BleepingComputer.com: Infected again

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Infected again I can't seem to keep this computer clean

#1 User is offline   GodDamnBats 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 22-July 11

Posted 23 July 2011 - 12:00 AM

I had this machine cleaned by a professional that installed both MalwareBytes and Microsoft Security essentials saying that i should be fine...within months I started noticing decreased performance. I called the guy back and asked what was up and he told me to download super anti spyware. I now have all 3 on my machine and I now get pop ups for Mcafee and I always get automatic update notifications and errors telling me I am critically low on disk space. All these seem like tell tale symptoms of serious infection. I have run Malwarebytes and posted the log below as that seems to be one of the first instructions on these posts.
Any help would be great.



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/22/2011 8:54:49 PM
mbam-log-2011-07-22 (20-54-48).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 296881
Time elapsed: 3 hour(s), 48 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_______________________________________

(EDIT)


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
McAfee Security Scan Plus
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 24
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


_________________________________________________
(EDIT)


MiniToolBox by Farbar
Ran by Owner (administrator) on 22-07-2011 at 21:23:14
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost"
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-at5qgaac3z

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-0E-A6-C4-DC-B6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Friday, July 22, 2011 4:35:33 PM

Lease Expires . . . . . . . . . . : Saturday, July 23, 2011 4:35:33 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.93.106, 74.125.93.147, 74.125.93.99, 74.125.93.103
74.125.93.104, 74.125.93.105



Pinging google.com [74.125.115.106] with 32 bytes of data:



Reply from 74.125.115.106: bytes=32 time=94ms TTL=52

Reply from 74.125.115.106: bytes=32 time=89ms TTL=52



Ping statistics for 74.125.115.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 89ms, Maximum = 94ms, Average = 91ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=60ms TTL=56

Reply from 72.30.2.43: bytes=32 time=40ms TTL=56



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 60ms, Average = 50ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0e a6 c4 dc b6 ...... VIA Rhine II Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/22/2011 09:05:23 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.0.657.00x80240022updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/22/2011 09:05:13 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 download, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (07/22/2011 04:36:14 PM) (Source: ESENT) (User: )
Description: wuauclt (2944) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/22/2011 04:36:08 PM) (Source: ESENT) (User: )
Description: wuauclt (2888) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/22/2011 04:36:04 PM) (Source: ESENT) (User: )
Description: wuauclt (2176) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/21/2011 08:00:22 PM) (Source: ESENT) (User: )
Description: wuauclt (2244) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/20/2011 06:06:39 PM) (Source: ESENT) (User: )
Description: wuauclt (2196) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '{268789C4-53E6-4DDB-8F33-8D0F9E000BEA}' could not be installed. Error code 1635. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt.

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '{2D1AC484-E516-408C-8825-ACB1C356AC7A}' could not be installed. Error code 1635. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt.

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '{2F3AB6ED-951C-4CE7-8AC9-8546FDCF1F5A}' could not be installed. Error code 1635. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt.


System errors:
=============
Error: (07/22/2011 09:05:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %YOUR-AT5QGAAC3Z60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %YOUR-AT5QGAAC3Z51

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %YOUR-AT5QGAAC3Z602

Update Type: %YOUR-AT5QGAAC3Z604

User: YOUR-AT5QGAAC3Z\Owner

Current Engine Version: %YOUR-AT5QGAAC3Z605

Previous Engine Version: %YOUR-AT5QGAAC3Z606

Error code: %YOUR-AT5QGAAC3Z607

Error description: %YOUR-AT5QGAAC3Z608

Error: (07/22/2011 09:05:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %YOUR-AT5QGAAC3Z60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %YOUR-AT5QGAAC3Z51

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %YOUR-AT5QGAAC3Z602

Update Type: %YOUR-AT5QGAAC3Z604

User: YOUR-AT5QGAAC3Z\Owner

Current Engine Version: %YOUR-AT5QGAAC3Z605

Previous Engine Version: %YOUR-AT5QGAAC3Z606

Error code: %YOUR-AT5QGAAC3Z607

Error description: %YOUR-AT5QGAAC3Z608

Error: (07/22/2011 09:05:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %YOUR-AT5QGAAC3Z60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %YOUR-AT5QGAAC3Z51

