Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 scottmonst

scottmonst

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 14 October 2010 - 08:10 AM

Having some malware issues and possibly some registry issues using windows xp sp2.
I recently tried to upgrade my AVG and had been using Microsoft Security Essentials for a week or so till i decided to upgrade. I noticed i had a malware problem a few days back and after trying to install malwarebytes antimalware i wasnt being allowed to install.
I then ran a system restore to a week previously and was then able to run my malware software again. I found over 300 issues which i managed to quarantine and delete. I also then tried to upgrade to my AVg again. However I have not been able to install this nor any other free software.
I have now tried to just reinstall the operating system. However i get an error on this also. (See setup error attached)I have been in touch with AVG and they suggested i provide some files for review. Turns out i dont have the MFAdata file which should be part of my Applications folder. Have not heard anything back as to what is causing install issue. Ive been checking the forums on your website and have provided the DDS files below

DDS (Ver_10-10-10.03) - NTFSx86
Run by mike scott at 13:22:28.53 on 14/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.495.111 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ClearCloud\ClearCloud DNS\SBCC_Utility_Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mike scott\My Documents\Downloads\Defogger.exe
C:\Documents and Settings\mike scott\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [OdTray.exe] "c:\program files\fujitsu siemens computers\odyssey client for fujitsu siemens computers\OdTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SSClearCloudTrayApp] c:\program files\clearcloud\clearcloud dns\SBCC_Utility_Tray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mikesc~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\mikesc~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: {344C1115-0AC5-41A5-8D4B-9CA697E2CED6} = 74.118.212.1,74.118.212.2,74.118.212.1,74.118.212.2,
TCP: {7F2CDA10-F2BF-4F1E-9DF4-C343B2ACB46A} = 74.118.212.1,74.118.212.2,74.118.212.1,74.118.212.2,156.154.70.22,156.154.71.22,
TCP: {8F4B4C5B-6DBB-4B5D-BEA1-8F2840C76267} = 74.118.212.1,74.118.212.2
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2009-12-6 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2009-12-6 6100]
S3 ADASPROT;SYSTWEAKASO; [x]

=============== Created Last 30 ================

2010-10-14 08:36:32 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-14 08:36:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-14 00:44:00 -------- d-----w- c:\windows\system32\wbem\repository.old\FS
2010-10-14 00:44:00 -------- d-----w- c:\windows\system32\wbem\repository.old
2010-10-14 00:41:17 -------- d-----w- C:\AVGTemp
2010-10-13 11:29:19 6084944 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{47611752-dba1-447b-97e9-af4663cfa3a7}\mpengine.dll
2010-10-13 11:18:21 -------- d-----w- c:\docume~1\mikesc~1\applic~1\Malwarebytes
2010-10-13 11:17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 11:17:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 11:17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 10:09:59 -------- d-----w- c:\windows\pss
2010-10-12 17:40:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2010-10-12 14:15:02 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-10-11 16:53:32 -------- d-----w- c:\program files\common files\PC Tools
2010-10-11 16:53:31 -------- d-----w- c:\program files\Spyware Doctor
2010-10-11 16:29:36 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\RegCure
2010-10-11 11:52:54 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2010-09-28 11:23:04 6084944 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2010-09-28 01:18:13 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 00:42:44 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-28 00:19:29 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\ClearCloud
2010-09-28 00:19:26 -------- d-----w- c:\docume~1\mikesc~1\applic~1\ClearCloud
2010-09-28 00:19:00 -------- d-----w- c:\program files\ClearCloud
2010-09-27 20:04:59 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Systweak
2010-09-27 19:51:20 -------- d-----w- c:\docume~1\mikesc~1\applic~1\Systweak
2010-09-24 09:54:43 -------- d-----w- C:\ProgramData
2010-09-24 09:54:43 -------- d-----w- c:\program files\Angle Interactive
2010-09-22 01:13:04 -------- d-----w- c:\documents and settings\mike scott\.freemind
2010-09-22 01:10:15 -------- d-----w- c:\program files\FreeMind
2010-09-20 22:52:21 -------- d-----w- c:\docume~1\mikesc~1\applic~1\AVG9
2010-09-20 13:51:14 -------- d---a-w- C:\xampp
2010-09-16 16:33:12 -------- d-----w- c:\docume~1\mikesc~1\applic~1\Uniblue

==================== Find3M ====================

2010-08-24 13:12:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-24 13:12:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-08-24 11:49:40 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 13:25:00.65 ===============

Attached Files


Edited by scottmonst, 14 October 2010 - 02:25 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 AM

Posted 22 October 2010 - 07:29 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 AM

Posted 27 October 2010 - 06:47 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users