Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware defender

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware defender

Unread postby mia » January 12th, 2010, 7:04 pm

I found malware defender in my computer and could not clean it with my antivirusprotection (Eset nod32).
Here is the post from combofix and i would be happy if you can help me
/Mia

ComboFix 10-01-12.02 - meal 2010-01-12 23:25:08.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.495.136 [GMT 1:00]
Körs från: c:\documents and settings\meal\Skrivbord\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\BM2a3d27dc.txt
c:\windows\cookies.ini
c:\windows\pskt.ini
c:\windows\system32\Cache
c:\windows\system32\fccbASLc.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTmikyxuijxt.dat
c:\windows\system32\H8SRTtbbmqppfao.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\pagefileconfig.vbs
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys


(((((((((((((((((((((((( Filer Skapade från 2009-12-12 till 2010-01-12 ))))))))))))))))))))))))))))))
.

2010-01-12 21:42 . 2009-11-10 09:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-12 21:42 . 2009-11-10 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-12 21:42 . 2009-11-10 09:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-12 21:42 . 2009-11-10 09:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-12 21:42 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-12 21:42 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-01-12 21:41 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-12 21:41 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-12 21:41 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-12 21:41 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-12 21:40 . 2010-01-12 21:40 -------- d-----w- c:\program\Delade filer\PC Tools
2010-01-12 21:40 . 2010-01-12 21:40 -------- d-----w- c:\program\Spyware Doctor
2010-01-12 21:40 . 2010-01-12 21:40 -------- d-----w- c:\documents and settings\meal\Application Data\PC Tools
2010-01-12 21:40 . 2010-01-12 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-12 21:39 . 2010-01-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-09 20:40 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-09 20:40 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-09 20:37 . 2003-04-24 11:00 28160 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-22 10:51 . 2009-12-22 10:51 -------- d-----w- C:\Voddler

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 06:09 . 1979-12-31 23:00 498702 ----a-w- c:\windows\system32\perfh01D.dat
2010-01-12 06:09 . 1979-12-31 23:00 104592 ----a-w- c:\windows\system32\perfc01D.dat
2010-01-09 21:54 . 2009-07-24 17:04 921632 ----a-w- C:\PA7311.DAT
2009-10-29 07:46 . 2006-06-23 12:30 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 08:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 1979-12-31 23:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2004-08-04 08:33 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2004-08-04 08:33 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program\DNA\btdna.exe" [2009-11-07 323392]
"DAEMON Tools Lite"="c:\program\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-06-23 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-06-23 114688]
"SoundMan"="SOUNDMAN.EXE" [2003-06-20 55296]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 88267]
"Apoint"="c:\program\Apoint2K\Apoint.exe" [2003-06-23 147456]
"LManager"="c:\program\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 155648]
"PWRISOVM.EXE"="c:\program\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"GrooveMonitor"="c:\program\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program\Winamp\winampa.exe" [2008-03-27 36352]
"SunJavaUpdateSched"="c:\program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"egui"="c:\program\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\meal\Start-meny\Program\Autostart\
BitTorrent.lnk - c:\program\BitTorrent\bittorrent.exe [2008-2-11 654128]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Gamma Loader.exe.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-2 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program\\Opera\\Opera.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-01-12 207792]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-10-25 716272]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-05-14 94360]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-12 112592]
R2 ekrn;ESET Service;c:\program\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 CB102;LevelOne 10/100Mbps 32bit iPort PC Card;c:\windows\system32\drivers\cb102.sys [2001-09-14 42752]
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program\Spyware Doctor\pctsAuxs.exe [2010-01-12 359624]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://thepiratebay.org/
IE: E&xport to Microsoft Excel - c:\program\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Comp ... eQuery.dll
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

BHO-{55415FD9-41DA-4019-B319-A95EE608A0DE} - c:\windows\system32\khfCvUoN.dll
BHO-{83ccca3f-5133-4433-afa1-b340592a49a5} - c:\windows\system32\tvpqxirv.dll
HKLM-Run-BM2a3d27dc - c:\windows\system32\ujakdaaq.dll
Notify-fccbASLc - fccbASLc.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 23:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys spjk.sys >>UNKNOWN [0x85792938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75fcf28
\Driver\ACPI -> ACPI.sys @ 0xf743acb8
\Driver\atapi -> atapi.sys @ 0xf7391b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/Wireless LAN 2100 3B Mini PCI Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf72ecbb0
PacketIndicateHandler -> NDIS.sys @ 0xf72dba0d
SendHandler -> NDIS.sys @ 0xf72efb40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\program\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\windows\System32\PAStiSvc.exe
c:\program\Apoint2K\Apntex.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Sluttid: 2010-01-12 23:43:29 - datorn startades om.
ComboFix-quarantined-files.txt 2010-01-12 22:43

Före genomsökningen: 591 593 472 byte ledigt
Efter genomsökningen: 4 851 990 528 byte ledigt

- - End Of File - - 65EA5CF77C4F8BB984B7B3910DFE088C
mia
Active Member
 
Posts: 1
Joined: January 12th, 2010, 6:53 pm
Advertisement
Register to Remove

Re: malware defender

Unread postby NonSuch » January 12th, 2010, 8:24 pm

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log. Also include your ComboFix log in the same post.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware