Panther Rose   10 #85 Posted December 5, 2010 Oh s**t, there is one object infected Share this post Link to post Share on other sites Share this content via...
waddler8 Â Â 10 #86 Posted December 5, 2010 That's ok. Let it get to the end and post the log. Share this post Link to post Share on other sites Share this content via...
Panther Rose   10 #87 Posted December 5, 2010 Here you go:  Malwarebytes' Anti-Malware 1.50 http://www.malwarebytes.org  Database version: 5249  Windows 6.1.7600 Internet Explorer 8.0.7600.16385  05/12/2010 20:32:03 mbam-log-2010-12-05 (20-32-03).txt  Scan type: Quick scan Objects scanned: 143432 Time elapsed: 3 minute(s), 27 second(s)  Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1  Memory Processes Infected: (No malicious items detected)  Memory Modules Infected: (No malicious items detected)  Registry Keys Infected: (No malicious items detected)  Registry Values Infected: (No malicious items detected)  Registry Data Items Infected: (No malicious items detected)  Folders Infected: (No malicious items detected)  Files Infected: c:\Windows\System32\java.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Share this post Link to post Share on other sites Share this content via...
waddler8 Â Â 10 #88 Posted December 5, 2010 Good! Â Hopefully were in the home straight! Â Re-run the program DDS I had you run. Â Double click dds.scr to run the tool. When done, notepad should open. Please copy & paste the contents of:Â Â DDS.txt And post it in your next reply. Share this post Link to post Share on other sites Share this content via...
waddler8 Â Â 10 #89 Posted December 5, 2010 Â Files Infected: c:\Windows\System32\java.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Â I believe that is actually a false positive & not an infected file - we'll restore it later. I'm getting the same detection. Share this post Link to post Share on other sites Share this content via...
waddler8 Â Â 10 #90 Posted December 5, 2010 I believe that is actually a false positive & not an infected file - we'll restore it later. I'm getting the same detection. Â Yes, I've just checked the Malwarebytes forum and others are reporting the same. Â The log was clean. Share this post Link to post Share on other sites Share this content via...
Panther Rose   10 #91 Posted December 5, 2010 DDS (Ver_10-11-27.01) - NTFSx86 Run by Jacqueline at 20:52:25.87 on 05/12/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3326.2406 [GMT 0:00]   ============== Running Processes ===============  C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Olympus\DeviceDetector\DM1Service.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Jacqueline\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe Share this post Link to post Share on other sites Share this content via...
Panther Rose   10 #92 Posted December 5, 2010 Pseudo HJT Report ===============  uStart Page = hxxp://www.sky.com/ uInternet Settings,ProxyServer = http=127.0.0.1:25535 BHO: txthlpBHO Class: {060235dc-6d84-47bd-95d7-a4ef5099a59d} - c:\progra~1\texthe~1\readan~1\TE4470~1.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex  \AcroIEHelperShim.dll BHO: ba3HelperObj Class: {a17b153f-2267-4161-a165-73dcd6c31bef} - c:\progra~1\texthe~1\readan~1\ba3bho.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier  \5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\direct~1.lnk - c:\program files\olympus\devicedetector  \DirectrecConfig.exe uPolicies-explorer: DisallowRun = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-  A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.co.uk/bravia/RegistrationAgent.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab IFEO: image file execution options - svchost.exe Hosts: 74.125.45.100 4-open-davinci.com Hosts: 74.125.45.100 securitysoftwarepayments.com Hosts: 74.125.45.100 privatesecuredpayments.com Hosts: 74.125.45.100 secure.privatesecuredpayments.com Hosts: 74.125.45.100 getantivirusplusnow.com  Note: multiple HOSTS entries found. Please refer to Attach.txt  ================= FIREFOX ===================  FF - ProfilePath - c:\users\jacque~1\appdata\roaming\mozilla\firefox\profiles\v0q39t8j.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.sky.com/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 25535 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-  ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-  ABCDEFFEDCBA} FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-  3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-  0021-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-  0022-ABCDEFFEDCBA}  ============= SERVICES / DRIVERS ===============  R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-16 165584] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-16 17744] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-16 50768] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-8 40384] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-2 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-19 47640] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-8 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-8 40384] R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2010-4-7 376160] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe  [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-19 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-16 1343400]  =============== Created Last 30 ================  2010-12-05 10:06:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-05 10:06:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-05 09:56:04 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{c58d21c2-8f60-4249-894f-  8f9ad2480eb9}\mpengine.dll 2010-11-30 23:30:51 -------- d-----w- c:\users\jacque~1\appdata\roaming\Malwarebytes 2010-11-30 23:30:46 -------- d-----w- c:\progra~2\Malwarebytes 2010-11-30 23:30:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-24 07:35:09 7680 ----a-w- c:\program files\internet explorer\iecompat.dll 2010-11-21 22:16:57 -------- d-----w- C:\Temp 2010-11-21 22:12:38 -------- d-----w- c:\users\jacque~1\appdata\roaming\Philips-Songbird 2010-11-21 22:12:38 -------- d-----w- c:\users\jacque~1\appdata\local\Philips-Songbird 2010-11-21 22:12:00 -------- d-----w- c:\program files\Philips 2010-11-21 08:54:38 -------- d-----w- c:\users\jacque~1\appdata\local\Mozilla 2010-11-06 11:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2010-11-06 08:46:52 -------- d-sh--w- c:\users\jacque~1\appdata\roaming\Smart Engine 2010-11-06 08:46:52 -------- d-sh--w- c:\progra~2\SMUSE 2010-11-06 08:46:31 -------- d-sh--w- c:\progra~2\56a4ff  ==================== Find3M ====================  2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-30 20:20:38 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-09-30 20:20:38 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2010-09-30 20:20:38 29568 ----a-w- c:\windows\system32\LMIport.dll 2010-09-30 20:20:37 87424 ----a-w- c:\windows\system32\LMIinit.dll 2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec 2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr  ============= FINISH: 20:52:46.08 =============== Share this post Link to post Share on other sites Share this content via...
Panther Rose   10 #93 Posted December 5, 2010 Yes, I've just checked the Malwarebytes forum and others are reporting the same. The log was clean.  Glad to know this. Share this post Link to post Share on other sites Share this content via...
Panther Rose   10 #94 Posted December 5, 2010 What is the reason behind Firefox? Share this post Link to post Share on other sites Share this content via...
waddler8   10 #95 Posted December 5, 2010 What is the reason behind Firefox?  It's just an alternative to Internet Explorer to view the Internet.   Good news and bad news.  The mbam log is clean but the hosts entries etc still remain. We'll use something else that takes the work out of it for you. The program below will allow me to formulate a script that will do everything automatically using the program.   This might produce a big log so you might have to split it into 2-3 posts and make sure you don't miss anything out - we're nearly there, you'll be able to give yourself a pat on the back after this.   Download this file by Old Timer and save it to your Desktop. Double click on OTL.exe to run it. Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When done, two Notepad files will open.  OTL.txt <-- Will be opened Extras.txt <-- Will be minimized   [*]Please post the contents of just OTL.txt in your next reply. Share this post Link to post Share on other sites Share this content via...
Panther Rose   10 #96 Posted December 5, 2010 My dear Waddler, I don't know about you but I am EXHAUSTED!!!! Is it ok if we continue this tomorrow? Share this post Link to post Share on other sites Share this content via...