Tech Support Forum banner
Status
Not open for further replies.
1 - 20 of 55 Posts

· Registered
Joined
·
93 Posts
Discussion Starter · #1 ·
So I've been noticing problems within the last couple of weeks.

Twice now my hosting company has blocked my IP saying that I'm accessing their site numerous times within seconds. The first time I thought it was b/c I pressed on "get mail" several times in a row, but today they said it happened when I wasn't even at my desk.

I'm also having problems with Fx. I don't know if it's the new version I just upgraded to 3.6.14, but I can't access this site... Fiverr works fine in Chrome.

There are also times when my website coder changes something on one of our sites, I can't see the change, but he can.

Fx has been running very slow at times & sometimes it can take 2-4 minutes to load a webpage even though there should be nothing stopping it.

Ok, so I followed the instructions & while the DDR worked fine, I had a huge problem with GMER. It didn't ask me to click no or yes & within seconds it froze my mouse, then went black, then I got blue screen - Kernel_stack_inpage_error. I had to reboot.

Here are the other 2 files.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michelle at 19:09:13.68 on Tue 03/08/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1592 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
D:\Notes\LogMeIn\x86\RaMaint.exe
D:\Notes\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
D:\Notes\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\dds(2).scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Personal Assistant] c:\program files\shelltoys\personal assistant\assistant.exe
uRun: [Google Update] "c:\documents and settings\michelle\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RCUI] "c:\program files\ringcentral\ringcentral call controller\RCUI.exe"
uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [rmtemp] cmd /c c:\dostools\rmtemp.bat
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogMeIn GUI] "d:\notes\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\michelle\applic~1\mozilla\firefox\profiles\vc1po946.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice...http://www.odesk.com|http://67.23.225.17:2082
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\michelle\application data\mozilla\firefox\profiles\vc1po946.default\extensions\[email protected]\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\michelle\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\michelle\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\michelle\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Area deCoder: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Smart Bookmarks Bar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LastPass: [email protected] - %profile%\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-22 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-10 61960]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2010-6-29 152576]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\notes\logmein\x86\LMIGuardianSvc.exe [2010-9-16 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\notes\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-24 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-27 363344]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2011-2-22 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2011-2-22 11520]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-2-22 245760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-27 20952]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-7-25 49208]
S2 bomgar-scc-1291058205;Bomgar Support Customer Client [1291058205];"c:\documents and settings\all users\application data\bomgar-scc-4cf3fc1d\bomgar-scc.exe" -service:run --> c:\documents and settings\all users\application data\bomgar-scc-4cf3fc1d\bomgar-scc.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 cpuz129;cpuz129;\??\c:\docume~1\michelle\locals~1\temp\cpuz_x32.sys --> c:\docume~1\michelle\locals~1\temp\cpuz_x32.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-12-10 27064]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-02-23 00:17:56 71424 -c--a-r- c:\windows\system32\drivers\BrSerIb.sys
2011-02-23 00:17:56 11520 -c--a-r- c:\windows\system32\drivers\BrUsbSib.sys
2011-02-23 00:17:16 61440 -c--a-w- c:\windows\system32\brprtink.dll
2011-02-23 00:17:03 73728 -c----w- c:\windows\system32\BRCrypt.dll
2011-02-23 00:17:01 -------- dc----w- c:\program files\Browny02
2011-02-23 00:16:51 118784 -c----w- c:\windows\system32\BrMfNt.dll
2011-02-23 00:16:50 126976 -c----w- c:\windows\system32\BrfxD05b.dll
2011-02-07 04:51:09 -------- dc----w- c:\program files\SUPERAntiSpyware
.
==================== Find3M ====================
.
2011-01-21 14:44:37 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 -c--a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 -c--a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 -c--a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 -c--a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 -c----w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 -c----w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:10:09.82 ===============


Thank you


Michelle
 

Attachments

· Registered
Joined
·
447 Posts
Hello and welcome to Tech Support Forum.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
 

· Registered
Joined
·
447 Posts
Hello ep2002 :smile:,

From your logs, it appears to me that your computer is a corporate or business computer.

Although the intention of this forum is to help people with their malware problems, it is somewhat limited to personal and home computers. We are also not here to replace any company's IT department. As such, I am unable to proceed further with the fixes on your computer due to our policy in dealings with corporate or business computers. It is not that we do not want to help, but there are many legal implications that we are not ready nor willing to face. We do not wish to be held liable for any sensitive materials in the computer that may have been compromised prior to or during the malware removal process.

Please inform your IT department immediately when any computer is infected. There could be more than one machine at stake, possibly even the server. You may directly go the local computer shops if it is a personal business.

Thank you for your understanding. Let me know if you have any further questions.
 

· Registered
Joined
·
93 Posts
Discussion Starter · #6 ·
I am a small company & this is my personal home & biz computer. I work from home, there is NO IT dept., otherwise I would have had them fix it already. I don't have money to spend on expensive geeks otherwise again, I wouldn't be here & I have tried to find someone in the past & haven't been able to find anyone I trust who isn't going got charge me $200 or more..

