WiredWX Hobby Weather ToolsLog in

 


812 Infected files

2 posters

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
In Malwarebytes I did remove the files infected that was checked and they quaranteened them. Then I wasn't able to get on the internet.

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
FYI: The postings above of Malwarebytes and OTL was posted before I removed anything on malwarebytes. No action taken... was scanned while it was infected.

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
Hello.
Download this from the other computer if needed, then transport it to the infected machine via CD or USB.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    812 Infected files - Page 2 CF_download_FF

    812 Infected files - Page 2 CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    812 Infected files - Page 2 Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    812 Infected files - Page 2 Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
Before Combofix downloaded a WARNING said ::
{It had detected the following real time scanners to be active: SMART INTERNET PROTECTION 2011
Antiviurs and intrusion prevention programs are known to interfere with Combofix's running. This may lead to unpredictable results or possible machine damage Please diable these scanners before clicking OK.}

Tried to find where to disable it but could not find the program. I will wait to here back from you before I move forward with the Combofix download.
Thanks~

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
Before Combofix downloaded a WARNING said ::
{It had detected the following real time scanners to be active: SMART INTERNET PROTECTION 2011
Antiviurs and intrusion prevention programs are known to interfere with Combofix's running. This may lead to unpredictable results or possible machine damage Please diable these scanners before clicking OK.}

Tried to find where to disable it but could not find the program. I will wait to here back from you before I move forward with the Combofix download.
Thanks~

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
Hello.
That program it warns about is the infection itself, I have another user with EXACTLY the same stuff, ignore the warning and go on with Combofix.

description812 Infected files - Page 2 EmptyCombofix Results

more_horiz
Thank You! i am now able to get on the internet.
ComboFix 11-02-13.03 - user 02/14/2011 7:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.278 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
AV: Smart Internet Protection 2011 *Enabled/Updated* {52776A8B-684E-4EE8-892A-83A970D871F2}
FW: Smart Internet Protection 2011 *Enabled* {21F241E5-11DB-4EAB-9C15-8EB865E23069}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\c355bd
c:\documents and settings\All Users\Application Data\c355bd\37.mof
c:\documents and settings\All Users\Application Data\c355bd\BackUp\Dropbox.lnk
c:\documents and settings\All Users\Application Data\c355bd\c355bdb1f3053233cea3e9c3032415df.ocx
c:\documents and settings\All Users\Application Data\c355bd\s1u8noxnz6cdwm9q0ghgw.dll
c:\documents and settings\All Users\Application Data\c355bd\SIP.ico
c:\documents and settings\user\GoToAssistDownloadHelper.exe
c:\documents and settings\user\Recent\ANTIGEN.exe
c:\documents and settings\user\Recent\cb.dll
c:\documents and settings\user\Recent\CLSV.dll
c:\documents and settings\user\Recent\DBOLE.tmp
c:\documents and settings\user\Recent\eb.dll
c:\documents and settings\user\Recent\eb.tmp
c:\documents and settings\user\Recent\FS.tmp
c:\documents and settings\user\Recent\kernel32.exe
c:\documents and settings\user\Recent\kernel32.tmp
c:\documents and settings\user\Recent\PE.drv
c:\documents and settings\user\Recent\PE.sys
c:\documents and settings\user\Recent\ppal.dll
c:\documents and settings\user\Recent\runddl.tmp
c:\documents and settings\user\Recent\runddlkey.sys
c:\documents and settings\user\Recent\snl2w.sys
c:\documents and settings\user\Recent\tjd.exe
c:\program files\Shared
c:\program files\Shared\shared.sig

.
((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.

2011-02-10 13:52 . 2011-02-10 13:52 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-10 00:12 . 2011-02-10 00:12 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-02-10 00:12 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 00:12 . 2011-02-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-10 00:12 . 2011-02-10 00:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-10 00:12 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-09 21:24 . 2011-02-09 21:24 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SIMRMXP
2011-02-01 14:02 . 2011-02-01 14:03 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 23:09 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-03 22:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-03 22:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-03 21:17 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-03 22:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-03 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2004-08-03 22:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-03 22:56 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-03 22:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-03 21:20 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2008-11-06 06:14 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-07-11 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\user\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\user\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-06 05:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-07-11 17:21 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-08 18:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

S1 MpKsl64d7bcbb;MpKsl64d7bcbb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04E3D5A8-62DC-4CF0-88C8-166BBFDF5E01}\MpKsl64d7bcbb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04E3D5A8-62DC-4CF0-88C8-166BBFDF5E01}\MpKsl64d7bcbb.sys [?]
S1 MpKsla49eaa54;MpKsla49eaa54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0422D730-AA49-48AD-B449-657FD0185C8E}\MpKsla49eaa54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0422D730-AA49-48AD-B449-657FD0185C8E}\MpKsla49eaa54.sys [?]
S1 MpKslfa5f28e1;MpKslfa5f28e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E51E67-F46C-4C53-8967-030E706016A9}\MpKslfa5f28e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E51E67-F46C-4C53-8967-030E706016A9}\MpKslfa5f28e1.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 2:58 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:58]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:58]

2011-02-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2011-02-14 c:\windows\Tasks\User_Feed_Synchronization-{067867CE-A4D9-47D3-9EE5-CCA2889E9A4D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:25493
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-14 07:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\user\LOCALS~1\Temp\Perflib_Perfdata_9cc.dat

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-02-14 07:17:51
ComboFix-quarantined-files.txt 2011-02-14 12:17

Pre-Run: 19,719,585,792 bytes free
Post-Run: 21,708,537,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4C4ED6A08254DC6D494C85D12A0FFA91

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
Also, do you recommend a free anti virus / security software?

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
Hello.
Yes, but we need to finish this off first.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:25493

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    812 Infected files - Page 2 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

description812 Infected files - Page 2 EmptyComboFix.txt Log

more_horiz
ComboFix 11-02-14.02 - user 02/15/2011 8:38.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.281 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Smart Internet Protection 2011 *Enabled/Updated* {52776A8B-684E-4EE8-892A-83A970D871F2}
FW: Smart Internet Protection 2011 *Enabled* {21F241E5-11DB-4EAB-9C15-8EB865E23069}
.

((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.

2011-02-10 13:52 . 2011-02-10 13:52 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-10 00:12 . 2011-02-10 00:12 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-02-10 00:12 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 00:12 . 2011-02-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-10 00:12 . 2011-02-10 00:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-10 00:12 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-09 21:24 . 2011-02-09 21:24 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SIMRMXP
2011-02-01 14:02 . 2011-02-01 14:03 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 23:09 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-03 22:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-03 22:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-03 21:17 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-03 22:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-03 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2004-08-03 22:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-03 22:56 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-03 22:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-03 21:20 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2008-11-06 06:14 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-14_12.14.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-15 13:14 . 2011-02-15 13:14 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-07-11 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\user\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\user\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-06 05:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-07-11 17:21 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-08 18:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

S1 MpKsl64d7bcbb;MpKsl64d7bcbb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04E3D5A8-62DC-4CF0-88C8-166BBFDF5E01}\MpKsl64d7bcbb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04E3D5A8-62DC-4CF0-88C8-166BBFDF5E01}\MpKsl64d7bcbb.sys [?]
S1 MpKsla49eaa54;MpKsla49eaa54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0422D730-AA49-48AD-B449-657FD0185C8E}\MpKsla49eaa54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0422D730-AA49-48AD-B449-657FD0185C8E}\MpKsla49eaa54.sys [?]
S1 MpKslfa5f28e1;MpKslfa5f28e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E51E67-F46C-4C53-8967-030E706016A9}\MpKslfa5f28e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E51E67-F46C-4C53-8967-030E706016A9}\MpKslfa5f28e1.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 2:58 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:58]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:58]

2011-02-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2011-02-15 c:\windows\Tasks\User_Feed_Synchronization-{067867CE-A4D9-47D3-9EE5-CCA2889E9A4D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 08:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(500)
c:\windows\system32\WININET.dll
c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-15 08:46:33
ComboFix-quarantined-files.txt 2011-02-15 13:46
ComboFix2.txt 2011-02-14 12:17

Pre-Run: 21,708,812,288 bytes free
Post-Run: 21,698,551,808 bytes free

- - End Of File - - AD8CBEF59A4690E74F042652EA007948

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
Hello.
One more time, missed something.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    KILLALL::

    SecCenter::
    {52776A8B-684E-4EE8-892A-83A970D871F2}
    {21F241E5-11DB-4EAB-9C15-8EB865E23069}

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    812 Infected files - Page 2 Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
ComboFix 11-02-15.04 - user 02/16/2011 6:29.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.310 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFSCript.txt
.

((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-10 13:52 . 2011-02-10 13:52 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-02-10 00:12 . 2011-02-10 00:12 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2011-02-10 00:12 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-10 00:12 . 2011-02-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-02-10 00:12 . 2011-02-10 00:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-10 00:12 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-09 21:24 . 2011-02-09 21:24 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SIMRMXP
2011-02-01 14:02 . 2011-02-01 14:03 -------- d-----w- c:\program files\Common Files\Adobe
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 23:09 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-03 22:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-03 22:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-03 21:17 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-03 22:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-03 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:59 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 17:26 . 2004-08-03 22:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-03 22:56 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-03 22:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-03 21:20 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2008-11-06 06:14 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-07-11 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\user\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\user\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-06 05:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-07-11 17:21 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-08 18:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

S1 MpKsl64d7bcbb;MpKsl64d7bcbb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04E3D5A8-62DC-4CF0-88C8-166BBFDF5E01}\MpKsl64d7bcbb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04E3D5A8-62DC-4CF0-88C8-166BBFDF5E01}\MpKsl64d7bcbb.sys [?]
S1 MpKsla49eaa54;MpKsla49eaa54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0422D730-AA49-48AD-B449-657FD0185C8E}\MpKsla49eaa54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0422D730-AA49-48AD-B449-657FD0185C8E}\MpKsla49eaa54.sys [?]
S1 MpKslfa5f28e1;MpKslfa5f28e1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E51E67-F46C-4C53-8967-030E706016A9}\MpKslfa5f28e1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0E51E67-F46C-4C53-8967-030E706016A9}\MpKslfa5f28e1.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 2:58 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:58]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:58]

2011-02-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2011-02-16 c:\windows\Tasks\User_Feed_Synchronization-{067867CE-A4D9-47D3-9EE5-CCA2889E9A4D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 06:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\WININET.dll
c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2011-02-16 06:43:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-16 11:43
ComboFix2.txt 2011-02-15 13:46
ComboFix3.txt 2011-02-14 12:17

Pre-Run: 21,578,641,408 bytes free
Post-Run: 21,674,528,768 bytes free

- - End Of File - - 93EF249D3749C3F4478FF3768FA2626C

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=74e89845056d1d40acb6df99a73e6fbe
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-17 04:08:34
# local_time=2011-02-16 11:08:34 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 41905608 41905608 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=30555
# found=2
# cleaned=2
# scan_time=1321
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\c355bd\37.mof.vir Win32/RogueAV.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{93B34E15-622C-4AF7-B74D-564273CC8132}\RP475\A0140879.mof Win32/RogueAV.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=74e89845056d1d40acb6df99a73e6fbe
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-17 04:40:12
# local_time=2011-02-16 11:40:12 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 41906993 41906993 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=35767
# found=1
# cleaned=1
# scan_time=1835
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\45\34b2d7ed-718727ec Java/TrojanDownloader.OpenConnection.CU trojan (deleted - quarantined) 00000000000000000000000000000000 C

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

How is the machine running now?

description812 Infected files - Page 2 EmptyRe: 812 Infected files

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum