Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus blocked a Trojan, then browser started redirecting


  • This topic is locked This topic is locked
14 replies to this topic

#1 weezermonkey

weezermonkey

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 08 July 2012 - 05:01 AM

Was on the web when my antivirus popped up saying it blocked a Trojan. There was an adobe flash update almost at the same time, I don't think the 2 are related, but I can't be sure. The message popped up a couple more times (each time with the antivirus saying the problem had been resolved). Tried googling something and got redirected (using Firefox). I ran the full antivirus and it said the system was clean, but that's obviously not true.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by Trot at 2:58:17 on 2012-07-08
.
============== Running Processes ===============
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\AGI\core\3.1\AGCoreService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Trot\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
mURLSearchHooks: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Move Networks] rundll32.exe "c:\documents and settings\trot\local settings\application data\mozilla\move networks\ofonmws.dll",CreateInstance
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Move Networks] rundll32.exe "c:\documents and settings\trot\local settings\application data\mozilla\move networks\ofonmws.dll",CreateInstance
IE: &Search - ?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} - hxxps://www.lojackforlaptops.com/ctmweb/testoc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0DBF8F0B-1264-49F6-ABFC-E45DA4975EA4} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\trot\application data\mozilla\firefox\profiles\y7p6m4gz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111022&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn_2011_7_3_6\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\trot\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\trot\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? Lbd;Lbd
R? MozillaMaintenance;Mozilla Maintenance Service
R? PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
R? ssadmdm;SAMSUNG Android USB Modem Drivers
S? AGCoreService;AG Core Services
S? BHDrvx86;BHDrvx86
S? ccSet_NIS;Norton Internet Security Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? IDSxpx86;IDSxpx86
S? IntcHdmiAddService;Intel® High Definition Audio HDMI Service
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? NIS;Norton Internet Security
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
.
=============== Created Last 30 ================
.
2012-06-26 18:22:49 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-26 18:22:49 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-08 07:28:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-08 07:28:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:27:44 1872128 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 13:24:46 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41:08 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 03:09:20 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-26 03:09:20 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46:47 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46:47 17408 ----a-w- c:\windows\system32\corpol.dll
.
============= FINISH: 2:58:44.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 08 July 2012 - 04:14 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 weezermonkey

weezermonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 08 July 2012 - 11:31 PM

aswMBR log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 21:25:52
-----------------------------
21:25:52.828 OS Version: Windows 5.1.2600 Service Pack 3
21:25:52.828 Number of processors: 2 586 0x170A
21:25:52.843 ComputerName: DORKBOY UserName: Trot
21:26:05.062 Initialize success
21:26:30.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:26:30.578 Disk 0 Vendor: ST932032 DE05 Size: 305245MB BusType: 3
21:26:30.593 Disk 0 MBR read successfully
21:26:30.593 Disk 0 MBR scan
21:26:30.593 Disk 0 unknown MBR code
21:26:30.593 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:26:30.640 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 292644 MB offset 81920
21:26:30.640 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 599433345
21:26:30.703 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 604670535
21:26:30.718 Disk 0 Partition 4 00 DD MSDOS5.0 2549 MB offset 599449410
21:26:30.734 Disk 0 scanning sectors +625137345
21:26:30.812 Disk 0 scanning C:\WINDOWS\system32\drivers
21:26:52.687 Service scanning
21:27:16.468 Modules scanning
21:27:30.281 Disk 0 trace - called modules:
21:27:30.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:27:30.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa7aab8]
21:27:30.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8aae7030]
21:27:30.343 Scan finished successfully
21:27:41.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Trot\Desktop\MBR.dat"
21:27:41.375 The log file has been saved successfully to "C:\Documents and Settings\Trot\Desktop\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 09 July 2012 - 10:49 AM

Please do this next:

Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 weezermonkey

weezermonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 09 July 2012 - 02:39 PM

Thanks for your help by the way.