I'm very upset now as I waited over a week to get help with this & I know my computer has been compromised.

I've never had any forum refuse to help me with my computer & I didn't read this mentioned here at all that if you work from home you won't help us. There are hundreds of thousands of people online who work from home!


Michelle
 

· Registered
Joined
·
447 Posts
Hello ep2002 :smile:,

In consideration of your situation and with consent from the moderators, I will help you through the problem provided that you are comfortable with the information that will be displayed from your logs to the public. This should not be an option if you have sensitive information on board the computer.

Since you have backup programs as well, please backup important data before we proceed because malware removal is a hazardous undertaking and we will not know what will happen along the way. As a preventive measure, backing up would be a very good idea.

--------------------

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Forum Rules and NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • Please read the instructions carefully and follow them closely, in the order they are presented to you.
  • If you have any doubts or problems during the fix, please stop and ask.
  • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
  • Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
  • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Please rerun DDS and post back both DDS.txt and Attach.txt. I need the latest information after so many days. You can copy and paste the contents in your reply.

--------------------

Please post back:
1. new DDS logs, if comfortable and agree to continue
 

· Registered
Joined
·
93 Posts
Discussion Starter · #8 ·
Thank you
-------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michelle at 2:56:15.53 on Sun 03/20/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.784 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
D:\Notes\LogMeIn\x86\RaMaint.exe
D:\Notes\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
D:\Notes\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Downloads\dds(2).scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Personal Assistant] c:\program files\shelltoys\personal assistant\assistant.exe
uRun: [Google Update] "c:\documents and settings\michelle\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RCUI] "c:\program files\ringcentral\ringcentral call controller\RCUI.exe"
uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_Plugin.exe -update plugin
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [rmtemp] cmd /c c:\dostools\rmtemp.bat
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogMeIn GUI] "d:\notes\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program

files\evernote\evernote3.5\enbar.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\michelle\applic~1\mozilla\firefox\profiles\vc1po946.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage -

hxxp://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/logi

n/login.asp?pr=6|https://www.secure-ebook.com/login..../www.fiverr.com/|http://www.odesk.com|http://

67.23.225.17:2082
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\michelle\application

data\mozilla\firefox\profiles\vc1po946.default\extensions\[email protected]\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\michelle\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\michelle\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\michelle\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla

firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Area deCoder: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Smart Bookmarks Bar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

%profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LastPass: [email protected] - %profile%\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-22 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-10 61960]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2010-6-29 152576]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\notes\logmein\x86\LMIGuardianSvc.exe [2010-9-16 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\notes\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-24 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-27 363344]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2011-2-22 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2011-2-22 11520]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-2-22 245760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-27 20952]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-7-25 49208]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-27 38224]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-22 11608]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S2 bomgar-scc-1291058205;Bomgar Support Customer Client [1291058205];"c:\documents and settings\all users\application

data\bomgar-scc-4cf3fc1d\bomgar-scc.exe" -service:run --> c:\documents and settings\all users\application

data\bomgar-scc-4cf3fc1d\bomgar-scc.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 cpuz129;cpuz129;\??\c:\docume~1\michelle\locals~1\temp\cpuz_x32.sys --> c:\docume~1\michelle\locals~1\temp\cpuz_x32.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-12-10 27064]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-02-23 00:17:56 71424 -c--a-r- c:\windows\system32\drivers\BrSerIb.sys
2011-02-23 00:17:56 11520 -c--a-r- c:\windows\system32\drivers\BrUsbSib.sys
2011-02-23 00:17:16 61440 -c--a-w- c:\windows\system32\brprtink.dll
2011-02-23 00:17:03 73728 -c----w- c:\windows\system32\BRCrypt.dll
2011-02-23 00:17:01 -------- dc----w- c:\program files\Browny02
2011-02-23 00:16:51 118784 -c----w- c:\windows\system32\BrMfNt.dll
2011-02-23 00:16:50 126976 -c----w- c:\windows\system32\BrfxD05b.dll
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 -c--a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 -c--a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 -c--a-w- c:\windows\system32\html.iec
.
============= FINISH: 2:57:02.64 ===============
 

Attachments

· Registered
Joined
·
447 Posts
Hello ep2002 :smile:,

You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.

--------------------

Please close all programs and do not run any others before and during the Rootkit Unhooker scan. Do not use the computer for anything else until after the scan is completed.

Run Rootkit Unhooker
  • Start Rookit Unhooker by going to Start > All Programs >, then Rookit Unhooker LE and click on RkU.
  • Click the Report tab, then click Scan.
  • Ensure the following are checked (ticked):
    • Drivers
    • Stealth Code
    • Files
    • Code Hooks
  • Uncheck the rest, then click OK. An initial scan will be performed.
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
  • Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
  • Save the report somewhere you can find it. Click Close to exit.
  • Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the previous MBAM report
2. Rootkit Unhooker log
 

· Registered
Joined
·
93 Posts
Discussion Starter · #10 ·
I will run the other thing in a minute when I'm finished my work.