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %YOUR-AT5QGAAC3Z602

Update Type: %YOUR-AT5QGAAC3Z604

User: YOUR-AT5QGAAC3Z\Owner

Current Engine Version: %YOUR-AT5QGAAC3Z605

Previous Engine Version: %YOUR-AT5QGAAC3Z606

Error code: %YOUR-AT5QGAAC3Z607

Error description: %YOUR-AT5QGAAC3Z608

Error: (07/22/2011 09:05:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %YOUR-AT5QGAAC3Z60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %YOUR-AT5QGAAC3Z51

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %YOUR-AT5QGAAC3Z602

Update Type: %YOUR-AT5QGAAC3Z604

User: YOUR-AT5QGAAC3Z\Owner

Current Engine Version: %YOUR-AT5QGAAC3Z605

Previous Engine Version: %YOUR-AT5QGAAC3Z606

Error code: %YOUR-AT5QGAAC3Z607

Error description: %YOUR-AT5QGAAC3Z608

Error: (07/22/2011 09:05:12 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/22/2011 09:05:12 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/22/2011 05:00:17 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (07/22/2011 04:59:09 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (07/22/2011 04:36:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error: (07/21/2011 09:05:19 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.


Microsoft Office Sessions:
=========================
Error: (07/22/2011 09:05:23 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.0.657.00x80240022updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/22/2011 09:05:13 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80240022processdownloadresultsdownload3.0.8107.0mpsigdwn.dll3.0.8107.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (07/22/2011 04:36:14 PM) (Source: ESENT)(User: )
Description: wuauclt2944C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/22/2011 04:36:08 PM) (Source: ESENT)(User: )
Description: wuauclt2888C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/22/2011 04:36:04 PM) (Source: ESENT)(User: )
Description: wuauclt2176C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/21/2011 08:00:22 PM) (Source: ESENT)(User: )
Description: wuauclt2244C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log0 (0x0000000000000000)131072 (0x00020000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/20/2011 06:06:39 PM) (Source: ESENT)(User: )
Description: wuauclt2196C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log0 (0x0000000000000000)131072 (0x00020000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft .NET Framework 2.0 Service Pack 2{268789C4-53E6-4DDB-8F33-8D0F9E000BEA}1635C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft .NET Framework 2.0 Service Pack 2{2D1AC484-E516-408C-8825-ACB1C356AC7A}1635C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft .NET Framework 2.0 Service Pack 2{2F3AB6ED-951C-4CE7-8AC9-8546FDCF1F5A}1635C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 1023.48 MB
Available physical RAM: 440.27 MB
Total Pagefile: 2465.49 MB
Available Pagefile: 1712.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.21 MB

========================= Partitions: =====================================

2 Drive c: (HP_PAVILION) (Fixed) (Total:70.06 GB) (Free:0.03 GB) NTFS
3 Drive d: (HP_RECOVERY) (Fixed) (Total:4.45 GB) (Free:0.48 GB) FAT32
4 Drive e: (CNC3) (CDROM) (Total:5.15 GB) (Free:0 GB) UDF
6 Drive g: () (Removable) (Total:0.95 GB) (Free:0.88 GB) FAT
10 Drive k: (KINGSTON) (Removable) (Total:7.45 GB) (Free:6.96 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0
SUPPORT_fddfa904


== End of log ==


________________________
(Edit: Quick Scan Results)


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7246

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/22/2011 9:52:56 PM
mbam-log-2011-07-22 (21-52-55).txt

Scan type: Quick scan
Objects scanned: 185825
Time elapsed: 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This post has been edited by GodDamnBats: 23 July 2011 - 12:59 AM

#2 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 23 July 2011 - 11:24 AM

Well, you ARE critically low on free hard drive space:

2 Drive c: (HP_PAVILION) (Fixed) (Total:70.06 GB) (Free:0.03 GB) NTFS

You have to start moving stuff out of drive C right away, or next time around your computer may not boot at all.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users