dusktilldawnll Posted November 14, 2011 ID:494415 Share Posted November 14, 2011 Hello. I am playing computer repairman on my Mother In Law's laptop. I believe it is infected. Tried to run Malware. Runs for about 5-10 seconds, then program shuts down. I downloaded the dds program. Here is the txt for DDS and ATTACH (I am very inexperienced at repairing infected computers, so I apologize in advance for my inexperience....)DDS:.DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 8.0.6001.18702Run by Owner at 23:48:45 on 2011-11-13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2488 [GMT -5:00].AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}.============== Running Processes ===============.C:\WINDOWS\995229625:1174449860.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exe"C:\WINDOWS\system32\svchost.exe"C:\Program Files\Internet Explorer\iexplore.exe.============== Pseudo HJT Report ===============.uWindow Title = Windows Internet Explorer provided by Yahoo!uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uInternet Settings,ProxyOverride = *.localuWinlogon: Shell=c:\documents and settings\owner\local settings\application data\b9ff513b\XBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [smileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [vptray] c:\progra~1\symant~1\VPTray.exemRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exemRun: [sunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe"mRun: [eligmini] c:\program files\fisher-price\easy-link internet launch pad\Easy-Link internet launch pad.exe 0mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllLSP: mswsock.dllDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.07/uploader2.cabDPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219415860750DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Owner/Application%20Data/Smilebox/OzDesktopImporter.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabNotify: igfxcui - igfxdev.dllNotify: NavLogon - c:\windows\system32\NavLogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12Hosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-8-22 48472]R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-8-22 43480]S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]S2 HPFECP16;HPFECP16;c:\windows\system32\drivers\HPFecp16.sys [1998-7-1 52800]S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-2 105592]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111017.003\naveng.sys [2011-10-18 86136]S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111017.003\navex15.sys [2011-10-18 1576312]S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952].=============== Created Last 30 ================.2011-11-14 01:25:46 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys2011-11-14 01:25:46 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys2011-10-18 18:52:19 -------- d-sh--w- c:\documents and settings\owner\local settings\application data\b9ff513b.==================== Find3M ====================.2011-11-14 04:23:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2003-03-31 12:00:00 94784 --sh--w- c:\windows\twain.dll2004-08-04 05:56:48 50688 --sh--w- c:\windows\twain_32.dll2004-08-04 05:56:44 1028096 --sh--w- c:\windows\system32\mfc42.dll2004-08-04 05:56:44 54784 --sh--w- c:\windows\system32\msvcirt.dll2004-08-04 05:56:44 413696 --sh--w- c:\windows\system32\msvcp60.dll2004-08-04 05:56:44 343040 --sh--w- c:\windows\system32\msvcrt.dll2007-12-04 18:38:13 550912 --sh--w- c:\windows\system32\oleaut32.dll2004-08-04 05:56:46 83456 --sh--w- c:\windows\system32\olepro32.dll2004-08-04 05:56:56 11776 --sh--w- c:\windows\system32\regsvr32.exe.============= FINISH: 23:49:40.25 ===============ATTACH:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 8/22/2008 7:13:32 AMSystem Uptime: 11/13/2011 11:19:07 PM (0 hours ago).Motherboard: Dell Inc. | | 0M277CProcessor: Intel® Core2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1994/800mhzProcessor: Intel® Core2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1994/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 149 GiB total, 107.159 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Parallel DeviceDevice ID: ROOT\LEGACY_HPFECP16\0000Manufacturer: Name: Parallel DevicePNP Device ID: ROOT\LEGACY_HPFECP16\0000Service: HPFECP16.