Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Can only browse one site in IE6


  • This topic is locked This topic is locked
20 replies to this topic

#16 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 15 November 2009 - 10:20 PM

Wakenaam,

OK. Please drag your copy of ComboFix to your recycle bin. Then download a fresh copy to your desktop from links provided earlier.


COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Mbr::
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#17 Wakenaam

Wakenaam

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 18 November 2009 - 06:12 PM

TomK: Thanks again. Here is the new log:

ComboFix 09-11-18.06 - Fazela 11/18/2009 18:03.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.481 [GMT -5:00]
Running from: c:\documents and settings\Fazela\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Fazela\Desktop\cfscript.txt
.

((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.

2009-11-18 23:17 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Fazela\Application Data\mjusbsp\in00000\setup.exe
2009-11-18 23:17 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Fazela\Application Data\mjusbsp\ar00000\install.exe
2009-11-18 23:17 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Fazela\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-11-18 22:42 . 2009-11-18 22:42 -------- d-s---w- c:\windows\Cookies
2009-11-18 22:18 . 2004-08-03 20:59 95360 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-18 22:18 . 2004-08-03 20:59 95360 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-14 13:27 . 2009-11-14 13:36 -------- d-----w- C:\All.In.The.Family.Season3.E17-19.DVDrip.Ac3.XviD
2009-11-14 13:10 . 2009-11-14 13:15 -------- d-----w- C:\gmer
2009-11-13 19:57 . 2009-11-13 19:57 -------- d-----w- C:\All.In.The.Family.Season3.E09-16.DVDrip.Ac3.XviD
2009-11-13 19:53 . 2009-11-15 17:34 -------- d-----w- C:\All.In.The.Family.Season3.E01-08.DVDrip.Ac3.XviD
2009-11-09 11:25 . 2009-11-09 11:25 -------- d-----w- C:\Rooter$
2009-11-08 19:06 . 2009-11-08 19:44 -------- d-----w- c:\program files\DVDFab 5
2009-11-08 18:58 . 2009-11-08 19:04 -------- d-----w- C:\DVDFab.Platinum.v5.2.5.0
2009-11-08 18:54 . 2009-11-08 18:56 -------- d-----w- C:\dvdfab
2009-11-08 17:53 . 2009-11-08 17:55 -------- d-----w- C:\Slysoft CloneDVD2 V2.9.1.9(KNIGHTY1973)
2009-11-04 23:15 . 2009-11-04 23:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-03 11:29 . 2009-11-03 11:50 -------- d-----w- C:\Kaaba
2009-10-23 16:42 . 2009-10-30 20:44 -------- d-----w- C:\All In The Family S06 Episodes 13 - 24 (of 24)
2009-10-23 16:39 . 2009-11-08 14:20 -------- d-----w- C:\All In The Family S06 Episodes 1 - 12 (of 24)
2009-10-22 13:46 . 2009-10-22 13:46 -------- d-----w- c:\documents and settings\Fazela\Application Data\Sony Corporation
2009-10-22 13:35 . 2009-10-22 13:35 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-10-22 13:34 . 2009-10-22 13:43 -------- d-----w- c:\documents and settings\Fazela\Local Settings\Application Data\Downloaded Installations
2009-10-22 13:31 . 2009-10-22 13:31 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-21 22:29 . 2009-10-23 12:14 -------- d-----w- C:\All In The Family S05 Episodes 13 - 24 (of 24)
2009-10-21 22:27 . 2009-11-03 02:30 -------- d-----w- C:\All In The Family S05 Episodes 1 - 12 (of 24)
2009-10-21 06:27 . 2009-10-21 20:35 -------- d-----w- C:\All.In.The.Family.S3.E22-24
2009-10-20 10:51 . 2009-10-20 10:51 -------- d-----w- c:\documents and settings\Fazela\Application Data\CursorArts
2009-10-20 10:51 . 2009-10-20 15:33 -------- d-----w- c:\program files\ActivIcons
2009-10-20 10:48 . 2009-10-20 10:49 -------- d-----w- C:\ActivIcons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 23:18 . 2009-01-16 21:39 -------- d-----w- c:\documents and settings\Fazela\Application Data\mjusbsp
2009-11-18 22:05 . 2009-10-17 00:18 -------- d-----w- c:\documents and settings\Fazela\Application Data\vlc
2009-11-17 23:47 . 2007-07-24 17:11 -------- d-----w- c:\documents and settings\Fazela\Application Data\uTorrent
2009-11-10 02:55 . 2008-09-06 22:41 -------- d-----w- c:\program files\Symantec
2009-11-10 01:35 . 2008-10-21 04:01 -------- d-----w- c:\documents and settings\Fazela\Application Data\Skype
2009-11-10 01:01 . 2008-10-21 04:13 -------- d-----w- c:\documents and settings\Fazela\Application Data\skypePM
2009-11-08 19:41 . 2009-02-28 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-11-08 19:06 . 2009-02-27 23:47 -------- d-----w- c:\documents and settings\Fazela\Application Data\Vso
2009-11-08 19:06 . 2009-02-27 23:47 47360 -c--a-w- c:\documents and settings\Fazela\Application Data\pcouffin.sys
2009-11-08 19:06 . 2009-02-27 23:47 47360 -c--a-w- c:\documents and settings\Fazela\Application Data\pcouffin.sys
2009-11-08 19:06 . 2009-02-27 23:47 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-07 12:56 . 2007-10-11 20:44 -------- d-----w- c:\program files\Softwin
2009-11-07 12:56 . 2007-10-09 15:49 -------- d-----w- c:\program files\Common Files\Softwin
2009-10-25 23:14 . 2009-09-13 14:52 117760 ----a-w- c:\documents and settings\Fazela\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-25 12:57 . 2009-08-11 02:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-20 00:24 . 2008-10-21 02:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-13 14:09 . 2009-10-12 18:07 -------- d-----w- c:\program files\Broadcom
2009-10-13 01:17 . 2006-12-14 13:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-12 18:05 . 2009-10-12 18:05 -------- d-----w- c:\program files\Analog Devices
2009-10-12 15:36 . 2006-12-14 00:26 24724 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-10-12 15:36 . 2006-12-14 00:25 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-09 12:28 . 2009-10-05 16:28 2081048 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-10-06 18:38 . 2009-09-13 14:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-05 18:30 . 2008-09-06 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-05 18:27 . 2008-10-21 05:11 -------- d-----w- c:\program files\Norton Ghost
2009-10-04 07:34 . 2008-10-22 18:51 -------- d-----w- c:\program files\Common Files\Acronis
2009-10-04 07:33 . 2009-10-04 07:33 902592 ----a-w- c:\windows\system32\drivers\tdrpm228.sys
2009-10-04 07:32 . 2008-10-22 18:52 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-10-04 07:32 . 2008-10-22 18:52 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-10-04 07:32 . 2008-10-22 18:52 138208 -c--a-w- c:\windows\system32\drivers\snapman.sys
2009-09-30 12:28 . 2009-03-13 21:12 -------- d-----w- c:\program files\ThreatFire
2009-09-29 10:27 . 2007-01-03 21:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-23 14:07 . 2009-09-23 13:44 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-09-23 14:07 . 2009-09-23 13:44 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-09-23 14:07 . 2009-09-23 13:44 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-09-23 12:22 . 2009-09-23 12:20 -------- d-----w- c:\program files\Panasonic
2009-09-22 10:38 . 2009-05-30 22:46 -------- d-----w- c:\documents and settings\Fazela\Application Data\dvdcss
2009-09-16 14:21 . 2006-12-17 14:22 33176 -c--a-w- c:\documents and settings\Fazela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 03:34 . 2008-10-07 16:39 4045528 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-10 19:54 . 2008-10-07 16:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-10-07 16:38 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 14:36 . 2009-09-04 14:36 0 ----a-w- c:\windows\system32\cd.dat
2008-10-08 23:40 . 2008-10-08 23:38 50689960 -c--a-w- c:\program files\avg_free_stf_en_8_173a1373.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-09_03.49.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-18 23:17 . 2009-11-18 23:17 16384 c:\windows\temp\Perflib_Perfdata_f3c.dat
+ 2009-11-18 23:17 . 2009-11-18 23:17 16384 c:\windows\temp\Perflib_Perfdata_580.dat
+ 2009-11-18 23:17 . 2009-11-18 23:17 16384 c:\windows\temp\Perflib_Perfdata_100.dat
+ 2009-11-18 22:42 . 2009-11-18 22:35 16384 c:\windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-06-20 19:08 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"cdloader"="c:\documents and settings\Fazela\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-14 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-11 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Enable Labtec Wireless Desktop.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Enable Labtec Wireless Desktop.lnk
backup=c:\windows\pss\Enable Labtec Wireless Desktop.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Documents and Settings\\Fazela\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"57124:TCP"= 57124:TCP:Pando Media Booster
"57124:UDP"= 57124:UDP:Pando Media Booster
"57479:TCP"= 57479:TCP:Pando Media Booster
"57479:UDP"= 57479:UDP:Pando Media Booster

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 9:32 AM 15328]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [10/4/2009 2:33 AM 902592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [9/23/2009 8:44 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [9/23/2009 8:44 AM 59664]
R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [9/14/2008 3:44 PM 140800]
R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [9/14/2008 3:44 PM 5248]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [12/14/2006 8:40 AM 12964]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 1:50 PM 9968]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\macrium reflect free\ReflectService.exe [8/6/2008 12:34 PM 216032]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [9/23/2009 8:44 AM 33552]
S1 SASKUTIL;SASKUTIL;\??\c:\superantispyware\SASKUTIL.sys --> c:\superantispyware\SASKUTIL.sys [?]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [9/23/2009 7:20 AM 17432]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [7/8/2008 1:39 PM 31712]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 1:50 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netscape.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?e4b23bd0b5ec4cd1a429ca8bc7552c68
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?e4b23bd0b5ec4cd1a429ca8bc7552c68
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\Fazela\Application Data\Mozilla\Firefox\Profiles\75umymae.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 18:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86D19770]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf770ff10
\Driver\ACPI -> ACPI.sys @ 0xf7682cb8
\Driver\atapi -> 0x86d19770
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e19a
ParseProcedure -> ntoskrnl.exe @ 0x8057c74d
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e19a
ParseProcedure -> ntoskrnl.exe @ 0x8057c74d
NDIS: Broadcom NetXtreme Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xf7390ba0
PacketIndicateHandler -> NDIS.sys @ 0xf739db21
SendHandler -> NDIS.sys @ 0xf737b87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll

- - - - - - - > 'lsass.exe'(1056)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(1992)
c:\program files\ThreatFire\TfWah.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFMon.dll
c:\program files\ThreatFire\TFRK.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\ThreatFire\TFService.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Fazela\Application Data\mjusbsp\magicJack.exe
.
**************************************************************************
.
Completion time: 2009-11-18 18:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-18 23:26
ComboFix2.txt 2009-11-18 22:42
ComboFix3.txt 2009-11-11 23:08
ComboFix4.txt 2009-11-10 03:06
ComboFix5.txt 2009-11-18 23:00

Pre-Run: 353,664,356,352 bytes free
Post-Run: 353,605,791,744 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 29B0120572D7A41D46E7B8156AA4D752

#18 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 18 November 2009 - 06:23 PM

Wakenaam,

I'm not finding the cause for the black icons. I suggest that you post in the Windows Forum and let the Tech Team have a shot at straightening things out. When you post there, please provide a link back to this thread so they can see the logs you provided here.

As far as malware goes, Log looks good :D


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

Please re-enable any security that was disabled.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#19 Wakenaam

Wakenaam

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 20 November 2009 - 05:41 AM

TomK: Read and understood all of the above. Thanks a million for your efforts. You are a model of perseverence and patience. I will just have to live with it. Take care. Cheers!!!

#20 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 20 November 2009 - 09:53 AM

Wakenaam, You shouldn't have to live with it. Please give the windows forum a try. The Tech Team is pretty impressive. I would not be at all surprised if they were to come up with the solution. Good luck and be Well. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#21 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 20 November 2009 - 09:54 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users