 [Closed] Malwarebytes Targeted, Same problem as before despite new har, Seriously not playing a joke |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Oct 9 2009, 04:13 PM
Post
#1
|
|
|
Authentic Member  Group: Authentic Member Posts: 37 Joined: 6-October 09 Member No.: 88,274 Operating System: Windows XP  |
I recently posted a thread detailing a problem that I had regarding Malwarebytes being targeted and then other websites running incredibly slow as well as the entire internet running slow. I had intended to do what I could wiht whatever help was offered here. However, the next day, the computer went haywire, with ScareWare installed and I had to get a new hard drive.
The same problem is happening again. It is not at the scareware stage yet, and I'd like to stop it before it happens again and possibly get some kind of deterrent against it happening in the future. I had installed Malwarebytes on the new HD, but again the .exe had been deleted. I'd like to take care of it now. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/09 18:09 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0x9E751000 Size: 876544 File Visible: No Signed: - Status: - Name: mrxdav.sys Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys Address: 0x9E62B000 Size: 180608 File Visible: - Signed: - Status: Hidden from the Windows API! Name: mrxsmb.sys Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Address: 0xA51FD000 Size: 455296 File Visible: - Signed: - Status: Hidden from the Windows API! Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xF71E2000 Size: 574976 File Visible: - Signed: - Status: Hidden from the Windows API! Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x9C183000 Size: 49152 File Visible: No Signed: - Status: - ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by jmart366 at 18:08:01.78 on Fri 10/09/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.64 [GMT -4:00] AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM7\aim.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\jmart366\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://cpprod.stjohns.edu/cp/home/loginf uWindow Title = Microsoft Internet Explorer provided by St. John's University uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Aim] "c:\program files\aim7\aim.exe" /d locale=en-US uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [TpShocks] TpShocks.exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TP4EX] tp4ex.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [veluhepoj] Rundll32.exe "c:\windows\system32\tibukiji.dll",a StartupFolder: c:\docume~1\jmart366\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe StartupFolder: c:\docume~1\jmart366\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: NoPropertiesMyComputer = 1 (0x1) mPolicies-system: LogonType = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\thinkpad\pkgmgr\PkgMgr.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxps://www-3.ibm.com/pc/support/access/sdccommon/download/tgctlins.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120763170514 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147371192171 DPF: {74FFE28D-2378-11D5-990C-006094235084} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\ibmegath.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38146.5184143518 DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} - file://c:\program files\support.com\bin\ibmaccesssupport\common\install\AcpControl.cab Notify: ACNotify - ACNotify.dll Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll Notify: igfxcui - igfxdev.dll Notify: tpfnf2 - notifyf2.dll Notify: tphotkey - tphklock.dll AppInit_DLLs: lagehogo.dll c:\windows\system32\tibukiji.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: nugusivek - {6b943bbe-303e-4808-a237-a927d59a8f04} - c:\windows\system32\tibukiji.dll STS: kupuhivus: {6b943bbe-303e-4808-a237-a927d59a8f04} - c:\windows\system32\tibukiji.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = scecli ACGina wohahibe.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jmart366\applic~1\mozilla\firefox\profiles\al5onozg.default\ FF - prefs.js: browser.startup.homepage - hxxp://cpprod.stjohns.edu/cp/home/loginf FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-15 340592] R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-5-15 85760] R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-5-10 14208] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-5-15 11520] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2006-5-15 4224] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-5-15 4736] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-5-15 4442] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-5-15 67904] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 253952] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-15 90360] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-15 42424] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-5-10 6016] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312] S3 AM5211;11b/g Wireless LAN Mini PCI Adapter Service;c:\windows\system32\drivers\am5211.sys --> c:\windows\system32\drivers\am5211.sys [?] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-5-15 64432] ============== File Associations =============== regfile="regedit.exe" "%1" =============== Created Last 30 ================ 2009-10-09 17:27 <DIR> --d----- C:\QUARANTINE 2009-10-09 14:14 <DIR> --d----- c:\program files\ASIO4ALL v2 2009-10-09 14:14 225,280 a------- c:\windows\system32\rewire.dll 2009-10-09 14:14 <DIR> --d----- c:\program files\VstPlugins 2009-10-09 14:14 1,294,336 a------- c:\windows\system32\vorbis.acm 2009-10-09 14:13 <DIR> --d----- c:\program files\Outsim 2009-10-09 14:09 <DIR> --d----- c:\program files\Image-Line 2009-10-08 13:34 221,184 a------- c:\windows\system32\wmpns.dll 2009-10-07 17:31 <DIR> --d----- c:\docume~1\jmart366\applic~1\LimeWire 2009-10-07 17:30 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-07 17:30 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-07 17:29 <DIR> --d----- c:\program files\LimeWire 2009-10-07 17:23 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-10-07 17:23 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-07 17:22 <DIR> --d----- c:\program files\iPod 2009-10-07 17:22 <DIR> --d----- c:\program files\iTunes 2009-10-07 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-07 17:22 <DIR> --d----- c:\program files\Bonjour 2009-10-07 17:02 153,088 -c------ c:\windows\system32\dllcache\triedit.dll 2009-10-07 17:02 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx 2009-10-07 17:01 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll 2009-10-07 15:56 <DIR> --d----- c:\docume~1\jmart366\applic~1\Malwarebytes 2009-10-07 15:56 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-07 15:56 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-07 15:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-10-07 15:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-07 15:13 <DIR> --d----- c:\documents and settings\jmart366\Tracing 2009-10-07 15:11 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-10-07 15:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM 2009-10-07 15:07 <DIR> --d----- c:\program files\AIM7 2009-10-07 15:07 <DIR> --d----- c:\program files\common files\Software Update Utility 2009-10-07 15:07 <DIR> --d----- c:\program files\common files\AOL 2009-10-07 15:07 361 a---h--- C:\IPH.PH 2009-10-07 14:21 <DIR> --d----- c:\docume~1\jmart366\applic~1\Avaya 2009-10-07 12:26 <DIR> --d----- c:\documents and settings\jmart366\.jpi_cache 2009-10-07 12:26 <DIR> --d----- c:\documents and settings\jmart366\.java 2009-10-07 12:26 <DIR> --d----- c:\docume~1\jmart366\applic~1\Intel 2009-10-07 12:26 <DIR> --d----- c:\docume~1\jmart366\applic~1\IBM 2009-10-07 12:25 <DIR> --d----- c:\docume~1\jmart366\applic~1\ThinkVantage 2009-10-07 12:25 <DIR> --ds---- c:\documents and settings\jmart366\UserData 2009-10-07 12:25 <DIR> --d-h--- c:\documents and settings\jmart366\WLANProfiles.sav 2009-10-07 12:25 <DIR> --d----- c:\documents and settings\jmart366\WINDOWS 2009-10-07 12:25 <DIR> --d----- c:\documents and settings\jmart366 ==================== Find3M ==================== 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll 2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-09 17:26 114,688 a--sh--- c:\windows\system32\butawabe.dll 2009-07-09 17:26 114,688 a--sh--- c:\windows\system32\lagehogo.dll 2009-07-09 17:32 1,011,112 a--sh--- c:\windows\system32\pijihaje.exe 2009-07-09 17:32 69,120 a--sh--- c:\windows\system32\wawebodo.dll 2009-07-09 17:26 114,688 a--sh--- c:\windows\system32\wohahibe.dll 2009-07-09 17:32 3 a--sh--- c:\windows\system32\yahetugi.dll 2009-04-24 15:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042420090425\index.dat ============= FINISH: 18:10:47.95 ===============
Attached File(s)
|
 |
 
|
Posts in this topic
Mirrodin [Closed] Malwarebytes Targeted, Same problem as before despite new har Oct 9 2009, 04:13 PM
Mirrodin I know that we're not supposed to bump threads... Oct 10 2009, 12:49 AM CatByte Hi,
Please do the following:
Download ComboFix f... Oct 10 2009, 05:42 AM Mirrodin This is a school computer, so they've blocked ... Oct 10 2009, 03:45 PM Mirrodin Combofix is still preparing its log report. Is it... Oct 10 2009, 04:27 PM CatByte Hi,
Go into task manager > processes tab and l... Oct 10 2009, 07:28 PM Mirrodin This is all there is, if I'm at the correct fi... Oct 10 2009, 07:53 PM CatByte QUOTE * Resident AV is active
This was why it did... Oct 11 2009, 04:18 AM Mirrodin I'm going to attempt what you suggested and tr... Oct 11 2009, 03:49 PM Mirrodin I don't have a McAfee Security Center. All I ... Oct 11 2009, 04:01 PM CatByte Hi.
