Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan-Downloader.VB.AXA I think?


  • This topic is locked This topic is locked
3 replies to this topic

#1 PA Clev

PA Clev

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 04 August 2009 - 05:46 PM

Hi I'm new here, I am trying to follow all the instructions - here goes...
I am sending this message from my PC as my laptop is infected, the laptop is Toshiba Notebook NB100 running Windows XP

I have been attacked by multiple Trojans and spyware

I first noticed it because I was being redirected to unwanted websites some of them very inappropriate! Whenever I use Google and clicked on a link I am sent to another search engine, or another website.

I downloaded SpyBot - But it would not even open - I downloaded Malware Bytes, that will not open - Tried PC Tool spyware remover and that run and diagnosed lots of Adaware and Tracking Cookies also something called RogueAntiSpyware.AntiSpywareMaster and Trojan-Downloader.VB.AXA Which looks particularly nasty!

I also downloaded HijackThis and followed the instructions on BleepingComputer - I have copied the DDS and Attach logs below.

If anyone can help I will be very greatful, Thanks. I only got the laptop three weeks ago!




DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: DeviceHarddiskVolume1
Install Date: 21/07/2009 21:32:01
System Uptime: 08/04/2009 21:03:47 (2833 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | CPU | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 102.968 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 03/08/2009 16:46:33 - System Checkpoint
RP2: 03/08/2009 16:46:33 - Installed Camera Assistant Software for Toshiba
RP3: 03/08/2009 16:46:33 - Software Distribution Service 3.0
RP4: 03/08/2009 16:46:33 - Software Distribution Service 3.0
RP5: 03/08/2009 16:46:33 - Installed Windows Internet Explorer 8.
RP6: 03/08/2009 16:46:33 - Software Distribution Service 3.0
RP7: 03/08/2009 16:46:33 - Software Distribution Service 3.0
RP8: 03/08/2009 16:46:34 - Software Distribution Service 3.0
RP9: 03/08/2009 16:46:34 - Software Distribution Service 3.0
RP10: 03/08/2009 16:46:34 - Software Distribution Service 3.0
RP11: 03/08/2009 16:46:34 - Software Distribution Service 3.0
RP12: 03/08/2009 16:46:34 - System Checkpoint

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Atheros Client Utility
Atheros Driver Installation Program
Bluetooth Stack for Windows by Toshiba
Bubble Town
Camera Assistant Software for Toshiba
Choice Guard
Compatibility Pack for the 2007 Office system
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java™ 6 Update 6
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Picasa 2
Realtek Card Reader
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Segoe UI
Spotify
Spybot - Search & Destroy
Spyware Doctor 6.1
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Zooming Utility
Update for 2007 Microsoft Office System (KB967642)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10

==== Event Viewer Messages From Past Week ========

30/07/2009 23:58:33, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/07/2009 20:26:56, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 002163A64B41. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
29/07/2009 18:13:42, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:PROGRA~1mcafee.comagentmcagent.exe -Embedding
04/08/2009 00:50:01, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
04/08/2009 00:47:51, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
04/08/2009 00:46:58, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
04/08/2009 00:46:33, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
04/08/2009 00:46:33, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2009 00:46:33, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2009 00:46:33, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2009 00:46:33, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
04/08/2009 00:45:21, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/08/2009 16:56:39, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 8059eda6, parameter3 f7a94bb4, parameter4 f7a948b0.

==== End Of File ===========================






DDS (Ver_09-07-30.01) - NTFSx86
Run by Karen Cleverly at 22:27:29.35 on 04/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.493 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSsystem32svchost -k rpcss
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32acs.exe
C:WINDOWSsystem32svchost.exe -k LocalService
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:Program FilesMcAfeeVirusScanMcShield.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesToshibaTOSHIBA AppletTAPPSRV.exe
C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe
C:WINDOWSsystem32TODDSrv.exe
c:Program FilesToshibaBluetooth Toshiba StackTosBtSrv.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesAtherosACU.exe
C:Program FilesTOSHIBAConfigFreeNDSTray.exe
C:Program FilesToshibaToshiba Appletthotkey.exe
C:Program FilesTOSHIBATOSHIBA Zooming UtilitySmoothView.exe
C:Program FilesTOSHIBATOSHIBA Direct Disc Writerddwmon.exe
C:Program FilesCamera Assistant Software for Toshibatraybar.exe
C:Program FilesTOSHIBAToshiba Online Product Informationtopi.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
c:PROGRA~1mcafeemscmcshell.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Documents and SettingsKaren CleverlyDesktopdds.scr
C:WINDOWSsystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:progra~1mcafeemskmcapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:program filesspybot - search & destroySDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_06binssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscanscriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.2.4204.1700swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:program filesmsntoolbar3.0.1303.0msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:program filesmsntoolbar3.0.1303.0msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [TOSHIBA Online Product Information] c:program filestoshibatoshiba online product informationtopi.exe
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [ACU] "c:program filesatherosACU.exe" -nogui
mRun: [ITSecMng] %ProgramFiles%TOSHIBABluetooth Toshiba StackItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [THotkey] c:program filestoshibatoshiba appletthotkey.exe
mRun: [SmoothView] c:program filestoshibatoshiba zooming utilitySmoothView.exe
mRun: [DDWMon] c:program filestoshibatoshiba direct disc writerddwmon.exe
mRun: [mcagent_exe] c:program filesmcafee.comagentmcagent.exe /runkey
mRun: [Google EULA Launcher] c:program filesgooglegoogle eulaGoogleEULALauncher.exe IE
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [Camera Assistant Software] "c:program filescamera assistant software for toshibatraybar.exe" /start
mRun: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
mRun: [ISTray] "c:program filesspyware doctorpctsTray.exe"
dRun: [TOSHIBA Online Product Information] c:program filestoshibatoshiba online product informationtopi.exe
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_06binssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~3office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~3office12REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2009-8-4 130936]
R1 mfehidk;McAfee Inc. mfehidk;c:windowssystem32driversmfehidk.sys [2008-9-19 201320]
R2 McProxy;McAfee Proxy Service;c:progra~1common~1mcafeemcproxymcproxy.exe [2008-9-19 359248]
R2 McShield;McAfee Real-time Scanner;c:program filesmcafeevirusscanMcshield.exe [2008-9-19 144704]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesspyware doctorpctsAuxs.exe [2009-8-4 348752]
R2 sdCoreService;PC Tools Security Service;c:program filesspyware doctorpctsSvc.exe [2009-8-4 1097096]
R2 tdudf;TOSHIBA UDF File System Driver;c:windowssystem32driverstdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:windowssystem32driverstrudf.sys [2007-2-19 134016]
R3 FwLnk;FwLnk Driver;c:windowssystem32driversFwLnk.sys [2008-9-19 5888]
R3 McSysmon;McAfee SystemGuards;c:progra~1mcafeeviruss~1mcsysmon.exe [2008-9-19 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:windowssystem32driversmfeavfk.sys [2008-9-19 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:windowssystem32driversmfebopk.sys [2008-9-19 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:windowssystem32driversmferkdk.sys [2008-9-19 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:windowssystem32driversmfesmfk.sys [2008-9-19 40488]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:windowssystem32driversRTS5121.sys [2008-9-19 157696]
R3 WSIMD;wsimd Service;c:windowssystem32driverswsimd.sys [2008-9-19 57408]
S3 Rts516xIR;Realtek IR Driver;c:windowssystem32driversrts516xir.sys --> c:windowssystem32driversRts516xIR.sys [?]