ComboFix Log

ComboFix 12-07-08.02 - Trot 07/09/2012 12:22:21.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2653 [GMT -7:00]
Running from: c:\documents and settings\Trot\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Trot\Application Data\Mozilla\Firefox\Profiles\y7p6m4gz.default\searchplugins\bing-zugo.xml
c:\documents and settings\Trot\Local Settings\Application Data\{7519f104-a765-a709-21a1-a0f14977e021}\@
c:\documents and settings\Trot\Local Settings\Application Data\{7519f104-a765-a709-21a1-a0f14977e021}\n
c:\documents and settings\Trot\Local Settings\Application Data\Mozilla\Move Networks\ofonmws.dll
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\@
c:\windows\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\L\00000004.@
c:\windows\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\L\201d3dde
c:\windows\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\n
c:\windows\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\U\00000004.@
c:\windows\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\U\00000008.@
c:\windows\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\U\000000cb.@
c:\windows\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\U\80000000.@
c:\windows\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\U\80000032.@
c:\windows\system32\SET422.tmp
c:\windows\system32\SET426.tmp
c:\windows\system32\SET427.tmp
c:\windows\system32\SET42E.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-06-26 18:22 . 2012-06-26 18:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-26 18:22 . 2012-06-26 18:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 07:28 . 2012-03-30 20:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-08 07:28 . 2011-05-16 04:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2008-10-16 22:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2008-10-16 22:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2008-10-16 22:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2008-10-16 22:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2008-10-16 22:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2009-12-02 20:37 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2009-12-02 20:37 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2009-12-02 20:37 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:27 . 2008-04-25 16:16 1872128 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 13:24 . 2008-04-25 16:16 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41 . 2008-04-14 00:01 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-04-25 21:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 03:09 . 2010-06-03 07:24 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-26 03:09 . 2010-06-03 07:24 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-23 14:46 . 2008-04-25 16:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46 . 2008-04-25 16:16 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46 . 2008-04-25 16:16 17408 ----a-w- c:\windows\system32\corpol.dll
2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-06-26 18:22 . 2011-11-14 02:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcore.AGUtils]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-19 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-19 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-19 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 2220032]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-12-11 1228800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\documents and settings\Trot\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7613\Launcher.exe [2009-8-29 157000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-2-10 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-11 02:04 10536 ------w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\symds.sys [5/18/2012 9:50 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\symefa.sys [5/18/2012 9:50 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 5:01 PM 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccsetx86.sys [5/18/2012 9:50 AM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys [5/18/2012 9:50 AM 149624]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\3.1\AGCoreService.exe [8/29/2009 11:57 AM 20480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152720]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [5/18/2012 9:50 AM 138232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/30/2012 10:14 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120705.001\IDSXpx86.sys [7/6/2012 11:24 AM 369632]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2/10/2009 8:43 PM 105984]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 1:26 PM 257224]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:16 PM 113120]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [4/10/2012 11:51 AM 21744]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [3/19/2012 5:44 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [3/19/2012 5:44 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [3/19/2012 5:44 PM 121576]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 16:58]
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:28]
.
2012-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
.
2012-06-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Trot\Application Data\Mozilla\Firefox\Profiles\y7p6m4gz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111022&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Move Networks - c:\documents and settings\Trot\Local Settings\Application Data\Mozilla\Move Networks\ofonmws.dll
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKU-Default-Run-Move Networks - c:\documents and settings\Trot\Local Settings\Application Data\Mozilla\Move Networks\ofonmws.dll
AddRemove-{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} - c:\program files\Samsung\USB Drivers\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-09 12:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Citrix\ICA Client\pnsson.dll
.
- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Webshots\315~1.761\Webshots.scr
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-07-09 12:36:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 19:36
.
Pre-Run: 281,266,618,368 bytes free
Post-Run: 281,992,945,664 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8F57ED84F54228D9C7B90372E2716895

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 09 July 2012 - 04:49 PM

Please do this next:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 weezermonkey

weezermonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 09 July 2012 - 06:37 PM

MBAM log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Trot :: DORKBOY [administrator]

7/9/2012 3:23:14 PM
mbam-log-2012-07-09 (15-23-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275555
Time elapsed: 1 hour(s), 8 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Qoobox\Quarantine\C\WINDOWS\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\U\80000000.@.vir (Trojan.Sirefef) -> No action taken.

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 10 July 2012 - 07:57 AM

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 weezermonkey

weezermonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 10 July 2012 - 02:45 PM

Still being redirected from google searches. Doesn't happen every time but still happens occasionally.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c296aa74d130240a02a55ed391a521c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-10 07:37:45
# local_time=2012-07-10 12:37:45 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 82761023 82761023 0 0
# compatibility_mode=3588 16777190 85 70 2025842 9734926 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=61243
# found=4
# cleaned=0
# scan_time=3055
C:\Documents and Settings\Trot\Application Data\Mozilla\Firefox\Profiles\y7p6m4gz.default\extensions\wmluxpvmji@wmluxpvmji.org.xpi JS/Redirector.NCA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Trot\Local Settings\Application Data\{7519f104-a765-a709-21a1-a0f14977e021}\n.vir Win32/Sirefef.EV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\n.vir Win32/Sirefef.EV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\Installer\{7519f104-a765-a709-21a1-a0f14977e021}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan (unable to clean) 00000000000000000000000000000000 I

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 10 July 2012 - 05:02 PM

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
C:\Documents and Settings\Trot\Application Data\Mozilla\Firefox\Profiles\y7p6m4gz.default\extensions\wmluxpvmji@wmluxpvmji.org.xpi
ClearJavaCache::

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:
  • ComboFix log
  • Let me know if that stops the occasional redirects

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 weezermonkey

weezermonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 10 July 2012 - 06:28 PM

Haven't seen any redirects since running combofix. Seems to have fixed that problem.


ComboFix 12-07-08.02 - Trot 07/10/2012 16:06:32.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2619 [GMT -7:00]
Running from: c:\documents and settings\Trot\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Trot\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
FILE ::
"c:\documents and settings\Trot\Application Data\Mozilla\Firefox\Profiles\y7p6m4gz.default\extensions\wmluxpvmji@wmluxpvmji.org.xpi"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Trot\Application Data\Mozilla\Firefox\Profiles\y7p6m4gz.default\extensions\wmluxpvmji@wmluxpvmji.org.xpi
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 23:04 . 2012-07-10 23:04 -------- d-----w- c:\documents and settings\Trot\Local Settings\Application Data\Sun
2012-07-10 18:38 . 2012-07-10 18:38 -------- d-----w- c:\program files\ESET
2012-07-10 18:34 . 2012-07-10 18:34 -------- d-----w- c:\program files\Common Files\Java
2012-07-10 18:34 . 2012-07-10 18:33 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-10 18:34 . 2012-07-10 18:33 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-26 18:22 . 2012-06-26 18:22 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-26 18:22 . 2012-06-26 18:22 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-10 18:33 . 2010-05-04 06:03 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-08 07:28 . 2012-03-30 20:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-08 07:28 . 2011-05-16 04:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2008-10-16 22:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2008-10-16 22:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2008-10-16 22:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2008-10-16 22:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2008-10-16 22:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2009-12-02 20:37 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2009-12-02 20:37 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2009-12-02 20:37 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:27 . 2008-04-25 16:16 1872128 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 13:24 . 2008-04-25 16:16 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41 . 2008-04-14 00:01 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-04-25 21:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 03:09 . 2010-06-03 07:24 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-26 03:09 . 2010-06-03 07:24 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-23 14:46 . 2008-04-25 16:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46 . 2008-04-25 16:16 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46 . 2008-04-25 16:16 17408 ----a-w- c:\windows\system32\corpol.dll
2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-06-26 18:22 . 2011-11-14 02:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-09_19.32.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-10 23:06 . 2012-07-10 23:06 16384 c:\windows\temp\Perflib_Perfdata_8d8.dat
+ 2012-07-10 22:59 . 2012-07-10 22:59 16384 c:\windows\temp\Perflib_Perfdata_838.dat
+ 2009-11-24 22:48 . 2012-04-04 22:56 22344 c:\windows\system32\drivers\mbam.sys
+ 2012-07-10 18:34 . 2012-07-10 18:33 227824 c:\windows\system32\javaws.exe
+ 2012-07-10 18:34 . 2012-07-10 18:33 174064 c:\windows\system32\javaw.exe
+ 2012-07-10 18:34 . 2012-07-10 18:33 174064 c:\windows\system32\java.exe
+ 2012-07-10 18:34 . 2012-07-10 18:34 176128 c:\windows\Installer\50445.msi
+ 2012-07-10 18:33 . 2012-07-10 18:33 863744 c:\windows\Installer\50440.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcore.AGUtils]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-19 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-19 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-19 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-19 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 2220032]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-12-11 1228800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\Trot\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7613\Launcher.exe [2009-8-29 157000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-2-10 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-11 02:04 10536 ------w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\symds.sys [5/18/2012 9:50 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\symefa.sys [5/18/2012 9:50 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 5:01 PM 821920]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccsetx86.sys [5/18/2012 9:50 AM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys [5/18/2012 9:50 AM 149624]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\3.1\AGCoreService.exe [8/29/2009 11:57 AM 20480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152720]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [5/18/2012 9:50 AM 138232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/30/2012 10:14 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120707.001\IDSXpx86.sys [7/10/2012 11:49 AM 369632]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2/10/2009 8:43 PM 105984]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 1:26 PM 257224]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:16 PM 113120]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\Dell Support Center\pcdsrvc.pkms [4/10/2012 11:51 AM 21744]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [3/19/2012 5:44 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [3/19/2012 5:44 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [3/19/2012 5:44 PM 121576]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 16:58]
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:28]
.
2012-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
.
2012-06-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Trot\Application Data\Mozilla\Firefox\Profiles\y7p6m4gz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111022&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-10 16:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Citrix\ICA Client\pnsson.dll
.
Completion time: 2012-07-10 16:14:03
ComboFix-quarantined-files.txt 2012-07-10 23:14
ComboFix2.txt 2012-07-09 19:36
.
Pre-Run: 281,720,324,096 bytes free
Post-Run: 281,707,134,976 bytes free
.
- - End Of File - - 5C0F0CA34734CA7684CEA2815D79E84D

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 10 July 2012 - 10:54 PM

Excellent! Your logs look good. All I have left for you is another update and some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • aswMBR
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete clean

Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 weezermonkey

weezermonkey
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 11 July 2012 - 08:14 PM

Thanks for all your help, everything seems to be running properly again. I guess my only qualm before closing this is I just want to be sure I'm rid of the Trojan, other than that thanks again for everything.

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 11 July 2012 - 10:06 PM

You're welcome, weezermonkey. You actually had a rootkit, but your logs don't show any remaining issues. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 12 July 2012 - 09:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users