Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Control Center


  • This topic is locked This topic is locked
3 replies to this topic

#1 nj12345

nj12345

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 27 April 2010 - 12:44 PM

I followed the instructions to automatically remove Control Center (and some other malware) using MBAM on the Administrator acct, but when i try to log onto my other acct, i get stuck at the Control Center screen, and it will not let me run task manager so I can't even activate rKill. I have been running MBAM over and over again to try to get all the files, but every time i run it, it finds a few different files that need to be deleted. I am using the most up to date MBAM.


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 11:50:26.64 on Tue 04/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.361 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: c:\windows\system32\ly0hg5r2n.dll: {a2ba40a0-74f1-52bd-f411-00b15a2c8953} - c:\windows\system32\ly0hg5r2n.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Vrotivoqubub] rundll32.exe "c:\windows\ivocukali.dll",Startup
mRun: [tqhwsvso] c:\documents and settings\brandon\local settings\application data\uoplxeahl\msytgcitssd.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\sv3wz4BeJ.exe" /runcleanupscript
mRun: [kunomijiji] Rundll32.exe "vovugesi.dll",s
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\vongot~1.lnk - c:\program files\vongo\Tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\npjpi150_06.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: milufuro.dll
STS: c:\windows\system32\ly0hg5r2n.dll: {a2ba40a0-74f1-52bd-f411-00b15a2c8953} - c:\windows\system32\ly0hg5r2n.dll
LSA: Notification Packages = scecli milufuro.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-26 207280]
S0 hupav;hupav;c:\windows\system32\drivers\ntii.sys --> c:\windows\system32\drivers\ntii.sys [?]
S0 ypiapwd;ypiapwd;c:\windows\system32\drivers\ypiapwd.sys [2010-4-26 0]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-2 135664]
S2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
S2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-26 365280]
S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-26 1141712]
S3 memchek;memchek;c:\windows\system32\memchek.sys [2004-8-4 2432]
S3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100426.003\NAVENG.sys [2010-4-26 84912]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100426.003\NAVEX15.sys [2010-4-26 1324720]

=============== Created Last 30 ================

2010-04-27 15:49:30 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-04-27 13:47:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 13:47:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 13:47:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 13:07:29 0 ----a-w- c:\program files\extra2.dat
2010-04-26 22:57:55 0 d-----w- c:\program files\beans
2010-04-26 22:56:26 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-04-26 19:56:03 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-04-26 19:56:03 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-26 19:55:58 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-26 19:55:58 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-26 19:55:58 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-04-26 19:55:58 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-26 19:55:51 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-26 19:55:51 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-26 19:55:44 0 d-----w- c:\program files\Spyware Doctor
2010-04-26 19:55:44 0 d-----w- c:\program files\common files\PC Tools
2010-04-26 19:55:44 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-26 19:55:44 0 d-----w- c:\docume~1\admini~1\applic~1\PC Tools
2010-04-26 18:05:07 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-26 17:50:45 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-04-26 17:42:21 0 d-----w- c:\docume~1\admini~1\applic~1\Intuit
2010-04-26 17:30:26 1580 ----a-w- C:\AKM Antivirus 2010 Pro.lnk
2010-04-26 17:30:25 0 d-----w- C:\AKM Antivirus 2010 Pro
2010-04-26 17:11:09 0 d-----w- c:\program files\scdata
2010-04-26 17:07:17 0 d-----w- c:\program files\Digital Protection
2010-04-26 17:06:40 36 ----a-w- c:\program files\skynet.dat
2010-04-26 17:06:31 0 d-----w- c:\program files\AKM Antivirus 2010 Pro
2010-04-26 17:04:02 0 ----a-w- c:\windows\Swugoquqofolinin.bin
2010-04-26 17:03:56 120 ----a-w- c:\windows\Tcukadan.dat
2010-04-26 16:58:30 36864 ----a-w- c:\windows\system32\OLD9E.tmp
2010-04-26 16:58:28 49664 ----a-w- c:\windows\system32\pragmabbr.dll
2010-04-26 16:58:28 1162 ----a-w- c:\docume~1\alluse~1\applic~1\pragmamfeklnmal.dll
2010-04-26 16:58:24 49664 ----a-w- c:\windows\system32\pragmaserf.dll
2010-04-26 16:58:23 36864 ----a-w- c:\windows\system32\OLD9A.tmp
2010-04-26 16:58:20 36864 ----a-w- c:\windows\system32\OLD97.tmp
2010-04-26 16:57:32 146 ----a-w- c:\windows\system32\PRAGMAsrcr.dat
2010-04-26 16:57:09 0 d-----w- c:\windows\PRAGMAbwqvrvmkbf
2010-04-26 16:56:51 0 ----a-w- c:\windows\system32\drivers\ypiapwd.sys
2010-04-26 16:56:14 30000 ----a-w- c:\windows\system32\ly0hg5r2n.dll
2010-04-21 11:55:32 299008 ----a-w- c:\windows\system32\lrcpiktf.dll
2010-04-16 18:52:43 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-16 18:52:38 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-16 18:52:35 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-16 18:52:35 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-13 15:31:27 2737 ----a-w- c:\windows\DevMgr.ini
2010-04-13 15:29:51 90112 ----a-w- c:\windows\system32\hpocon09.exe
2010-04-13 15:29:51 22139 ----a-w- c:\windows\system32\hpocoi08.dll
2010-04-13 15:29:48 20 ----a-w- c:\windows\Hposcv07.INI
2010-04-13 15:27:27 0 d-----w- c:\windows\AiOTemp
2010-04-13 15:26:46 38912 ----a-w- c:\windows\system32\hh.exe
2010-04-09 13:16:48 324608 ----a-w- c:\windows\system32\hpojwia.dll
2010-04-09 13:16:48 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-04-09 13:16:48 18411 ----a-w- c:\windows\system32\hpo5500a.aio
2010-04-09 13:16:48 18411 ----a-w- c:\windows\system32\hpo5400a.aio
2010-04-09 13:16:44 18411 ----a-w- c:\windows\system32\hpo5300a.aio
2010-04-09 13:16:42 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2010-04-09 13:16:42 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys
2010-03-29 23:16:11 0 d-----w- c:\windows\ie8updates
2010-03-29 23:14:40 0 dc-h--w- c:\windows\ie8
2010-03-29 23:09:57 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-03-29 23:09:46 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-29 23:09:45 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-29 23:09:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-29 23:09:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-29 23:09:44 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-29 23:09:41 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll

==================== Find3M ====================

2010-01-26 16:56:24 127488 --sha-w- c:\windows\system32\milufuro.dll

============= FINISH: 11:51:56.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:05:43 AM

Posted 01 May 2010 - 07:48 PM

Hi nj12345
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up.

Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • Vista users right click Combofix.exe and select Run As Administrator.
  • When finished, it shall produce a log for you. Post the Combofix log
Note: Do not mouse click combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:05:43 AM

Posted 08 May 2010 - 12:33 AM

Hi
If you still require help. please respond to this thread or it will be closed in 48 hours.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#4 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:05:43 AM

Posted 11 May 2010 - 11:05 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users