=============== Created Last 30 ================

2009-08-04 21:55 159,600 a------- c:windowssystem32driverspctgntdi.sys
2009-08-04 21:55 130,936 a------- c:windowssystem32driversPCTCore.sys
2009-08-04 21:55 73,840 a------- c:windowssystem32driversPCTAppEvent.sys
2009-08-04 21:55 64,392 a------- c:windowssystem32driverspctplsg.sys
2009-08-04 21:55 <DIR> --d----- c:program filescommon filesPC Tools
2009-08-04 21:55 <DIR> --d----- c:program filesSpyware Doctor
2009-08-04 21:55 <DIR> --d----- c:docume~1karenc~1applic~1PC Tools
2009-08-04 21:55 <DIR> --d----- c:docume~1alluse~1applic~1PC Tools
2009-08-04 10:12 <DIR> --d----- c:program filesTrend Micro
2009-08-04 09:41 38,160 a------- c:windowssystem32driversmbamswissarmy.sys
2009-08-04 09:41 19,096 a------- c:windowssystem32driversmbam.sys
2009-08-04 09:41 <DIR> --d----- c:program filesMalwarebytes' Anti-Malware
2009-08-04 09:41 <DIR> --d----- c:docume~1alluse~1applic~1Malwarebytes
2009-08-03 22:08 <DIR> --dsh--- c:documents and settingskaren cleverlyIECompatCache
2009-08-03 21:47 <DIR> --d----- c:program filesSpybot - Search & Destroy
2009-08-03 21:47 <DIR> --d----- c:docume~1alluse~1applic~1Spybot - Search & Destroy
2009-08-03 17:01 12,160 ac------ c:windowssystem32dllcachemouhid.sys
2009-08-03 17:01 12,160 a------- c:windowssystem32driversmouhid.sys
2009-08-03 17:01 10,368 ac------ c:windowssystem32dllcachehidusb.sys
2009-08-03 17:01 10,368 a------- c:windowssystem32drivershidusb.sys
2009-08-03 16:54 64,512 a------- c:windowssystem32driversvsfoceirqwauwp.sys
2009-08-03 16:33 1,215,791 a------- c:windowssystem32xa.tmp
2009-08-02 19:51 <DIR> --dsh--- c:documents and settingskaren cleverlyPrivacIE
2009-08-02 19:48 <DIR> --dsh--- c:documents and settingskaren cleverlyIETldCache
2009-08-02 19:48 <DIR> --d----- c:documents and settingsKaren Cleverly
2009-07-29 19:40 5,632 a------- c:windowssystem32ptpusb.dll
2009-07-29 19:40 159,232 a------- c:windowssystem32ptpusd.dll
2009-07-29 19:40 15,104 ac------ c:windowssystem32dllcacheusbscan.sys
2009-07-29 19:40 15,104 a------- c:windowssystem32driversusbscan.sys
2009-07-29 18:27 <DIR> --d----- c:program filesShockwave.com
2009-07-29 10:16 594,432 -c------ c:windowssystem32dllcachemsfeeds.dll
2009-07-29 10:16 55,296 -c------ c:windowssystem32dllcachemsfeedsbs.dll
2009-07-28 13:33 <DIR> --d----- c:program filesOberon Media
2009-07-28 13:33 <DIR> --d----- c:program filesMSN Games
2009-07-24 10:07 268,648 a------- c:windowssystem32mucltui.dll
2009-07-24 10:07 208,744 a------- c:windowssystem32muweb.dll
2009-07-24 10:07 27,496 a------- c:windowssystem32mucltui.dll.mui
2009-07-23 17:23 <DIR> --d----- c:program filesMicrosoft
2009-07-23 17:23 <DIR> --d----- c:program filesWindows Live SkyDrive
2009-07-23 16:50 <DIR> --d----- c:program filescommon filesWindows Live
2009-07-23 00:01 <DIR> --d----- c:windowsie8updates
2009-07-23 00:00 <DIR> -cd-h--- c:windowsie8
2009-07-22 23:56 101,376 -c------ c:windowssystem32dllcacheiecompat.dll
2009-07-22 23:56 246,272 -c------ c:windowssystem32dllcacheieproxy.dll
2009-07-22 23:56 12,800 -c------ c:windowssystem32dllcachexpshims.dll
2009-07-22 23:56 1,985,536 -c------ c:windowssystem32dllcacheiertutil.dll
2009-07-22 23:56 11,067,392 -c------ c:windowssystem32dllcacheieframe.dll
2009-07-22 22:56 272,128 -c------ c:windowssystem32dllcachebthport.sys
2009-07-22 22:43 455,296 -c------ c:windowssystem32dllcachemrxsmb.sys
2009-07-22 22:41 333,952 -c------ c:windowssystem32dllcachesrv.sys
2009-07-22 22:41 331,776 -c------ c:windowssystem32dllcachemsadce.dll
2009-07-22 22:40 691,712 -c------ c:windowssystem32dllcacheinetcomm.dll
2009-07-22 10:19 247,326 -c------ c:windowssystem32dllcachestrmdll.dll
2009-07-22 10:18 337,408 -c------ c:windowssystem32dllcachenetapi32.dll
2009-07-22 10:17 1,106,944 -c------ c:windowssystem32dllcachemsxml3.dll
2009-07-22 10:10 2,560 -------- c:windowssystem32xpsp4res.dll
2009-07-22 10:10 1,203,922 -c------ c:windowssystem32dllcachesysmain.sdb
2009-07-22 10:10 215,552 -c------ c:windowssystem32dllcachewordpad.exe
2009-07-21 22:42 <DIR> --d----- c:windowssystem32PreInstall
2009-07-21 21:47 <DIR> --d----- c:windowssystem32SoftwareDistribution
2009-07-21 21:35 221,184 a------- c:windowssystem32wmpns.dll
2009-07-21 21:34 17,960 a------- c:windowssystem32driversUVCFTR_S.SYS
2009-07-21 21:34 <DIR> --d----- c:program filesCamera Assistant Software for Toshiba
2009-07-21 21:34 0 a--shr-- c:windowssystem32driversTOSHIBA_TOSHIBA NB100_07732-EN_PLL10E-01303.MRK
2009-07-21 21:17 8,192 a------- c:windowsREGLOCS.OLD

==================== Find3M ====================

2009-08-03 14:51 178,352 a------- c:windowspchealthhelpctrconfigcachePersonal_32_1033.dat
2009-07-03 18:09 915,456 a------- c:windowssystem32wininet.dll
2009-06-16 15:36 119,808 a------- c:windowssystem32t2embed.dll
2009-06-16 15:36 81,920 a------- c:windowssystem32fontsub.dll
2009-06-03 20:09 1,291,264 a------- c:windowssystem32quartz.dll
2009-05-07 16:32 345,600 a------- c:windowssystem32localspl.dll

============= FINISH: 22:29:42.17 ===============

Oh - I have already made a mistake with my first post :thumbup2: I should have attached the file called Attach and not copied and paste it - I have attached it to this post .... Sorry!!

merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 04 August 2009 - 10:29 PM.


BC AdBot (Login to Remove)

 


#2 PA Clev

PA Clev
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 07 August 2009 - 05:06 PM

I now believe that I have been infected by UAC Trojan - I managed to get Malwarebytes to run by calling the .exe file something else and it keeps finding this UAC thing and saying it will be removed on reboot, but after reboot it is still there. This is what it says it has found...

c:\windows\system32\uacinit.dll

Cant open SpyBot at all !

The computer is a brand new Note Boot - Toshiba Netbook NB100 - It has only been used a few times, it has nothing on it!! Maybe I should not bother trying to find the malware and trojans and just re format and use the recovery disk. But there is no CD -Rom drive and I don't really know how to do this.

AGhhhhhhhhh !!!!!!

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 13 August 2009 - 04:20 PM.


#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:04 AM

Posted 14 August 2009 - 01:52 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:04 AM

Posted 22 August 2009 - 03:23 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users