Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected again


  • Please log in to reply
1 reply to this topic

#1 GodDamnBats

GodDamnBats

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 23 July 2011 - 12:00 AM

I had this machine cleaned by a professional that installed both MalwareBytes and Microsoft Security essentials saying that i should be fine...within months I started noticing decreased performance. I called the guy back and asked what was up and he told me to download super anti spyware. I now have all 3 on my machine and I now get pop ups for Mcafee and I always get automatic update notifications and errors telling me I am critically low on disk space. All these seem like tell tale symptoms of serious infection. I have run Malwarebytes and posted the log below as that seems to be one of the first instructions on these posts.
Any help would be great.



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/22/2011 8:54:49 PM
mbam-log-2011-07-22 (20-54-48).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 296881
Time elapsed: 3 hour(s), 48 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_______________________________________

(EDIT)


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee Security Scan Plus
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 24
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````


_________________________________________________
(EDIT)


MiniToolBox by Farbar
Ran by Owner (administrator) on 22-07-2011 at 21:23:14
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost"
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-at5qgaac3z

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-0E-A6-C4-DC-B6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Friday, July 22, 2011 4:35:33 PM

Lease Expires . . . . . . . . . . : Saturday, July 23, 2011 4:35:33 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.93.106, 74.125.93.147, 74.125.93.99, 74.125.93.103
74.125.93.104, 74.125.93.105



Pinging google.com [74.125.115.106] with 32 bytes of data:



Reply from 74.125.115.106: bytes=32 time=94ms TTL=52

Reply from 74.125.115.106: bytes=32 time=89ms TTL=52



Ping statistics for 74.125.115.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 89ms, Maximum = 94ms, Average = 91ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=60ms TTL=56

Reply from 72.30.2.43: bytes=32 time=40ms TTL=56



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 60ms, Average = 50ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0e a6 c4 dc b6 ...... VIA Rhine II Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/22/2011 09:05:23 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.0.657.00x80240022updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/22/2011 09:05:13 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 download, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (07/22/2011 04:36:14 PM) (Source: ESENT) (User: )
Description: wuauclt (2944) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/22/2011 04:36:08 PM) (Source: ESENT) (User: )
Description: wuauclt (2888) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/22/2011 04:36:04 PM) (Source: ESENT) (User: )
Description: wuauclt (2176) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/21/2011 08:00:22 PM) (Source: ESENT) (User: )
Description: wuauclt (2244) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/20/2011 06:06:39 PM) (Source: ESENT) (User: )
Description: wuauclt (2196) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '{268789C4-53E6-4DDB-8F33-8D0F9E000BEA}' could not be installed. Error code 1635. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt.

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '{2D1AC484-E516-408C-8825-ACB1C356AC7A}' could not be installed. Error code 1635. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt.

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update '{2F3AB6ED-951C-4CE7-8AC9-8546FDCF1F5A}' could not be installed. Error code 1635. Additional information is available in the log file C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt.


System errors:
=============
Error: (07/22/2011 09:05:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %YOUR-AT5QGAAC3Z60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %YOUR-AT5QGAAC3Z51

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %YOUR-AT5QGAAC3Z602

Update Type: %YOUR-AT5QGAAC3Z604

User: YOUR-AT5QGAAC3Z\Owner

Current Engine Version: %YOUR-AT5QGAAC3Z605

Previous Engine Version: %YOUR-AT5QGAAC3Z606

Error code: %YOUR-AT5QGAAC3Z607

Error description: %YOUR-AT5QGAAC3Z608

Error: (07/22/2011 09:05:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %YOUR-AT5QGAAC3Z60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %YOUR-AT5QGAAC3Z51

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %YOUR-AT5QGAAC3Z602

Update Type: %YOUR-AT5QGAAC3Z604

User: YOUR-AT5QGAAC3Z\Owner

Current Engine Version: %YOUR-AT5QGAAC3Z605

Previous Engine Version: %YOUR-AT5QGAAC3Z606

Error code: %YOUR-AT5QGAAC3Z607

Error description: %YOUR-AT5QGAAC3Z608

Error: (07/22/2011 09:05:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %YOUR-AT5QGAAC3Z60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %YOUR-AT5QGAAC3Z51

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %YOUR-AT5QGAAC3Z602

Update Type: %YOUR-AT5QGAAC3Z604

User: YOUR-AT5QGAAC3Z\Owner

Current Engine Version: %YOUR-AT5QGAAC3Z605

Previous Engine Version: %YOUR-AT5QGAAC3Z606

Error code: %YOUR-AT5QGAAC3Z607

Error description: %YOUR-AT5QGAAC3Z608

Error: (07/22/2011 09:05:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %YOUR-AT5QGAAC3Z60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %YOUR-AT5QGAAC3Z51

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %YOUR-AT5QGAAC3Z602

Update Type: %YOUR-AT5QGAAC3Z604

User: YOUR-AT5QGAAC3Z\Owner

Current Engine Version: %YOUR-AT5QGAAC3Z605

Previous Engine Version: %YOUR-AT5QGAAC3Z606

Error code: %YOUR-AT5QGAAC3Z607

Error description: %YOUR-AT5QGAAC3Z608

Error: (07/22/2011 09:05:12 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/22/2011 09:05:12 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.105.1306.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8107.00

Source Path: 3.0.8107.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/22/2011 05:00:17 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (07/22/2011 04:59:09 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (07/22/2011 04:36:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error: (07/21/2011 09:05:19 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.


Microsoft Office Sessions:
=========================
Error: (07/22/2011 09:05:23 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.0.657.00x80240022updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (07/22/2011 09:05:13 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80240022processdownloadresultsdownload3.0.8107.0mpsigdwn.dll3.0.8107.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (07/22/2011 04:36:14 PM) (Source: ESENT)(User: )
Description: wuauclt2944C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/22/2011 04:36:08 PM) (Source: ESENT)(User: )
Description: wuauclt2888C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/22/2011 04:36:04 PM) (Source: ESENT)(User: )
Description: wuauclt2176C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb8192 (0x0000000000002000)57344 (0x0000e000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/21/2011 08:00:22 PM) (Source: ESENT)(User: )
Description: wuauclt2244C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log0 (0x0000000000000000)131072 (0x00020000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/20/2011 06:06:39 PM) (Source: ESENT)(User: )
Description: wuauclt2196C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log0 (0x0000000000000000)131072 (0x00020000)-1808 (0xfffff8f0)112 (0x00000070)There is not enough space on the disk.

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft .NET Framework 2.0 Service Pack 2{268789C4-53E6-4DDB-8F33-8D0F9E000BEA}1635C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft .NET Framework 2.0 Service Pack 2{2D1AC484-E516-408C-8825-ACB1C356AC7A}1635C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt

Error: (07/20/2011 06:05:40 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM
Description: Microsoft .NET Framework 2.0 Service Pack 2{2F3AB6ED-951C-4CE7-8AC9-8546FDCF1F5A}1635C:\WINDOWS\TEMP\dd_NET_Framework20_Setup328B.txt


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 1023.48 MB
Available physical RAM: 440.27 MB
Total Pagefile: 2465.49 MB
Available Pagefile: 1712.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.21 MB

========================= Partitions: =====================================

2 Drive c: (HP_PAVILION) (Fixed) (Total:70.06 GB) (Free:0.03 GB) NTFS
3 Drive d: (HP_RECOVERY) (Fixed) (Total:4.45 GB) (Free:0.48 GB) FAT32
4 Drive e: (CNC3) (CDROM) (Total:5.15 GB) (Free:0 GB) UDF
6 Drive g: () (Removable) (Total:0.95 GB) (Free:0.88 GB) FAT
10 Drive k: (KINGSTON) (Removable) (Total:7.45 GB) (Free:6.96 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0
SUPPORT_fddfa904


== End of log ==


________________________
(Edit: Quick Scan Results)


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7246

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/22/2011 9:52:56 PM
mbam-log-2011-07-22 (21-52-55).txt

Scan type: Quick scan
Objects scanned: 185825
Time elapsed: 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by GodDamnBats, 23 July 2011 - 12:59 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:28 AM

Posted 23 July 2011 - 11:24 AM

Well, you ARE critically low on free hard drive space:

2 Drive c: (HP_PAVILION) (Fixed) (Total:70.06 GB) (Free:0.03 GB) NTFS

You have to start moving stuff out of drive C right away, or next time around your computer may not boot at all.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users