Trojan not fully removed?

Discussion in 'Malware Help (A Specialist Will Reply)' started by joe2k1, Jul 11, 2009.

  1. joe2k1

    joe2k1 Private E-2

    My computer is still slow. I apparently had the wmv3.exe trojan. My friend advised to not do any internet banking on this computer! Can anyone please advise me if the logos indicate the problem is gone? It seems like the computer takes a bit longer to boot, with a blank screen during the bootup process. Thanks.

    hijacklogfirst
    ----
    Logfile of HijackThis v1.99.1
    Scan saved at 5:53:40 PM, on 11/07/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
    C:\Program Files\Print Server\PTP\PSDiagnostic.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Sun\StarOffice 8\program\soffice.exe
    C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ASUS Easy Update] C:\Program Files\ASUS\ASUS Easy Update\ALU.exe
    O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
    O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

    ---- end of hijacklog

    combofix log starts.
    -----
    ComboFix 09-07-09.08 - starscream 11/07/2009 14:43.1.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2039.1515 [GMT -4:00]
    Running from: c:\documents and settings\starscream\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\starscream\Start Menu\notepad.exe
    c:\recycler\S-1-5-21-2644482277-2998998207-3836090244-1003
    c:\recycler\S-1-5-21-369960939-2323332874-2773121696-1003
    c:\recycler\S-1-5-21-3766715307-2407281294-3986417749-1003
    c:\recycler\S-1-5-21-839522115-2147104195-725345543-1003
    c:\windows\system32\drivers\MSIVXserv.sys
    c:\windows\system32\mdm.exe
    c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_MSIVXserv.sys


    ((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
    .

    2009-07-11 16:35 . 2009-07-11 16:35 -------- d-----w- c:\documents and settings\starscream\Application Data\Malwarebytes
    2009-07-11 16:34 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-11 16:34 . 2009-07-11 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-07-11 16:34 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-11 16:34 . 2009-07-11 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-11 16:24 . 2009-07-11 16:24 -------- d-----w- c:\program files\Mediaviewer
    2009-07-11 16:23 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2009-07-11 16:19 . 2009-07-11 16:19 -------- d-----w- c:\program files\Windows Media Connect 2
    2009-07-11 16:16 . 2009-07-11 16:17 -------- d-----w- c:\windows\system32\drivers\UMDF
    2009-07-11 16:16 . 2009-07-11 16:16 -------- d-----w- c:\windows\system32\LogFiles
    2009-07-11 16:11 . 2009-07-11 16:11 -------- d-----w- c:\documents and settings\starscream\Application Data\vlc
    2009-06-22 03:09 . 2009-06-22 03:09 -------- d-----w- c:\documents and settings\starscream\Application Data\Ipswitch
    2009-06-22 03:09 . 2009-06-22 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Ipswitch
    2009-06-22 03:09 . 2009-03-25 00:27 50688 ----a-w- c:\windows\system32\wbhelp2.dll
    2009-06-22 03:08 . 2009-06-22 03:08 -------- d-----w- c:\program files\Ipswitch
    2009-06-22 02:47 . 2009-06-22 02:48 -------- d-----w- C:\test1

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-11 18:53 . 2008-11-24 22:41 256 ----a-w- c:\windows\system32\pool.bin
    2009-07-11 18:52 . 2008-08-25 21:35 -------- d-----w- c:\documents and settings\starscream\Application Data\StarOffice8
    2009-07-11 16:01 . 2009-03-15 17:43 -------- d-----w- c:\program files\Warcraft III
    2009-07-11 03:41 . 2008-08-29 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-07-10 02:10 . 2008-08-27 22:36 -------- d-----w- c:\documents and settings\starscream\Application Data\mIRC
    2009-07-10 00:56 . 2008-08-27 22:36 -------- d-----w- c:\program files\mIRC
    2009-06-28 21:47 . 2009-01-02 19:01 -------- d-----w- c:\documents and settings\starscream\Application Data\DVD Profiler
    2009-06-28 21:42 . 2009-01-02 18:59 -------- d-----w- c:\program files\DVD Profiler
    2009-06-22 03:08 . 2008-07-04 07:26 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-12 22:34 . 2008-07-04 06:22 -------- d-----w- c:\program files\Microsoft Works
    2009-06-05 03:10 . 2008-08-25 23:16 43512 ----a-w- c:\documents and settings\starscream\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-06-01 04:03 . 2009-06-01 04:03 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-05-31 14:11 . 2008-07-04 05:53 -------- d-----w- c:\program files\Java
    2009-05-31 14:09 . 2009-05-31 14:09 152576 ----a-w- c:\documents and settings\starscream\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-05-07 15:32 . 2007-12-20 21:26 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-04-29 04:56 . 2007-12-20 21:26 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-29 04:55 . 2007-12-20 21:26 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-26 21:39 . 2009-04-26 21:39 26694 ----a-r- c:\documents and settings\starscream\Application Data\Microsoft\Installer\{ED36CFF4-E78C-4AF3-825E-911E366AF4EB}\BlackBerry.exe
    2009-04-17 12:26 . 2007-12-20 21:26 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:51 . 2007-12-20 21:26 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-29 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
    "ASUS Easy Update"="c:\program files\ASUS\ASUS Easy Update\ALU.exe" [2008-10-16 188416]
    "PrintServer Diagnostic"="c:\program files\Print Server\PTP\PSDiagnostic.exe" [2005-06-03 266240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]

    c:\documents and settings\starscream\Start Menu\Programs\Startup\
    StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2008-1-21 122880]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-6-14 1512720]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\ryesam\\Extranet.exe"=
    "c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [21/02/2009 4:27 PM 9049]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [26/11/2008 12:21 AM 157696]
    S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [21/02/2009 4:27 PM 115008]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/07/2009 12:34 PM 38160]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [04/07/2008 3:27 AM 572416]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2009-07-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-29 02:42]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Alaunch - c:\sysprep\Alaunch.exe
    HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.asus.com
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\starscream\Application Data\Mozilla\Firefox\Profiles\rgezoe4k.default\
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-11 14:53
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\docume~1\STARSC~1\LOCALS~1\Temp\Perflib_Perfdata_a84.dat 16384 bytes

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2652)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\McAfee\Common Framework\Mctray.exe
    c:\program files\Sun\StarOffice 8\program\soffice.exe
    c:\program files\Sun\StarOffice 8\program\soffice.bin
    .
    **************************************************************************
    .
    Completion time: 2009-07-11 15:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-11 19:00

    Pre-Run: 17,813,262,336 bytes free
    Post-Run: 21,347,123,200 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    173 --- E O F --- 2009-06-12 22:34
    -----

    end of jacklog.
     
    joe2k1, Jul 11, 2009
    #1
  2. Elder_Usr

    Elder_Usr Sergeant

    Welcome to Major Geeks!

    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    Elder_Usr, Jul 14, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds