Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Privacy Protection Virus Removal Help

Started by RetiredChief , Nov 06 2011 06:48 PM

  • This topic is locked This topic is locked
38 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 11 November 2011 - 04:27 PM

Hi RetiredChief,

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

Posted Image
 
 

    Advertisements

Register to Remove

#17 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 11 November 2011 - 08:36 PM

Jeff, Here is the MBRCheck file: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x00000fdc Kernel Drivers (total 145): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xF7A30000 \WINDOWS\system32\KDCOM.DLL 0xF7940000 \WINDOWS\system32\BOOTVID.dll 0xF735C000 sptd.sys 0xF7A32000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xF7344000 \WINDOWS\System32\Drivers\SPTD1085.SYS 0xF7316000 ACPI.sys 0xF7305000 pci.sys 0xF7530000 isapnp.sys 0xF7540000 ohci1394.sys 0xF7550000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7AF8000 pciide.sys 0xF77B0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7A34000 viaide.sys 0xF7A36000 intelide.sys 0xF7560000 MountMgr.sys 0xF72E6000 ftdisk.sys 0xF7A38000 dmload.sys 0xF72C0000 dmio.sys 0xF77B8000 PartMgr.sys 0xF7570000 VolSnap.sys 0xF71EB000 iaStor.sys 0xF71D3000 atapi.sys 0xF7190000 ftsata2.sys 0xF7178000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF7580000 disk.sys 0xF7590000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7158000 fltmgr.sys 0xF7146000 sr.sys 0xF75A0000 bb-run.sys 0xF77C0000 PxHelp20.sys 0xF712F000 KSecDD.sys 0xF711C000 WudfPf.sys 0xF708F000 Ntfs.sys 0xF7079000 inspect.sys 0xF704C000 \WINDOWS\System32\DRIVERS\NDIS.SYS 0xF77C8000 \WINDOWS\System32\DRIVERS\TDI.SYS 0xF7032000 Mup.sys 0xF6424000 \SystemRoot\system32\DRIVERS\AmdK8.sys 0xF78F0000 \SystemRoot\system32\DRIVERS\aracpi.sys 0xF62C6000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF62B2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF78F8000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF628E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7900000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF6414000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF75D0000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF75E0000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF626B000 \SystemRoot\system32\DRIVERS\ks.sys 0xF7908000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xF6258000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys 0xF75F0000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF6222000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys 0xF6124000 \SystemRoot\system32\DRIVERS\HSF_DP.sys 0xF6078000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF7910000 \SystemRoot\System32\Drivers\Modem.SYS 0xF5CFE000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xF5C61000 \SystemRoot\system32\drivers\portcls.sys 0xF7600000 \SystemRoot\system32\drivers\drmk.sys 0xF5C4D000 \SystemRoot\system32\DRIVERS\parport.sys 0xF7610000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF7918000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7A5E000 \SystemRoot\system32\DRIVERS\armoucfltr.sys 0xF7920000 \SystemRoot\system32\DRIVERS\PS2.sys 0xF7928000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7A60000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys 0xF6FE6000 \SystemRoot\system32\DRIVERS\arpolicy.sys 0xF7A62000 \SystemRoot\system32\DRIVERS\serscan.sys 0xF7BDA000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF7620000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF6FE2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5C36000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF7630000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF7640000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF5C25000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7650000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7938000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF77D0000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF5BF5000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7670000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7A64000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5B97000 \SystemRoot\system32\DRIVERS\update.sys 0xF6FC6000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF7680000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF76B0000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7A68000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF1B28000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0xF7828000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF1A8A000 \SystemRoot\System32\DRIVERS\cmdguard.sys 0xF7AB8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7B0D000 \SystemRoot\System32\Drivers\Null.SYS 0xF7ABA000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7838000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7840000 \SystemRoot\System32\drivers\vga.sys 0xF7ABC000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7ABE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7848000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7850000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7002000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF1A57000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF19FE000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF7858000 \SystemRoot\System32\DRIVERS\cmdhlp.sys 0xF19D6000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF19B4000 \SystemRoot\System32\drivers\afd.sys 0xF76E0000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF1989000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF1919000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF7700000 \SystemRoot\System32\Drivers\Fips.SYS 0xF18F3000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF7710000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF7720000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xF1807000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF1740000 \SystemRoot\system32\DRIVERS\AE1000XP.sys 0xF7880000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF7790000 \SystemRoot\System32\Drivers\nx6000.sys 0xF1722000 \SystemRoot\System32\Drivers\usbvideo.sys 0xF77A0000 \SystemRoot\system32\drivers\usbaudio.sys 0xF1B08000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xF7890000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xF170A000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7AF2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF7A2C000 \SystemRoot\System32\drivers\Dxapi.sys 0xF78A0000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7C08000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF051000 \SystemRoot\System32\ati2cqag.dll 0xBF08A000 \SystemRoot\System32\atikvmag.dll 0xBF0BF000 \SystemRoot\System32\ati3duag.dll 0xBF30C000 \SystemRoot\System32\ativvaxx.dll 0xBF39F000 \SystemRoot\System32\ATMFD.DLL 0xF1B18000 \??\C:\WINDOWS\system32\drivers\mbam.sys 0xEF432000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys 0xEF396000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xEF0DD000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xEF0C8000 \SystemRoot\system32\drivers\wdmaud.sys 0xEF3C2000 \SystemRoot\system32\drivers\sysaudio.sys 0xEED67000 \SystemRoot\System32\Drivers\HTTP.sys 0xEEC1F000 \SystemRoot\system32\DRIVERS\srv.sys 0xEEDCC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xEE907000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xEDF1C000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 63): 0 System Idle Process 4 System 580 C:\WINDOWS\system32\smss.exe 820 csrss.exe 848 C:\WINDOWS\system32\winlogon.exe 896 C:\WINDOWS\system32\services.exe 908 C:\WINDOWS\system32\lsass.exe 1060 C:\WINDOWS\system32\ati2evxx.exe 1076 C:\WINDOWS\system32\svchost.exe 1132 svchost.exe 1176 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 1204 C:\WINDOWS\system32\svchost.exe 1216 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 1344 C:\WINDOWS\system32\svchost.exe 1584 svchost.exe 1684 C:\WINDOWS\system32\ati2evxx.exe 1736 svchost.exe 1744 C:\WINDOWS\explorer.exe 2040 C:\WINDOWS\system32\spoolsv.exe 292 svchost.exe 472 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 512 C:\WINDOWS\arservice.exe 544 C:\Program Files\Microsoft\BingBar\SeaPort.EXE 600 C:\Program Files\Bonjour\mDNSResponder.exe 656 C:\WINDOWS\ehome\ehrecvr.exe 756 C:\WINDOWS\ehome\ehSched.exe 800 C:\Program Files\Canon\IJPLM\ijplmsvc.exe 1212 C:\Program Files\Java\jre6\bin\jqs.exe 1524 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1548 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 1640 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1692 C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe 1608 C:\Program Files\Microsoft LifeCam\MSCamS32.exe 1824 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE 1876 C:\WINDOWS\system32\PnkBstrA.exe 1896 C:\WINDOWS\system32\PnkBstrB.exe 1984 svchost.exe 2128 C:\WINDOWS\system32\svchost.exe 2280 mcrdsvc.exe 2300 C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe 2396 C:\WINDOWS\system32\wuauclt.exe 2596 C:\WINDOWS\ehome\ehtray.exe 2628 C:\WINDOWS\arpwrmsg.exe 2744 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe 2976 C:\Program Files\HP\HP Software Update\hpwuschd2.exe 3208 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3240 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe 3248 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3460 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 3780 C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE 348 C:\Program Files\Microsoft Security Client\msseces.exe 736 C:\Program Files\iTunes\iTunesHelper.exe 812 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2688 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 2708 C:\WINDOWS\system32\dllhost.exe 2784 C:\Documents and Settings\All Users\Application Data\Renaissance Wireless Server\Renaissance Wireless Server.exe 2856 wmiprvse.exe 3608 alg.exe 3840 C:\WINDOWS\ehome\ehmsas.exe 2080 C:\WINDOWS\system32\svchost.exe 2544 C:\Program Files\iPod\bin\iPodService.exe 720 C:\WINDOWS\system32\ctfmon.exe 1488 C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`20af2e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32) PhysicalDrive0 Model Number: ST3200826AS, Rev: 3.03 Size Device Name MBR Status -------------------------------------------- 186 GB \\.\PhysicalDrive0 Legit MBR code detected SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972 Done!

#18 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 11 November 2011 - 08:59 PM

Hi RetiredChief,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    DDS::
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi9130~1\datamngr\BROWSE~1.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE

File::
c:\documents and settings\all users\application data\privacy.exe

Folder::
c:\program files\Conduit

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
Posted Image
 
 

#19 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 11 November 2011 - 10:26 PM

What is script blocking and how do I stop it?

#20 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 12 November 2011 - 08:40 AM

Hi RetiredChief, Just be sure that your antivirus and firewall are disabled while the scan is going on. To disable your Microsoft Security Essentials (MSSE) antivirus...Right-click on the MSSE icon in the system tray > Open > Settings tab > select Real Time Protection > uncheck Turn on real time protection. To disable your firewall...right on the Comodo Internet Security icon in the system tray and under Firewall Security Level choose to disable
Posted Image
 
 

#21 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 12 November 2011 - 12:36 PM

Jeff,

Again, after 3 tries, I had to run in Safe Mode. It kept locking up at preparing log. Here is the result of the successful scan in safe mode:


ComboFix 11-11-12.04 - Administrator 11/12/2011 9:54.8.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.691 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\documents and settings\all users\application data\privacy.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-12 17:49 . 2011-11-12 17:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD52D403-4D9A-42DE-8B70-43D2FFDD0243}\offreg.dll
2011-11-12 02:42 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD52D403-4D9A-42DE-8B70-43D2FFDD0243}\mpengine.dll
2011-11-09 23:12 . 2011-11-09 23:12 -------- dc----w- C:\TDSSKiller_Quarantine
2011-11-06 01:37 . 2011-11-06 01:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-11-05 00:44 . 2011-03-31 21:53 24064 ----a-w- c:\windows\system32\drivers\motport.sys
2011-11-05 00:44 . 2011-03-31 21:53 24064 ----a-w- c:\windows\system32\drivers\motmodem.sys
2011-11-05 00:44 . 2011-04-04 21:55 20480 ----a-w- c:\windows\system32\drivers\motccgp.sys
2011-11-05 00:44 . 2009-01-30 00:18 8320 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2011-11-05 00:44 . 2007-11-02 22:51 6400 ----a-w- c:\windows\system32\drivers\motswch.sys
2011-11-05 00:43 . 2011-11-05 00:43 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-11-05 00:43 . 2011-11-05 00:43 -------- d-----w- c:\program files\Motorola
2011-10-29 17:32 . 2011-10-29 17:33 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 17:24 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-10-29 17:24 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-10-29 17:20 . 2011-10-29 17:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX
2011-10-24 16:02 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-20 03:14 . 2011-10-20 03:14 -------- d-----w- c:\program files\iPod
2011-10-20 03:08 . 2011-10-20 03:08 -------- d-----w- c:\program files\Bonjour
2011-10-20 00:44 . 2011-10-20 00:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Coupons.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 19:22 . 2011-10-11 19:22 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-10-10 14:22 . 2004-08-10 12:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 17:48 . 2010-06-02 02:00 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:48 . 2010-06-02 02:00 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48 . 2010-06-04 18:55 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:47 . 2010-06-02 02:00 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2010-06-02 02:00 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-07 03:48 . 2011-10-04 22:43 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 17:45 . 2011-08-10 01:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-28 07:06 . 2004-08-10 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2010-03-18 17:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-12 23:14 . 2011-10-05 04:45 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-09-06 13:20 . 2004-08-10 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2011-10-03 23:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-10 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-30 17:27 . 2011-05-06 14:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_00.43.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-14 02:54 . 2011-08-12 20:51 17272 c:\windows\system32\spmsg.dll
+ 2011-07-14 02:54 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2010-01-29 15:01 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2010-01-29 15:01 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2010-02-20 16:57 . 2011-11-10 05:51 50295240 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 180269]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-10 27136]
.
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Registration Silent Hunter III.LNK - c:\program files\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminders Tray Icon.lnk - c:\sierra\Planner\PLNRnote.exe [N/A]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\agremind.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Renaissance Wireless Server.lnk - c:\documents and settings\All Users\Application Data\Renaissance Wireless Server\Renaissance Wireless Server.exe [2007-9-11 6823860]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Renaissance Wireless Server\\Renaissance Wireless Server.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/3/2011 12:31 PM 664064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 6:00 PM 31704]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [7/12/2011 7:51 PM 816672]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 10:55 AM 492768]
S1 MpKsl0f7c0b36;MpKsl0f7c0b36;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02636E4D-33B1-4A9D-93F9-D88436CA3D6D}\MpKsl0f7c0b36.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02636E4D-33B1-4A9D-93F9-D88436CA3D6D}\MpKsl0f7c0b36.sys [?]
S1 MpKsl256912b9;MpKsl256912b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A0E6A14-A76C-4190-8390-4F85AA171C06}\MpKsl256912b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A0E6A14-A76C-4190-8390-4F85AA171C06}\MpKsl256912b9.sys [?]
S1 MpKsl5744934b;MpKsl5744934b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40394202-2B54-4840-A53F-78E381E1B662}\MpKsl5744934b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40394202-2B54-4840-A53F-78E381E1B662}\MpKsl5744934b.sys [?]
S1 MpKsl5ff3be24;MpKsl5ff3be24;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{158E3422-62FB-4074-825C-F251E1501BEC}\MpKsl5ff3be24.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{158E3422-62FB-4074-825C-F251E1501BEC}\MpKsl5ff3be24.sys [?]
S1 MpKsl82c4ff9c;MpKsl82c4ff9c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7232C367-9761-4A6C-BA0E-49C0DD6AE5C3}\MpKsl82c4ff9c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7232C367-9761-4A6C-BA0E-49C0DD6AE5C3}\MpKsl82c4ff9c.sys [?]
S1 MpKsl9dd2a4f5;MpKsl9dd2a4f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F49F9929-BC03-461B-A787-CC697C91A1BC}\MpKsl9dd2a4f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F49F9929-BC03-461B-A787-CC697C91A1BC}\MpKsl9dd2a4f5.sys [?]
S1 MpKsla1025ecb;MpKsla1025ecb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C179B624-5673-469D-B8BE-7310500DAF9D}\MpKsla1025ecb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C179B624-5673-469D-B8BE-7310500DAF9D}\MpKsla1025ecb.sys [?]
S1 MpKslb899b9ea;MpKslb899b9ea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68003CD4-2DF1-4DF8-B327-C3B29DE74819}\MpKslb899b9ea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68003CD4-2DF1-4DF8-B327-C3B29DE74819}\MpKslb899b9ea.sys [?]
S1 MpKslbd4858d2;MpKslbd4858d2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{422A7366-8CB1-4120-B62B-7E26B6B6F89C}\MpKslbd4858d2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{422A7366-8CB1-4120-B62B-7E26B6B6F89C}\MpKslbd4858d2.sys [?]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/3/2011 3:25 PM 366152]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 11:35 AM 227184]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/3/2011 3:25 PM 22216]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/4/2011 4:44 PM 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/4/2011 4:44 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [11/4/2011 4:44 PM 24064]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [7/13/2011 6:41 PM 30576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-11-12 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
2011-11-05 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-11-10 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-11-05 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2011-11-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-11-10 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 11:18]
.
2011-11-12 c:\windows\Tasks\User_Feed_Synchronization-{BF38A124-251E-4DD5-B80F-B1ED348AAA54}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4F9665E1-6A11-4972-B941-EB22DFA68FC7}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\op5b9w5g.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 10:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(600)
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-12 10:03:14
ComboFix-quarantined-files.txt 2011-11-12 18:03
ComboFix2.txt 2011-11-11 20:37
ComboFix3.txt 2010-08-10 04:52
.
Pre-Run: 154,822,512,640 bytes free
Post-Run: 154,820,796,416 bytes free
.
- - End Of File - - EFF5B60AC8BBE6FFABE08D6992CA1DCF

#22 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 12 November 2011 - 02:29 PM

Hi RetiredChief,

I see that you have Malwarebytes on your system. Please run Malwarebytes, update it and then run a Quick Scan. Please save the created log for your next reply.
---------------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
  • Do not use this instance of your browser for anything besides doing this scan
  • When the scan is complete and the results saved, close that instance of your browser
  • Open a new one the usual way and post the results in this topic.


  • Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scan. :)
Posted Image
 
 

#23 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 12 November 2011 - 07:02 PM

Jeff, Here is the MBAM Log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8148 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/12/2011 4:52:52 PM mbam-log-2011-11-12 (16-52-52).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 349770 Time elapsed: 1 hour(s), 35 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\administrator\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. c:\documents and settings\administrator\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#24 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 12 November 2011 - 07:32 PM

Hi R/C, Looks like Malwarebytes found a couple. When you get ESET ran be sure to post that log as well. :)
Posted Image
 
 

#25 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 12 November 2011 - 09:41 PM

Jeff, Here is the ESETScan results. It found 7. C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\10\6b1e720a-3c5d4e69 Java/Agent.BV trojan C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\38\2ef758e6-4ccc9bc2 Java/Agent.BV trojan C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\48\d126230-171d37bf Java/Agent.BV trojan C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\7baf0ab2-5839f533 a variant of Java/Agent.BR trojan C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\8\1d87cc08-7fe1d758 probably a variant of Java/Agent.BR trojan C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0000025.dll Win32/Toolbar.Zugo application

    Advertisements

Register to Remove

#26 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 13 November 2011 - 08:05 AM

Hi RetiredChief, How is your system running now? What issues are you still having? :)
Posted Image
 
 

#27 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 13 November 2011 - 09:24 AM

Jeff, It seems to be running ok now. I do not see anything amiss. Is it ok to use it? Chief

#28 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 13 November 2011 - 09:50 AM

Hi RetiredChief,

P2P - I see you have P2P software BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.
-------

Please download JavaRa to your desktop and unzip it to its own
folder
  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
    click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
    Java Runtime Environment (JRE) version for your computer.
----------

Run DDS once more and post both of the logs created into your next reply so that we can take one last look. :)
Posted Image
 
 

#29 RetiredChief

RetiredChief

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 13 November 2011 - 10:35 PM

I had no idea it was on there, nor have I personally used it. I removed it and a few other things. I cannot figure out which Java JRE I need. I86, x64 online, offline. Throw me a bone, thanks!

Edited by RetiredChief, 13 November 2011 - 10:56 PM.

#30 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 13 November 2011 - 10:48 PM

Hi RetiredChief, You can do so via Start >> Control Panel >> Add or Remove Programs >> select BitTorrent and uninstall/delete.
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·