Is it possible to uninstall McAfee until we c... Oct 11 2009, 05:11 PM Mirrodin Not that I know of. All major decisions for the p... Oct 11 2009, 05:54 PM CatByte You could try running combofix in safe mode and en... Oct 11 2009, 06:20 PM Mirrodin Put the computer into safe mode? I could try that... Oct 11 2009, 06:29 PM Mirrodin I wasn't exactly sure if you meant reboot the ... Oct 12 2009, 12:47 AM CatByte Hi,
delete the copy of combofix that you have fro... Oct 12 2009, 06:42 AM Mirrodin Okay, I'll try it. Oct 12 2009, 12:26 PM Mirrodin ComboFix 09-10-12.02 - jmart366 10/12/2009 23:09.2... Oct 12 2009, 09:41 PM Mirrodin Popups keep coming, so I don't think Combofix ... Oct 13 2009, 12:25 AM CatByte Hi,
Please do the following:
Run this script in ... Oct 13 2009, 02:26 AM Mirrodin ComboFix 09-10-12.02 - jmart366 10/13/2009 16:35:4... Oct 13 2009, 03:03 PM Mirrodin I don't think Inherit is working. Nothing hap... Oct 13 2009, 03:16 PM CatByte Hi,
Please do the following:
The bottom of that p... Oct 13 2009, 03:25 PM Mirrodin ComboFix 09-10-12.02 - jmart366 10/14/2009 18:03:0... Oct 14 2009, 04:25 PM CatByte Hi,
I needed some files to be submitted that were... Oct 14 2009, 05:35 PM Mirrodin Files have been sent. Trying the Inherit thing ag... Oct 15 2009, 06:15 PM CatByte see if Malware bytes will now update and run
if n... Oct 15 2009, 09:50 PM Mirrodin Downloaded a new copy and it installed properly an... Oct 15 2009, 10:47 PM Mirrodin Malwarebytes' Anti-Malware 1.41
Database versi... Oct 15 2009, 11:11 PM CatByte That's good news.
Please see if you can compl... Oct 16 2009, 03:01 AM Mirrodin I haven't been able to do the scan yet, I... Oct 17 2009, 10:45 AM CatByte OK,
no problem, thanks for letting me know Oct 17 2009, 10:48 AM Mirrodin This past week has been hell for me. Just incredi... Oct 25 2009, 02:27 AM CatByte Hi,
Were you ever able to find out how to disable... Oct 25 2009, 06:32 AM LDTate QUOTE This is a school computer,
QUOTE C:\Do... Oct 25 2009, 07:00 AM Mirrodin I attempted the scan, but part way through it, I g... Oct 25 2009, 03:24 PM Mirrodin OTS.txt is attached. After the scan was completed... Oct 25 2009, 05:42 PM CatByte Hi,
Please do the following:
Start OTS
Copy/Pas... Oct 25 2009, 08:07 PM Mirrodin For some reason copy and paste have been disabled,... Oct 26 2009, 04:17 PM CatByte Hi
Try using the keyboard shortcuts to copy and ... Oct 26 2009, 04:23 PM Mirrodin I tried the shortcuts as well. Nothing has worked... Oct 26 2009, 04:44 PM CatByte Try it in safe mode Oct 26 2009, 04:45 PM Mirrodin Will do. Oct 26 2009, 05:03 PM Mirrodin When in safe mode, I can't access the internet... Oct 26 2009, 05:34 PM CatByte No,
Does your safe mode with networking not allow... Oct 26 2009, 05:48 PM Mirrodin Well when I go into safe mode, I have safe mode, s... Oct 26 2009, 05:59 PM CatByte OK
You need safe mode with networking to be able ... Oct 26 2009, 06:03 PM Mirrodin Okay so:
Go into safe mode with networking
run t... Oct 26 2009, 06:09 PM CatByte the fix.bat will run in normal mode. - do that fir... Oct 26 2009, 06:17 PM Mirrodin Okay, on it. Oct 26 2009, 06:19 PM Mirrodin Ran fix.bat:
The operation completed successfull... Oct 26 2009, 06:20 PM Mirrodin DDS (Ver_09-10-26.01) - NTFSx86
Run by jmart366 ... Oct 26 2009, 06:28 PM CatByte Hi,
Your machine is still heavily infected.
I thi... Oct 26 2009, 07:02 PM Mirrodin I can't disable McAfee, but I'll do the be... Oct 26 2009, 07:11 PM Mirrodin And here we go:
ComboFix 09-10-26.01 - jmart366 1... Oct 26 2009, 08:13 PM CatByte Hi,
Have you notified your schools IT department ... Oct 27 2009, 05:18 AM Mirrodin Well, I use my computer on campus, but for the mos... Oct 28 2009, 12:08 AM CatByte yes, just to be safe. Oct 28 2009, 02:56 AM
CatByte Due to inactivity this topic will be closed.
If yo... Nov 7 2009, 05:00 AM |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
8 | Alyaz | 137 | 26 minutes ago Last post by: CatByte |
|||
|
 |
7 | shawnav | 169 | Today, 02:06 AM Last post by: ken545 |
||
 |
16 | Tim F. | 203 | Yesterday, 03:30 PM Last post by: MrCharlie |
|||
|
17 | massierick | 518 | Yesterday, 02:14 PM Last post by: extremeboy |
|||
|
Time is now: 22nd March 2010 - 04:23 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