==== System Restore Points ===================.RP874: 8/8/2011 4:19:14 AM - System CheckpointRP875: 8/9/2011 5:19:14 AM - System CheckpointRP876: 8/10/2011 3:00:15 AM - Software Distribution Service 3.0RP877: 8/11/2011 3:19:14 AM - System CheckpointRP878: 8/12/2011 4:19:15 AM - System CheckpointRP879: 8/13/2011 5:19:14 AM - System CheckpointRP880: 8/14/2011 6:19:14 AM - System CheckpointRP881: 8/15/2011 7:19:14 AM - System CheckpointRP882: 8/16/2011 8:19:16 AM - System CheckpointRP883: 8/17/2011 9:19:17 AM - System CheckpointRP884: 8/18/2011 10:19:15 AM - System CheckpointRP885: 8/19/2011 11:19:17 AM - System CheckpointRP886: 8/20/2011 12:19:24 PM - System CheckpointRP887: 8/21/2011 1:19:14 PM - System CheckpointRP888: 8/22/2011 2:19:17 PM - System CheckpointRP889: 8/23/2011 3:19:14 PM - System CheckpointRP890: 8/24/2011 4:19:17 PM - System CheckpointRP891: 8/25/2011 5:46:13 PM - System CheckpointRP892: 8/26/2011 6:19:14 PM - System CheckpointRP893: 8/27/2011 7:19:14 PM - System CheckpointRP894: 8/28/2011 8:19:14 PM - System CheckpointRP895: 8/29/2011 9:19:17 PM - System CheckpointRP896: 8/30/2011 10:19:14 PM - System CheckpointRP897: 8/31/2011 11:19:14 PM - System CheckpointRP898: 9/2/2011 12:19:17 AM - System CheckpointRP899: 9/3/2011 6:05:17 PM - System CheckpointRP900: 9/4/2011 6:29:45 PM - System CheckpointRP901: 9/5/2011 7:29:45 PM - System CheckpointRP902: 9/6/2011 8:41:10 PM - System CheckpointRP903: 9/7/2011 11:20:30 PM - System CheckpointRP904: 9/8/2011 11:29:45 PM - System CheckpointRP905: 9/10/2011 11:17:01 AM - System CheckpointRP906: 9/11/2011 11:54:36 AM - System CheckpointRP907: 9/15/2011 2:40:41 PM - System CheckpointRP908: 9/16/2011 3:00:15 AM - Software Distribution Service 3.0RP909: 9/17/2011 3:45:18 AM - System CheckpointRP910: 9/18/2011 4:45:18 AM - System CheckpointRP911: 9/19/2011 5:45:18 AM - System CheckpointRP912: 9/20/2011 6:45:18 AM - System CheckpointRP913: 9/20/2011 2:59:09 PM - Installed Windows Internet Explorer 8.RP914: 9/20/2011 3:00:40 PM - Software Distribution Service 3.0RP915: 9/21/2011 3:00:15 AM - Software Distribution Service 3.0RP916: 9/22/2011 3:22:20 AM - System CheckpointRP917: 9/23/2011 4:22:19 AM - System CheckpointRP918: 9/24/2011 5:22:19 AM - System CheckpointRP919: 9/25/2011 6:22:19 AM - System CheckpointRP920: 9/26/2011 7:22:20 AM - System CheckpointRP921: 9/27/2011 8:22:20 AM - System CheckpointRP922: 9/28/2011 9:22:22 AM - System CheckpointRP923: 9/29/2011 3:00:14 AM - Software Distribution Service 3.0RP924: 9/30/2011 3:22:19 AM - System CheckpointRP925: 10/1/2011 4:22:19 AM - System CheckpointRP926: 10/2/2011 5:22:20 AM - System CheckpointRP927: 10/3/2011 10:11:21 AM - System CheckpointRP928: 10/11/2011 10:13:43 AM - System CheckpointRP929: 10/12/2011 10:33:07 AM - System CheckpointRP930: 10/13/2011 3:00:14 AM - Software Distribution Service 3.0RP931: 10/14/2011 3:24:06 AM - System CheckpointRP932: 10/15/2011 4:24:05 AM - System CheckpointRP933: 10/16/2011 5:23:01 AM - System CheckpointRP934: 10/17/2011 6:18:52 AM - System CheckpointRP935: 10/18/2011 7:18:54 AM - System CheckpointRP936: 10/19/2011 7:32:34 AM - System CheckpointRP937: 10/20/2011 8:18:03 AM - System CheckpointRP938: 10/21/2011 9:18:03 AM - System CheckpointRP939: 10/28/2011 10:05:32 AM - System CheckpointRP940: 11/1/2011 12:16:28 PM - System CheckpointRP941: 11/5/2011 6:44:31 PM - System Checkpoint.==== Installed Programs ======================.Adobe Flash Player 10 ActiveXAdobe Reader 7.0.8Adobe Shockwave Player 11.5Apple Application SupportApple Mobile Device SupportApple Software UpdateATT-PRT22BabysitterBonjourCanon Camera Access LibraryCanon DIGITAL CAMERA Solution Disk Software GuideCANON iMAGE GATEWAY MyCamera Download PluginCANON iMAGE GATEWAY Task for ZoomBrowser EXCanon Internet Library for ZoomBrowser EXCanon MOV DecoderCanon MOV EncoderCanon MovieEdit Task for ZoomBrowser EXCanon Personal Printing GuideCanon PowerShot SX30 IS Camera User GuideCanon Utilities CameraWindow DC 8Canon Utilities CameraWindow LauncherCanon Utilities Movie Uploader for YouTubeCanon Utilities MyCameraCanon Utilities PhotoStitchCanon Utilities ZoomBrowser EXCanon ZoomBrowser EX Memory Card UtilityCCleaner (remove only)Compatibility Pack for the 2007 Office systemCritical Update for Windows Media Player 11 (KB959772)Dell TouchpadDell Wireless WLAN CardDisney Princess Royal Horse ShowEasy-Link internet launch padFashion CrazeGoogle Toolbar for Internet ExplorerGoogle Update HelperHappy Tails Animal ShelterHigh Definition Audio Driver Package - KB888111Hotfix for Microsoft .NET Framework 3.0 (KB932471)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB896344)Hotfix for Windows XP (KB914440)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB915865)Hotfix for Windows XP (KB926239)Hotfix for Windows XP (KB935448)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP DeskJet 690C Series (Remove only)HP Photo Printing Softwarehp psc 700 seriesHP Share-to-WebIntel® Graphics Media Accelerator DriveriTunesJ2SE Runtime Environment 5.0 Update 11JumpStart Advanced Language ClubJumpStart Animal Field TripKODAK EASYSHARE Gallery Upload ActiveX ControlLiveUpdate 3.0 (Symantec Corporation)Malwarebytes' Anti-Malware version 1.51.2.1300Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft English TTS EngineMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5Microsoft National Language Support Downlevel APIsMicrosoft Office Professional Edition 2003Microsoft Streets & Trips 2007 with GPS LocatorMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMobileMe Control PanelMSNMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6 Service Pack 2 (KB973686)O2Micro Flash Memory Card Reader Driver (x86)PowerDVDPublix Preschool PalsPutt Putt Saves the ZooQuickTimeREALTEK GbE & FE Ethernet PCI-E NIC DriverRealtek High Definition Audio DriverRoxio Easy Media CreatorSecurity Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows Media Player 9 (KB936782)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB890046)Security Update for Windows XP (KB893756)Security Update for Windows XP (KB896358)Security Update for Windows XP (KB896423)Security Update for Windows XP (KB896428)Security Update for Windows XP (KB899587)Security Update for Windows XP (KB899591)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB901214)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB908519)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB911927)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914388)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB918118)Security Update for Windows XP (KB918439)Security Update for Windows XP (KB920213)Security Update for Windows XP (KB920670)Security Update for Windows XP (KB920683)Security Update for Windows XP (KB920685)Security Update for Windows XP (KB923191)Security Update for Windows XP (KB923414)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923980)Security Update for Windows XP (KB924270)Security Update for Windows XP (KB924496)Security Update for Windows XP (KB924667)Security Update for Windows XP (KB925902)Security Update for Windows XP (KB926255)Security Update for Windows XP (KB926436)Security Update for Windows XP (KB927779)Security Update for Windows XP (KB927802)Security Update for Windows XP (KB928255)Security Update for Windows XP (KB928843)Security Update for Windows XP (KB929123)Security Update for Windows XP (KB930178)Security Update for Windows XP (KB931261)Security Update for Windows XP (KB931784)Security Update for Windows XP (KB932168)Security Update for Windows XP (KB933729)Security Update for Windows XP (KB935839)Security Update for Windows XP (KB935840)Security Update for Windows XP (KB936021)Security Update for Windows XP (KB937894)Security Update for Windows XP (KB938127)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB941693)Security Update for Windows XP (KB943055)Security Update for Windows XP (KB943460)Security Update for Windows XP (KB943485)Security Update for Windows XP (KB944338-v2)Security Update for Windows XP (KB944653)Security Update for Windows XP (KB945553)Security Update for Windows XP (KB946026)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB948590)Security Update for Windows XP (KB950749)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953838)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971032)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB981349)Sesame Street - Let's Go To PreschoolSmileboxSpybot - Search & DestroySupermarket ManiaSymantec AntiVirusSynaptics Pointing Device DriverTTS WrapperUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 7 (KB976749)Update for Windows Internet Explorer 7 (KB980182)Update for Windows Internet Explorer 8 (KB976662)Update for Windows XP (KB894391)Update for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB904942)Update for Windows XP (KB908531)Update for Windows XP (KB910437)Update for Windows XP (KB911280)Update for Windows XP (KB916595)Update for Windows XP (KB920872)Update for Windows XP (KB922582)Update for Windows XP (KB925720)Update for Windows XP (KB925876)Update for Windows XP (KB927891)Update for Windows XP (KB930916)Update for Windows XP (KB932823-v3)Update for Windows XP (KB936357)Update for Windows XP (KB938828)Update for Windows XP (KB943729)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951618-v2)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)WeatherBugWebFldrs XPWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Installer 3.1 (KB893803)Windows Internet Explorer 7Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Format SDK Hotfix - KB891122Windows Media Player 11Windows Presentation FoundationWindows Search 4.0Windows XP Hotfix - KB873339Windows XP Hotfix - KB885835Windows XP Hotfix - KB885836Windows XP Hotfix - KB886185Windows XP Hotfix - KB887472Windows XP Hotfix - KB888302Windows XP Hotfix - KB890859Windows XP Hotfix - KB891781Wireless USB CardXML Paper Specification Shared Components Pack 1.0Yahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.11/13/2011 9:13:20 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}11/13/2011 9:13:20 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service YahooAUService with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}11/13/2011 8:41:01 PM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the file specified.11/13/2011 8:41:01 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The system cannot find the file specified.11/13/2011 8:41:01 PM, error: Service Control Manager [7000] - The Dell Wireless WLAN Tray Service service failed to start due to the following error: The system cannot find the file specified.11/13/2011 8:40:58 PM, error: NIC1394 [5002] - 1394 Net Adapter : Has determined that the adapter is not functioning properly.11/13/2011 8:38:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SAVRT SAVRTPEL SYMTDI11/13/2011 8:28:21 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.11/13/2011 11:19:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}.==== End Of File ===========================Thanks in advance for your help.Chris Link to post Share on other sites More sharing options...
Maniac Posted November 14, 2011 ID:494552 Share Posted November 14, 2011 Hello Chris! My name is Maniac and I will be glad to help you solve your malware problem.Please note:I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/paste in your next reply.Please follow the instructions here to run ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofix#useWhen you are ready, please post the log.txt in your next reply. Link to post Share on other sites More sharing options...
dusktilldawnll Posted November 15, 2011 Author ID:494685 Share Posted November 15, 2011 Hello Maniac. Thanks a lot for your help in this matter. See log report:ComboFix 11-11-14.03 - Owner 11/14/2011 22:05:38.1.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2401 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}.WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\Uc:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\U\80000000.@c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\U\800000cb.@c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\U\800000cf.@c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\Xc:\documents and settings\Owner\My Documents\icwx25a.dunc:\program files\Common Files\System\Uninstallc:\windows\$NtUninstallKB5947$c:\windows\$NtUninstallKB5947$\1373067589c:\windows\$NtUninstallKB5947$\3120517435\@c:\windows\$NtUninstallKB5947$\3120517435\L\omwfxmijc:\windows\$NtUninstallKB5947$\3120517435\loader.tlbc:\windows\$NtUninstallKB5947$\3120517435\U\@00000001c:\windows\$NtUninstallKB5947$\3120517435\U\@000000c0c:\windows\$NtUninstallKB5947$\3120517435\U\@000000cbc:\windows\$NtUninstallKB5947$\3120517435\U\@000000cfc:\windows\$NtUninstallKB5947$\3120517435\U\@80000000c:\windows\$NtUninstallKB5947$\3120517435\U\@800000c0c:\windows\$NtUninstallKB5947$\3120517435\U\@800000cbc:\windows\$NtUninstallKB5947$\3120517435\U\@800000cfc:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}c:\windows\995229625c:\windows\system32\ c:\windows\system32\c_75746.nls.Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected Restored copy from - The cat found it .((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_b9ff513b..((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))..2011-11-15 02:58 . 2010-02-24 13:11 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-11-14 23:16 . 2011-11-14 23:17 -------- d-----w- C:\a8532bab8cd41525a92011-11-14 01:58 . 2011-11-14 01:58 -------- d-----w- c:\documents and settings\Administrator2011-11-14 01:25 . 2004-08-04 04:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys2011-11-14 01:25 . 2004-08-04 04:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys2011-11-01 16:45 . 2011-11-01 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE2011-11-01 16:45 . 2011-11-01 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache2011-10-18 18:52 . 2011-11-15 03:15 -------- d-sh--w- c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-14 04:23 . 2011-06-26 16:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-08-31 22:00 . 2011-06-26 16:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2003-03-31 12:00 94784 --sh--w- c:\windows\twain.dll2004-08-04 05:56 50688 --sh--w- c:\windows\twain_32.dll2004-08-04 05:56 1028096 --sh--w- c:\windows\system32\mfc42.dll2004-08-04 05:56 54784 --sh--w- c:\windows\system32\msvcirt.dll2004-08-04 05:56 413696 --sh--w- c:\windows\system32\msvcp60.dll2004-08-04 05:56 343040 --sh--w- c:\windows\system32\msvcrt.dll2007-12-04 18:38 550912 --sh--w- c:\windows\system32\oleaut32.dll2004-08-04 05:56 83456 --sh--w- c:\windows\system32\olepro32.dll2004-08-04 05:56 11776 --sh--w- c:\windows\system32\regsvr32.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2011-09-29 313160]"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-01-17 109304]"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-03-16 487424]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736].c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkbackup=c:\windows\pss\Windows Search.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 22:43 69632 ----a-w- c:\windows\Alcmtr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]2007-12-14 15:44 159744 ----a-w- c:\program files\DellTPad\Apoint.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]2007-10-09 23:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2004-08-04 05:56 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]2008-01-09 21:01 166424 ----a-w- c:\windows\system32\hkcmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]2008-01-09 21:02 141848 ----a-w- c:\windows\system32\igfxtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]2008-01-09 21:02 137752 ----a-w- c:\windows\system32\igfxpers.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2007-11-06 14:50 16855552 ----a-w- c:\windows\RTHDCPL.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2007-06-27 15:38 888832 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"="c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"="c:\\Program Files\\AWS\\WeatherBug\\Weather.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"="c:\\WINDOWS\\system32\\WgaTray.exe"="c:\\Documents and Settings\\Owner\\Application Data\\Smilebox\\SmileboxTray.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"=.R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/2/2011 7:02 AM 105592]R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [8/22/2008 8:21 AM 48472]R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [8/22/2008 8:21 AM 43480]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 11:47 AM 135664]S2 HPFECP16;HPFECP16;c:\windows\system32\drivers\HPFecp16.sys [7/1/1998 1:55 AM 52800]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 11:47 AM 135664]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 5:34 AM 115952].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57].2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:52].2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:52]..------- Supplementary Scan -------.uStart Page = hxxp://forums.malwarebytes.org/mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Owner/Application%20Data/Smilebox/OzDesktopImporter.cab.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-11-14 22:20Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... ..c:\windows\system32\wbem\Performance\WmiApRpl_new.h 738 bytes.scan completed successfullyhidden files: 1.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(3216)c:\windows\system32\WININET.dllc:\progra~1\WINDOW~2\wmpband.dllc:\windows\system32\webcheck.dllc:\windows\system32\IEFRAME.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Symantec Shared\ccSetMgr.exec:\program files\Common Files\Symantec Shared\ccEvtMgr.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Symantec AntiVirus\DefWatch.exec:\program files\Common Files\Motive\McciCMService.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\O2Micro Flash Memory Card Driver\o2flash.exec:\program files\Canon\CAL\CALMAIN.exec:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exec:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exec:\program files\Java\jre1.5.0_11\bin\jucheck.exe.**************************************************************************.Completion time: 2011-11-14 22:28:06 - machine was rebootedComboFix-quarantined-files.txt 2011-11-15 03:27.Pre-Run: 117,370,208,256 bytes freePost-Run: 117,655,482,368 bytes free.- - End Of File - - 9FC950952518B1C34E1383F894441881Thanks again,Chris Link to post Share on other sites More sharing options...