Also my TB isn't working. I lost my entire Local Folders inbox :( & also the search function isn't bringing up e-mails that I know are there in my "sent" folder.

Just letting you know the other symptoms I'm getting.

Thanks


02:36:04 Michelle MESSAGE Scheduled update executed successfully
02:36:04 Michelle MESSAGE IP Protection stopped
02:36:07 Michelle MESSAGE Scheduled scan executed successfully
02:36:13 Michelle MESSAGE Database updated successfully
02:36:16 Michelle MESSAGE IP Protection started successfully
02:45:43 Michelle IP-BLOCK 67.228.12.59 (Type: outgoing)
05:36:00 Michelle MESSAGE Scheduled scan executed successfully
10:36:04 Michelle MESSAGE Scheduled update executed successfully
10:36:04 Michelle MESSAGE IP Protection stopped
10:36:07 Michelle MESSAGE Scheduled scan executed successfully
10:36:13 Michelle MESSAGE Database updated successfully
10:36:15 Michelle MESSAGE IP Protection started successfully
13:36:05 Michelle MESSAGE Scheduled update executed successfully
13:36:05 Michelle MESSAGE IP Protection stopped
13:36:08 Michelle MESSAGE Scheduled scan executed successfully
13:36:12 Michelle MESSAGE Database updated successfully
13:36:15 Michelle MESSAGE IP Protection started successfully
15:36:04 Michelle MESSAGE Scheduled update executed successfully
15:36:04 Michelle MESSAGE IP Protection stopped
15:36:07 Michelle MESSAGE Scheduled scan executed successfully
15:36:12 Michelle MESSAGE Database updated successfully
15:36:14 Michelle MESSAGE IP Protection started successfully
 

· Registered
Joined
·
447 Posts
Hello ep2002 :smile:,

Lets download a new copy.

Please close all programs and do not run any others before and during the Rootkit Unhooker scan. Do not use the computer for anything else until after the scan is completed.

Please download Rootkit Unhooker and save it to your desktop. Click here.
  • Double click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Ensure the following are checked (ticked):
    • Drivers
    • Stealth Code
    • Files
    • Code Hooks
  • Uncheck the rest, then click OK. An initial scan will be performed.
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
  • Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
  • Save the report somewhere you can find it. Click Close to exit.
  • Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the Rootkit Unhooker log
 

· Registered
Joined
·
93 Posts
Discussion Starter · #15 ·
Ok, that was way too long to fit in here, so I have to attach it.

Also I just wanted to let you know it didn't install, it ran, so I still have the same problem with it only showing up with the uninstall under programs.

Thanks


Michelle
 

Attachments

· Registered
Joined
·
447 Posts
Hello ep2002 :smile:,

I see signs of Combofix on your computer.

While you may see ComboFix being used quite often and without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool).

Going forward, I highly recommend you heed such instructions.

As stated by the author of ComboFix:
ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there are any rootkits present and how they could affect our tools. Thus, we use preliminary scans like DDS and GMER and their logs to map our strategy for attack.

With these logs, we can determine the infections present and decide whether to deploy ComboFix.
That said, the log it produced contains valuable information. Kindly post the ComboFix log, C:\ComboFix.txt.

--------------------

Please uninstall the following security programs:
Spybot - Search & Destroy
SUPERAntiSpyware


You already have MBAM's real time protection. The others will only conflict and slow down the computer.

I need you to disable the real time protection of these temporarily as well:
Avira AntiVir Personal - Free Antivirus
Malwarebytes' Anti-Malware


Please reactivate them after you completed a rerun of Rootkit Unhooker and post back the latest log. You must minimize your activities online when active protection is off.

--------------------

I want you to update MBAM and run a scan.
  • Open MBAM and click on the Update tab, then Check for Updates.
  • When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
  • Leave the default options as it is and click on Start Scan.
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Please post back:
1. the previous ComboFix log
2. fresh Rootkit Unhooker log
3. new MBAM result
 

· Registered
Joined
·
93 Posts
Discussion Starter · #17 ·
Ok, I would never use any of those programs without supervision. I have it on my computer b/c I was told to put it there by another forum.

I can't find a way to get you logs.

Here's a SS of what I'm seeing.

Thanks


Michelle
P.S. I have to find time to do the rootkit again. Very busy right now. Hopefully in a bit.
 

Attachments

· Registered
Joined
·
93 Posts
Discussion Starter · #19 ·
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6123

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/21/2011 7:43:32 PM
mbam-log-2011-03-21 (19-43-32).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 295249
Time elapsed: 37 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

· Registered
Joined
·
447 Posts
Hello ep2002 :smile:,

Go to Start > Run.... Copy and paste the following text into the white box:
Code:
c:\combofix.txt
Click OK. The ComboFix log will open if available. Please post the contents. Otherwise, you will get an error message. Just move on to the next step.

--------------------

Please download OTL© by OldTimer from one of the links below and save it to your desktop.

Link 1
Link 2

Scan with OTL
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options is checked (ticked). There are six of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please post back:
1. the OTL logs (OTL.txt and Extras.txt)
 
1 - 20 of 55 Posts
Status
Not open for further replies.
Top