011 9:55 AM 398720]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2011 4:34 AM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2011 4:34 AM 136176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 09:34]

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 09:34]

.

2011-11-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\f6qp92fc.default\

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-UIUCU - c:\docume~1\Me\LOCALS~1\Temp\UIUCU.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-19 03:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(676)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(4072)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-11-19 03:13:34 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-19 08:13

.

Pre-Run: 17,162,739,712 bytes free

Post-Run: 17,130,532,864 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - C785BEF05E928F38E40CAFEFCA964704

DDS will be attached below.

Link to post
Share on other sites

Ah! Sorry! I forgot to add the MBAM log, and the lack of edit verb annoys me.

MBAM Log;

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8192

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/19/2011 3:22:10 AM

mbam-log-2011-11-19 (03-22-10).txt

Scan type: Quick scan

Objects scanned: 142622

Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix Log;

ComboFix 11-11-19.01 - Me 11/19/2011 2:59.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.416 [GMT -5:00]

Running from: c:\documents and settings\Me\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\drvrtmp

.

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))

.

.

2011-11-17 16:31 . 2011-11-17 16:31 -------- d-----w- C:\Perfect World Entertainment

2011-11-04 08:33 . 2011-11-04 08:33 -------- d-----w- C:\Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-28 07:06 . 2004-08-12 13:56 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2004-08-12 14:02 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2004-08-12 14:02 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2004-08-12 14:09 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-08-12 13:59 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2004-08-12 13:57 385024 ------w- c:\windows\system32\html.iec

2011-11-10 19:20 . 2011-11-04 08:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\documents and settings\Me\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-17 3303000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 14:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 14:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-09-20 14:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-03-14 08:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-11-14 02:13 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]

2008-08-29 21:27 143360 ----a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BYOND\\bin\\byond.exe"=

"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

"c:\\Documents and Settings\\Me\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1058:TCP"= 1058:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/4/2011 2:22 AM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2011 2:22 AM 320856]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/12/2004 9:06 AM 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/4/2011 2:22 AM 20568]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/19/2011 2:44 AM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/19/2011 2:44 AM 22216]

R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [11/4/2011 9:55 AM 254720]

R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [11/4/2011 9:55 AM 398720]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2011 4:34 AM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2011 4:34 AM 136176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 09:34]

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-04 09:34]

.

2011-11-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 68.87.73.246 68.87.71.230

FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\f6qp92fc.default\

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-UIUCU - c:\docume~1\Me\LOCALS~1\Temp\UIUCU.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-19 03:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(676)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(4072)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-11-19 03:13:34 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-19 08:13

.

Pre-Run: 17,162,739,712 bytes free

Post-Run: 17,130,532,864 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - C785BEF05E928F38E40CAFEFCA964704

DDS will be attached below.

dds.txt

Link to post
Share on other sites

  • Staff

Hi,

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis and/or Ask Toolbar to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.