Maniac Posted November 15, 2011 ID:494719 Share Posted November 15, 2011 Open Notepad and copy and paste the text in the code box below into it:Folder::c:\documents and settings\Owner\Local Settings\Application Data\b9ff513bSave the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.In your next post here, please include ComboFix.txt and let me know how are things there. Link to post Share on other sites More sharing options...
dusktilldawnll Posted November 16, 2011 Author ID:495025 Share Posted November 16, 2011 Here is latest log:ComboFix 11-11-15.06 - Owner 11/15/2011 19:25:11.3.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2171 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txtAV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Owner\Local Settings\Application Data\b9ff513bc:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\@c:\documents and settings\Owner\Local Settings\Application Data\b9ff513b\loader.tlb..((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))..2011-11-15 04:17 . 2011-11-15 04:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search2011-11-15 02:58 . 2010-02-24 13:11 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-11-14 23:16 . 2011-11-14 23:17 -------- d-----w- C:\a8532bab8cd41525a92011-11-14 01:58 . 2011-11-14 01:58 -------- d-----w- c:\documents and settings\Administrator2011-11-14 01:25 . 2004-08-04 04:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys2011-11-14 01:25 . 2004-08-04 04:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys2011-11-01 16:45 . 2011-11-01 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE2011-11-01 16:45 . 2011-11-01 16:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-14 04:23 . 2011-06-26 16:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-08-31 22:00 . 2011-06-26 16:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2003-03-31 12:00 94784 --sh--w- c:\windows\twain.dll2004-08-04 05:56 50688 --sh--w- c:\windows\twain_32.dll2004-08-04 05:56 1028096 --sh--w- c:\windows\system32\mfc42.dll2004-08-04 05:56 54784 --sh--w- c:\windows\system32\msvcirt.dll2004-08-04 05:56 413696 --sh--w- c:\windows\system32\msvcp60.dll2007-12-04 18:38 550912 --sh--w- c:\windows\system32\oleaut32.dll2004-08-04 05:56 11776 --sh--w- c:\windows\system32\regsvr32.exe..((((((((((((((((((((((((((((( SnapShot@2011-11-15_03.20.38 ))))))))))))))))))))))))))))))))))))))))).- 2003-03-31 12:00 . 2011-11-15 03:24 79360 c:\windows\system32\perfc009.dat+ 2003-03-31 12:00 . 2011-11-15 04:20 79360 c:\windows\system32\perfc009.dat+ 2003-03-31 12:00 . 2011-11-15 04:20 465640 c:\windows\system32\perfh009.dat- 2003-03-31 12:00 . 2011-11-15 03:24 465640 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2011-09-29 313160].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-01-17 109304]"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-03-16 487424]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736].c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkbackup=c:\windows\pss\Windows Search.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 22:43 69632 ----a-w- c:\windows\Alcmtr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]2007-12-14 15:44 159744 ----a-w- c:\program files\DellTPad\Apoint.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]2007-10-09 23:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2004-08-04 05:56 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]2008-01-09 21:01 166424 ----a-w- c:\windows\system32\hkcmd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]2008-01-09 21:02 141848 ----a-w- c:\windows\system32\igfxtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]2008-01-09 21:02 137752 ----a-w- c:\windows\system32\igfxpers.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2007-11-06 14:50 16855552 ----a-w- c:\windows\RTHDCPL.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2007-06-27 15:38 888832 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"="c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"="c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"="c:\\WINDOWS\\system32\\WgaTray.exe"="c:\\Documents and Settings\\Owner\\Application Data\\Smilebox\\SmileboxTray.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"=.R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/2/2011 7:02 AM 105592]R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [8/22/2008 8:21 AM 48472]R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [8/22/2008 8:21 AM 43480]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 11:47 AM 135664]S2 HPFECP16;HPFECP16;c:\windows\system32\drivers\HPFecp16.sys [7/1/1998 1:55 AM 52800]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 11:47 AM 135664]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 5:34 AM 115952].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder.2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57].2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:52].2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:52]..------- Supplementary Scan -------.uStart Page = hxxp://www.aol.com/mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8uInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 208.67.222.222 208.67.220.220 75.75.75.75DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - file:///C:/Documents%20and%20Settings/Owner/Application%20Data/Smilebox/OzDesktopImporter.cab..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-11-15 19:34Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.Completion time: 2011-11-15 19:36:15ComboFix-quarantined-files.txt 2011-11-16 00:36ComboFix2.txt 2011-11-15 03:41ComboFix3.txt 2011-11-15 03:28.Pre-Run: 118,011,412,480 bytes freePost-Run: 118,020,845,568 bytes free.- - End Of File - - 6117F3E29821B8931525807EE092CF1FSpeed is 100% faster. Computer seems to be running great...Thanks again for your help.Chris Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495133 Share Posted November 16, 2011 Glad to hear that, Chris!Let's make some additional scans:Launch Malwarebytes' Anti-MalwareGo to Update" tab and select Check for Updates.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Next:Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicIn your next reply, please post the following log files:Malwarebytes' Anti-Malware logESET Online Scanner log Link to post Share on other sites More sharing options...
dusktilldawnll Posted November 17, 2011 Author ID:495459 Share Posted November 17, 2011 ESET log:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=a4ba5b3ed8b3fc4a9f21f6941998aa9c# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-11-17 02:39:29# local_time=2011-11-16 09:39:29 (-0500, Eastern Standard Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 2# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=81572# found=30# cleaned=30# scan_time=3848C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\b9ff513b\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\b9ff513b\U\800000cb.@.vir a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\b9ff513b\U\800000cf.@.vir probably a variant of Win32/Kryptik.JDI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP938\A0075048.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP938\A0075059.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP938\A0075069.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP938\A0075079.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP939\A0076079.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP940\A0076358.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076370.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076381.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076385.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076389.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076398.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0076402.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077402.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077406.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077414.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077418.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077422.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077427.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077435.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077439.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077452.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077513.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077540.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP941\A0077564.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP942\A0078564.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{E76C2A2D-44FE-4375-B5F7-6380379ABA62}\RP942\A0078672.sys a variant of Win32/Rootkit.Kryptik.EL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CMALWARE:Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8178Windows 5.1.2600 Service Pack 2Internet Explorer 8.0.6001.1870211/16/2011 8:23:46 PMmbam-log-2011-11-16 (20-23-46).txtScan type: Quick scanObjects scanned: 191011Time elapsed: 3 minute(s), 44 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Thanks,Chris Link to post Share on other sites More sharing options...
Maniac Posted November 17, 2011 ID:495569 Share Posted November 17, 2011 Chris, please follow the instructions here turn off and then back to turn on System Restore to clean all of the restore points.http://support.microsoft.com/kb/310405Let me know how are things running there. Link to post Share on other sites More sharing options...
dusktilldawnll Posted November 18, 2011 Author ID:495773 Share Posted November 18, 2011 Runs Great! Thanks again for all your help.Chris Link to post Share on other sites More sharing options...
Maniac Posted November 18, 2011 ID:495837 Share Posted November 18, 2011 I have good news for you => You're system is clean! Here are some tips to prevent future malware problems:You need to ensure that you have the latest versions of: Adobe Reader and Java. Before you download and install the latest versions is important to uninstall them, so for this purpose: Click Start => Control Panel => Add or Remove Programs highlight them and click on Remove button. Next, click on each of the programs to download it:Adobe ReaderJavaSlowly and carefully install applications and then restart your computer.Go to Start => Run... and copy & paste next command in the field:ComboFix /uninstallThen hit Enter button.This procedure will do the following:Uninstall ComboFixDelete its related folders and filesReset your clock settingsHide file extensionsHide the system/hidden filesResets System Restore againNote: Make sure there's a space between ComboFix and /uninstallAt this stage, you don't need the online scanner, so:To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.Please manually delete DDS.Some quick tips:Firewall - Your Windows OS has a built-in firewall, but it is weak and in no way good for the current requirements for optimal security, so I recommend you choose a suitable firewall on my advice below. A firewall will protect you from attacks coming from the global network. Without a firewall your computer is susceptible to being hacked and taken over. Here some good free firewall solutions:Online Armor Personal FirewallPC Tools Firewall Plus[*]Alternative browser - Due to the large market share of Internet Explorer, it is a top target of the writers of malware, so we recommend using an alternative browser. There are many better alternatives to Internet Explorer regarding security, features and speed such as:Google ChromeOpera Browser[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.Safe surfing! Link to post Share on other sites More sharing options...
LDTate Posted November 22, 2011 ID:497171 Share Posted November 22, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts