Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Notebook infected with System Tool and other malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 12th, 2011, 6:51 am

Hi,

Good! We're gain the access.
Please work on normal mode.
Ignore all request by antimalware doctor.
Please proceed.

First,
Rkill
Please download from one of the following links and save to your Desktop:
One, Two,Three or Four
  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Next,
Malwarebytes' Anti-Malware - Run
  • Double-click Malwarebytes' Anti-Malware to run the program.
  • Click on Update tab > Check for Updates.
  • Once done, click on Scanner tab, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Image
  • Refer to above image and then click Remove Selected to proceed.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


What you need to post
Checklist.
  • Content of MBAM log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia
Advertisement
Register to Remove

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 12th, 2011, 10:56 am

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6341

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/04/2011 10:55:41 AM
mbam-log-2011-04-12 (10-55-41).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 277742
Time elapsed: 1 hour(s), 8 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\Wsprvp.dll (Trojan.Hiloti.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upd_debug.exe (Trojan.FakeAlert) -> Value: upd_debug.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Value: *upd_debug.exe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\k70ccreloc.exe (Trojan.FakeAlert) -> Value: k70ccreloc.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kpabocifalut (Trojan.Hiloti.Gen) -> Value: Kpabocifalut -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\yji.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Work\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
c:\system volume information\_restore{70fd1db3-e30f-48ec-abea-2de81f03a8c6}\RP483\A0109975.exe (Trojan.Agent) -> Not selected for removal.
c:\system volume information\_restore{70fd1db3-e30f-48ec-abea-2de81f03a8c6}\RP481\A0105578.exe (Trojan.Agent) -> Not selected for removal.
c:\system volume information\_restore{70fd1db3-e30f-48ec-abea-2de81f03a8c6}\RP481\A0104511.exe (Trojan.Agent) -> Not selected for removal.
c:\documents and settings\default user\start menu\Programs\Startup\quiv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\start menu\Programs\Startup\vavyb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Work\start menu\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Work\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Work\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Work\start menu\Programs\Startup\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Work\local settings\temp\recsomnxaw.tmp (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Work\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Work\application data\e50896f890922196e4a03534de119750\upd_debug.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\documents and settings\Work\application data\e50896f890922196e4a03534de119750\k70ccreloc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Work\Desktop\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\TONY\start menu\Programs\Startup\viox.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Wsprvp.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\Qoobox\quarantine\C\documents and settings\networkservice\local settings\application data\yji.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 12th, 2011, 10:58 am

It also says "certain items could not be removed. A log file has been saved to the logs folder. Your computer needss to be restarted to complete the removal process. woudl yo ulike to restart now?
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 12th, 2011, 11:01 am

just restarted and it says: "Error loading C:\WINDOWS\Wsprvp.dll The specified module could not be found."
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 12th, 2011, 11:10 am

Hi,
Let's proceed.
Ignore about the warning, I will fix it soon. One of malware ;)

First,
ComboFix
Download ComboFix from the link provided. (DO NOT download ComboFix from anywhere else, only via the provided link)
Save as ComboFix.exe
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on Combo-Fix.exe & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


What you need to post
Checklist.
  • Content of ComboFix.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 12th, 2011, 11:38 am

ComboFix 11-04-11.04 - Work 12/04/2011 11:27:34.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.668 [GMT -4:00]
Running from: c:\documents and settings\Work\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Work\Application Data\Adobe\plugs
c:\documents and settings\Work\Application Data\Adobe\shed
c:\documents and settings\Work\Application Data\E50896F890922196E4A03534DE119750
c:\documents and settings\Work\Application Data\E50896F890922196E4A03534DE119750\enemies-names.txt
c:\documents and settings\Work\Application Data\E50896F890922196E4A03534DE119750\local.ini
c:\documents and settings\Work\Application Data\E50896F890922196E4A03534DE119750\lsrslt.ini
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}\chrome.manifest
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}\chrome\content\_cfg.js
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}\chrome\content\overlay.xul
c:\documents and settings\Work\Local Settings\Application Data\{A446C86B-722B-4179-93C0-9D304DA5BC8C}\install.rdf
c:\windows\ororiyijikere.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-11 20:53 . 2011-04-11 20:53 -------- d-----w- C:\found.001
2011-04-01 00:15 . 2011-04-01 16:45 -------- d-----w- c:\documents and settings\Work\Application Data\Axkoyz
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\documents and settings\Work\Application Data\Malwarebytes
2011-03-31 20:20 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 20:20 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 03:56 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-03-31 03:56 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-03-31 03:56 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-03-31 03:56 . 2011-01-07 18:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-03-31 03:52 . 2011-04-03 17:44 -------- d-----w- c:\program files\PC Tools Security
2011-03-31 03:52 . 2011-04-12 15:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-31 03:51 . 2011-04-03 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-03-18 17:53 . 2011-04-05 15:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-03_23.24.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-12 15:19 . 2011-04-12 15:19 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
+ 2008-08-09 14:32 . 2011-04-12 15:23 73418 c:\windows\system32\perfc009.dat
- 2008-08-09 14:32 . 2011-04-03 23:26 73418 c:\windows\system32\perfc009.dat
+ 2008-08-09 14:32 . 2011-04-12 15:23 445884 c:\windows\system32\perfh009.dat
- 2008-08-09 14:32 . 2011-04-03 23:26 445884 c:\windows\system32\perfh009.dat
+ 2009-07-04 18:21 . 2011-04-05 14:55 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-04 18:21 . 2011-04-03 22:41 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\TONY\Start Menu\Programs\Startup\
iRotate.lnk - c:\program files\iRotate\iRotate.exe [2008-6-1 58104]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Work\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]
.
[HKLM\~\startupfolder\C:^Documents and Settings^TONY^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\TONY\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^TONY^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\TONY\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIZMO2]
2008-11-17 16:34 2229512 ----a-w- c:\program files\GIZMO2\GIZMO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-13 03:08 21898024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [29/09/2010 5:21 PM 18432]
S0 3078356788;3078356788;c:\windows\system32\drivers\3078356788.sys --> c:\windows\system32\drivers\3078356788.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [30/03/2011 11:56 PM 247760]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [16/10/2009 10:21 PM 17408]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-01-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2010-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {531BF312-1783-41CA-9C4F-B7F769AD89B3} = 202.96.128.86,202.96.134.133
FF - ProfilePath - c:\documents and settings\Work\Application Data\Mozilla\Firefox\Profiles\7y7nndfk.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Smipil - c:\windows\ororiyijikere.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 11:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-04-12 11:36:22
ComboFix-quarantined-files.txt 2011-04-12 15:36
ComboFix2.txt 2011-04-05 01:09
ComboFix3.txt 2011-04-03 23:28
.
Pre-Run: 22,487,654,400 bytes free
Post-Run: 22,499,610,624 bytes free
.
- - End Of File - - 32A120B1D24D54C3AEAE1FEA029818B6
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 12th, 2011, 11:48 am

Hi,

Please reboot and tell me how's your system.. good enough?

Please proceed to run DDS once again, and provide the logs (DDS.txt and attach.txt) for my review.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 12th, 2011, 11:58 am

Nothing seems odd. No weird malware popups. Or weird window pop ups

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 28/10/2008 2:15:07 AM
System Uptime: 12/04/2011 11:52:26 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1000H
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 1710/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 80 GiB total, 20.979 GiB free.
D: is FIXED (NTFS) - 61 GiB total, 13.048 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP475: 16/01/2011 2:24:58 PM - Software Distribution Service 3.0
RP476: 17/01/2011 10:16:36 PM - System Checkpoint
RP477: 22/01/2011 11:41:30 AM - System Checkpoint
RP478: 23/01/2011 11:15:12 PM - System Checkpoint
RP479: 25/01/2011 6:33:32 PM - System Checkpoint
RP480: 28/01/2011 3:06:28 PM - System Checkpoint
RP481: 31/01/2011 9:00:50 PM - System Checkpoint
RP482: 03/04/2011 2:50:29 PM - Removed QuickTime
RP484: 04/04/2011 10:39:41 PM - System Checkpoint
RP485: 12/04/2011 12:19:50 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.4
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Alarm Clock v1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus ACPI Driver
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
DivX Setup
Eee Instant Key
Eee Storage 1.1.15.197
ETDWare PS/2-x86 7.0.4.3 WHQL
Foxit Reader
GIZMO ver.2
GraphCalc v4.0.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
iRotate
iTunes
Japanese Language Support
Java(TM) 6 Update 15
Jolicloud
Junk Mail filter update
LINGO 12.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Application Compatibility Database
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
Notepad++
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Opera 11.01
PDF Settings
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Samsung ML-1640 Series
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 3.6
SonicStage 4.3
Super Hybrid Engine
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WordWeb
.
==== Event Viewer Messages From Past Week ========
.
11/04/2011 10:00:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom i2omgmt Imapi redbook
11/04/2011 10:00:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Browser Defender Update Service service to connect.
11/04/2011 10:00:07 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
11/04/2011 10:00:07 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
.
==== End Of File ===========================
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 12th, 2011, 12:06 pm

Good!

I'm waiting for DDS.txt.

You had given me only attach.txt.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 12th, 2011, 12:07 pm

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Work at 11:56:11.89 on 12/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.612 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Work\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eeepc.asus.com/global
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\work\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/sh ... wswaxd.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {531BF312-1783-41CA-9C4F-B7F769AD89B3} = 202.96.128.86,202.96.134.133
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\work\applic~1\mozilla\firefox\profiles\7y7nndfk.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2010-9-29 18432]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-24 54752]
S0 3078356788;3078356788;c:\windows\system32\drivers\3078356788.sys --> c:\windows\system32\drivers\3078356788.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-3-30 247760]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-10-16 17408]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?]
.
=============== Created Last 30 ================
.
2011-04-11 20:53:02 -------- d-----w- C:\found.001
2011-04-03 22:52:26 -------- d-sha-r- C:\cmdcons
2011-04-03 22:47:56 98816 ----a-w- c:\windows\sed.exe
2011-04-03 22:47:56 89088 ----a-w- c:\windows\MBR.exe
2011-04-03 22:47:56 256512 ----a-w- c:\windows\PEV.exe
2011-04-03 22:47:56 161792 ----a-w- c:\windows\SWREG.exe
2011-04-01 00:15:51 -------- d-----w- c:\docume~1\work\applic~1\Axkoyz
2011-03-31 20:20:23 -------- d-----w- c:\docume~1\work\applic~1\Malwarebytes
2011-03-31 20:20:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 20:20:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-31 20:20:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 20:20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 03:56:43 767952 ----a-w- c:\windows\BDTSupport.dll
2011-03-31 03:56:43 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-03-31 03:56:43 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-03-31 03:56:42 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-03-31 03:52:59 -------- d-----w- c:\program files\PC Tools Security
2011-03-31 03:51:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
.
==================== Find3M ====================
.
2011-04-12 13:30:56 0 ----a-w- c:\windows\Cyikah.bin
2008-05-07 23:34:00 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
.
============= FINISH: 11:57:20.60 ===============
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 12th, 2011, 5:11 pm

Hi,
Looks good. We're almost done :)
Let's proceed.

First,
CFScript
  • Close any open browsers.
  • Open notepad and copy/paste the text in the code box below into it:
    Code: Select all
    DDS::
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    DirLook::
    c:\docume~1\work\applic~1\Axkoyz
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. A guide to do this can be found here
    Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Java is out of date.
It can be updated by the Java control panel
  • Click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Follow the prompts.

Next,
Update Adobe Reader.
You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than X are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.


Next,
ATF by Atribune
Please download HERE and save to the desktop. Double-click ATF Cleaner.exe to open it.
Under Main choose:
    choose: Select All
    Click the Empty Selected button.
if you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,
Kaspersky Online AV Scan
Note: Internet Explorer should be used.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next.

What you need to post
Checklist.
  • Content of CFScript.txt
  • Content of Kaspersky scan log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 12th, 2011, 5:41 pm

Hi I just did a drag and drop of CFScript.txt without the .txt onto combofix. I was doing this under safemode, do I have to scan again in normal mode? Thanks
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 12th, 2011, 5:51 pm

Why run under safe mode?
Normal mode doesn't work?

Proceed with remaining instruction in normal mode
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 12th, 2011, 5:52 pm

Oh it works, just a habit... Ok I'll proceed with the next step under normal mode.
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 12th, 2011, 6:17 pm

Kaspersky scan logs coming soon. :D


ComboFix 11-04-11.04 - Work 12/04/2011 17:28:48.4.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.797 [GMT -4:00]
Running from: c:\documents and settings\Work\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Work\My Documents\Downloads\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-11 20:53 . 2011-04-11 20:53 -------- d-----w- C:\found.001
2011-04-01 00:15 . 2011-04-01 16:45 -------- d-----w- c:\documents and settings\Work\Application Data\Axkoyz
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\documents and settings\Work\Application Data\Malwarebytes
2011-03-31 20:20 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-31 20:20 . 2011-03-31 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 20:20 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 03:56 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-03-31 03:56 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-03-31 03:56 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-03-31 03:56 . 2011-01-07 18:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-03-31 03:52 . 2011-04-03 17:44 -------- d-----w- c:\program files\PC Tools Security
2011-03-31 03:52 . 2011-04-12 15:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-31 03:51 . 2011-04-03 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-07 23:34 . 2008-09-11 13:03 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-03-18 17:53 . 2011-04-05 15:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\docume~1\work\applic~1\Axkoyz ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-03_23.24.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-09 14:32 . 2011-04-12 18:52 72020 c:\windows\system32\perfc009.dat
+ 2008-08-09 14:32 . 2011-04-12 18:52 444336 c:\windows\system32\perfh009.dat
+ 2009-07-04 18:21 . 2011-04-05 14:55 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-04 18:21 . 2011-04-03 22:41 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\TONY\Start Menu\Programs\Startup\
iRotate.lnk - c:\program files\iRotate\iRotate.exe [2008-6-1 58104]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Work\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-11 311296]
.
[HKLM\~\startupfolder\C:^Documents and Settings^TONY^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\TONY\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^TONY^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\TONY\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIZMO2]
2008-11-17 16:34 2229512 ----a-w- c:\program files\GIZMO2\GIZMO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-13 03:08 21898024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
S0 3078356788;3078356788;c:\windows\system32\drivers\3078356788.sys --> c:\windows\system32\drivers\3078356788.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [30/03/2011 11:56 PM 247760]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [29/09/2010 5:21 PM 18432]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [16/10/2009 10:21 PM 17408]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHELP20
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2938096170-2462371691-3002030570-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-01-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2010-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2938096170-2462371691-3002030570-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {531BF312-1783-41CA-9C4F-B7F769AD89B3} = 202.96.128.86,202.96.134.133
FF - ProfilePath - c:\documents and settings\Work\Application Data\Mozilla\Firefox\Profiles\7y7nndfk.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 17:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(248)
c:\windows\system32\WININET.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\windows\system32\ieframe.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
.
Completion time: 2011-04-12 17:39:52
ComboFix-quarantined-files.txt 2011-04-12 21:39
ComboFix2.txt 2011-04-12 15:36
ComboFix3.txt 2011-04-05 01:09
ComboFix4.txt 2011-04-03 23:28
.
Pre-Run: 22,479,876,096 bytes free
Post-Run: 22,466,854,912 bytes free
.
- - End Of File - - 9565BE388AD4313888B9651FDC90891D
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware