WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Problem with some malware

2 posters

descriptionProblem with some malware EmptyProblem with some malware5th January 2010, 4:48 am

more_horiz
Or at least I think it's malware. About a week ago I received some sort malware that brought up alerts all the time and tried to make me buy some antivirus service. My friend checked around my computer and he told me that it happened to him to, he'd seen one of the files (winupdate86.exe) before and just looked on the internet for instructions on how to remove it, told me to do the same. I looked online and it gave me a list of files to delete, which I did, and then use a certain program to reverse the lock on task manager, which I did. Now I have a problem where whenever I start up, I cannot see my desktop. I simply have a black screen, and I can see the mouse pointer.

I am able to start task manager and open things, which is how I'm here posting this, but i have no desktop or taskbar at all. I believed the malware was still on my computer, so I happened upon geekpolice.net and used your instructions on how to remove it(these ones: http://www.geekpolice.net/malware-removal-guides-f12/how-to-remove-antivirus-live-removal-guide-t16801.htm?sid=71b9d558c9409162590fdb14b1c985ea), but everytime I open Malwarebytes after downloading, it instantly closes, even in safe mode.

Many thanks for reading, and any help or advice would be much appreciated.

descriptionProblem with some malware EmptyRe: Problem with some malware5th January 2010, 11:16 am

more_horiz
Please download ComboFix Problem with some malware Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionProblem with some malware EmptyRe: Problem with some malware9th January 2010, 11:22 pm

more_horiz
ComboFix 10-01-04.01 - Family 01/09/2010 16:52:14.1.2 - x86 NETWORK
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1376 [GMT -6:00]
Running from: c:\users\Family\Desktop\Commy.exe.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3345150982-3443402610-4142067651-500
C:\desktop.ini
C:\install.exe
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\Web Technologies
c:\program files\Web Technologies\myd.ico
c:\program files\Web Technologies\mym.ico
c:\program files\Web Technologies\myp.ico
c:\program files\Web Technologies\myv.ico
c:\program files\Web Technologies\ot.ico
c:\program files\Web Technologies\ts.ico
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Library.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Screensavers!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Videos!.lnk
c:\programdata\ZangoSA
c:\programdata\ZangoSA\ZangoSA.dat
c:\programdata\ZangoSA\ZangoSA_kyf.dat
c:\programdata\ZangoSA\ZangoSAAbout.mht
c:\programdata\ZangoSA\ZangoSAau.dat
c:\programdata\ZangoSA\ZangoSAEula.mht
c:\users\Family\AppData\Roaming\WeatherDPA
c:\users\Family\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\Family\AppData\Roaming\Zango
c:\users\Family\Documents\My Documents.url
c:\users\Family\FAVORI~1\setup.exe
c:\users\Family\Favorites\setup.exe
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\219725
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\41.exe
c:\windows\system32\491.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\AVR10.exe
c:\windows\system32\gedesumi.dll
c:\windows\system32\jekatuji.dll
c:\windows\system32\lonafaze.dll
c:\windows\system32\masoyumu.dll
c:\windows\system32\wakepule.dll
c:\windows\system32\winhelper86.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-09 to 2010-01-09 )))))))))))))))))))))))))))))))
.

2010-01-09 23:03 . 2010-01-09 23:10 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-01-09 23:03 . 2010-01-09 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-09 22:36 . 2010-01-09 22:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Orbit
2010-01-05 04:07 . 2010-01-05 04:07 -------- d-----w- c:\users\Family\AppData\Roaming\Malwarebytes
2010-01-05 04:06 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 04:06 . 2010-01-09 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 04:06 . 2010-01-05 04:06 -------- d-----w- c:\programdata\Malwarebytes
2010-01-05 04:06 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 03:50 . 2010-01-05 03:50 -------- d-----w- c:\programdata\ZA_PreservedFiles
2009-12-25 22:30 . 2009-12-25 22:30 -------- d-----w- c:\windows\XSxS
2009-12-25 22:30 . 2009-12-25 22:30 -------- d-----w- c:\users\Family\AppData\Local\Re-Enable v2
2009-12-25 22:30 . 2009-12-25 22:30 -------- d-----w- c:\program files\Xenocode
2009-12-24 23:04 . 2009-12-24 23:04 22 ----a-w- c:\windows\system32\winzipper.zip
2009-12-24 21:53 . 2010-01-05 03:50 -------- d-----w- c:\users\Family\AppData\Roaming\CheckPoint
2009-12-24 21:53 . 2010-01-05 03:51 -------- d-----w- c:\program files\CheckPoint
2009-12-24 21:51 . 2009-12-24 21:51 -------- d-----w- c:\programdata\CheckPoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-09 23:12 . 2007-08-21 19:16 -------- d-----w- c:\program files\Steam
2010-01-09 23:10 . 2008-12-07 23:43 -------- d-----w- c:\users\Family\AppData\Roaming\Software Informer
2010-01-09 23:10 . 2007-08-31 08:17 -------- d-----w- c:\users\Family\AppData\Roaming\OpenOffice.org2
2010-01-09 23:09 . 2009-01-09 04:26 -------- d-----w- c:\users\Family\AppData\Roaming\Orbit
2010-01-09 05:07 . 2009-05-11 20:29 1356 ----a-w- c:\users\Family\AppData\Local\d3d9caps.dat
2010-01-05 20:06 . 2010-01-05 20:06 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-05 03:24 . 2008-07-20 18:29 -------- d-----w- c:\users\Family\AppData\Roaming\Spyware Terminator
2009-12-24 23:02 . 2008-07-20 18:29 -------- d-----w- c:\program files\Spyware Terminator
2009-12-24 21:28 . 2008-07-20 18:29 -------- d-----w- c:\programdata\Spyware Terminator
2009-12-16 22:14 . 2008-04-19 01:37 -------- d-----w- c:\users\Family\AppData\Roaming\Audacity
2009-12-10 02:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-07 20:54 . 2009-06-10 19:12 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-21 21:39 . 2007-08-18 07:31 -------- d-----w- c:\program files\Soulseek
2009-11-21 06:40 . 2009-12-09 16:48 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 16:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 16:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 16:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-12 00:21 . 2009-11-12 00:21 -------- d-----w- c:\users\Family\AppData\Roaming\TeamViewer
2009-11-09 13:22 . 2009-12-10 02:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-10 02:06 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-10 02:06 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:41 . 2009-11-26 02:05 2048 ----a-w- c:\windows\system32\tzres.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\bekoduya.dll
1601-01-01 00:03 . 1601-01-01 00:03 94208 --sha-w- c:\windows\System32\bupudofa.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\duduhahi.dll
1601-01-01 00:03 . 1601-01-01 00:03 93696 --sha-w- c:\windows\System32\dufisuzu.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\System32\dupejume.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\System32\fiyamepe.dll
1601-01-01 00:03 . 1601-01-01 00:03 61952 --sha-w- c:\windows\System32\gobewowi.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\gumiviho.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\hodaluho.dll
1601-01-01 00:03 . 1601-01-01 00:03 92672 --sha-w- c:\windows\System32\jehofoku.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\jileyemu.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\jopumeti.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\kivifivu.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\System32\ludotoja.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\System32\numuligi.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\pivojobe.dll
1601-01-01 00:03 . 1601-01-01 00:03 61440 --sha-w- c:\windows\System32\popiwoba.dll
1601-01-01 00:03 . 1601-01-01 00:03 61952 --sha-w- c:\windows\System32\reriviji.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\ronigofu.dll
1601-01-01 00:03 . 1601-01-01 00:03 39424 --sha-w- c:\windows\System32\tayijobu.dll
1601-01-01 00:03 . 1601-01-01 00:03 93696 --sha-w- c:\windows\System32\valopawi.dll
1601-01-01 00:03 . 1601-01-01 00:03 93696 --sha-w- c:\windows\System32\vawinaso.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\System32\wegagolu.dll
2007-08-16 08:05 . 2007-08-16 08:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-17 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-27 1217808]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 4390912]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-12-03 22696]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-15 50688]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-1-8 1711304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSearchFilesInStartMenu"= 0 (0x0)
"NoSearchProgramsInStartMenu"= 0 (0x0)
"NoSearchComputerLinkInStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070912.001\IDSvix86.sys [9/14/2007 5:29 PM 180272]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [7/20/2008 12:29 PM 141312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/10/2009 1:11 PM 108289]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [12/3/2006 5:26 PM 37008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345150982-3443402610-4142067651-1000Core.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 16:31]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345150982-3443402610-4142067651-1000UA.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 16:31]

2010-01-09 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Family.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-12-03 23:23]
.
.
------- Supplementary Scan -------
.
uStart Page = ABOUT:BLANK
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://internetsearchservice.com
mSearchURL = hxxp://internetsearchservice.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\jgfe6k72.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Family\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

BHO-{3d7b4082-5428-468d-b4d9-396bad4bbe53} - wakepule.dll
HKCU-Run-fsm - (no file)
HKLM-Run-mojeyuwav - c:\windows\system32\gedesumi.dll
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
HKLM-Run-zevadiyuje - lonafaze.dll
SharedTaskScheduler-{663e814e-7e8c-4b42-9fd6-704be231c287} - c:\windows\system32\gedesumi.dll
SSODL-malugovis-{663e814e-7e8c-4b42-9fd6-704be231c287} - c:\windows\system32\gedesumi.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 17:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


c:\users\Family\AppData\Roaming\Microsoft\Windows Live Call\Logs\msncalllog0.txt 882 bytes
c:\users\Family\AppData\Roaming\Microsoft\Windows Live Call\Logs\msncalllog1.txt 466 bytes

scan completed successfully
hȋdden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4444)
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\SmartPopupBlocker\PopupBlockerBHO.dll
c:\program files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll
c:\program files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\AVSrcU.dll
c:\program files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\CTIntrfu.dll
c:\program files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\CTConfig.dll
c:\program files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\CtMtpRc.dll
c:\program files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\PicRc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 2.2\program\soffice.BIN
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Windows Live\Messenger\wlcsdk.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\vssvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-01-09 17:19:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-09 23:19

Pre-Run: 128,041,283,584 bytes free
Post-Run: 130,297,679,872 bytes free

- - End Of File - - 257509141E3259696E0FAB091F3C0250

descriptionProblem with some malware EmptyRe: Problem with some malware9th January 2010, 11:23 pm

more_horiz
Oh, and my desktop is now visible, which is nice. Big Grin

descriptionProblem with some malware EmptyRe: Problem with some malware9th January 2010, 11:43 pm

more_horiz
Problem with some malware Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionProblem with some malware EmptyRe: Problem with some malware

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum