PDA

View Full Version : Windows XP Recovery infection



sufferinginsilence
2011-05-20, 19:48
I think my PC is infected. I had a Windows XP Recovery popup and my desktop disappeared. I ran Malwarebytes and it found and removed some trojan files. My C drive was hidden and it looked empty!
I have since managed to get my desktop back again and am able to see the contents of my C drive.

I notice iexplore.exe regularly runs in the background. Even after I kill the process it reappears a few minutes later so there must still be some sort of infection.

Will be happy if someone can help me have a clean PC again!


Thanks



DDS LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 02/11/2005 06:54:05
System Uptime: 20/05/2011 08:30:36 (2 hours ago)
.
Motherboard: FUJITSU SIEMENS | | D2190-A
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU | 3058/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 43.653 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 98 GiB total, 89.401 GiB free.
Z: is FIXED (NTFS) - 20 GiB total, 19.46 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Network Controller
Device ID: PCI\VEN_1397&DEV_2BD0&SUBSYS_2BD01397&REV_02\4&31D8784D&0&48F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_1397&DEV_2BD0&SUBSYS_2BD01397&REV_02\4&31D8784D&0&48F0
Service:
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6600 slide
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1638: 11/05/2011 17:20:51 - System Checkpoint
RP1639: 12/05/2011 03:00:17 - Software Distribution Service 3.0
RP1640: 13/05/2011 08:35:09 - System Checkpoint
RP1641: 13/05/2011 20:08:24 - Software Distribution Service 3.0
RP1642: 14/05/2011 20:34:54 - System Checkpoint
RP1643: 16/05/2011 02:33:49 - System Checkpoint
RP1644: 16/05/2011 08:51:37 - Installed Windows XP Wdf01009.
RP1645: 16/05/2011 08:52:48 - Installed Windows XP Wudf01009.
RP1646: 17/05/2011 11:53:22 - Software Distribution Service 3.0
RP1647: 18/05/2011 13:37:39 - System Checkpoint
RP1648: 19/05/2011 01:07:19 - Windows Defender Checkpoint
RP1649: 19/05/2011 01:12:45 - Windows Defender Checkpoint
RP1650: 19/05/2011 17:46:01 - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator CS
Adobe Reader X (10.0.1)
Adobe SVG Viewer 3.0
avast! Free Antivirus
Belkin Bluetooth Software
BroadJump Client Foundation
Calculator Powertoy for Windows XP
CD-ROM
eGS-Overlay EUROPE
ERUNT 1.1j
ffdshow v1.1.3489 [2010-06-28]
FlashForge
Free DWG Viewer 6.3
Free Media Player 0.1
Garmin City Navigator Europe v9
Garmin MapSource
Garmin USB Drivers
Google Earth
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo Printing Software
hp psc 900 series
HP Share-to-Web
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Magical Jelly Bean KeyFinder
Malwarebytes' Anti-Malware
MapSource
MapSource - European City Navigator v6
markilux-bildschirmschoner ScreenSaver
markilux-screensaver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 4.0.1 (x86 en-GB)
Mozilla Thunderbird (3.1.10)
MSVC80_x86
MSVC80_x86_v2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MYOB BusinessBasics
Nero BurnRights
Nero OEM
NeroVision Express 3 SE
NeroVision Express Content
Netscape (7.1)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
OpenOffice.org 3.1
PartitionMagic
PC Connectivity Solution
PowerQuest PartitionMagic 8.0
QuickBooks SimpleStart
QuickTime
Real Alternative 2.0.2 Lite
Registry Mechanic
Safety Camera Map
SAGEM F@st 800-840
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smart Link 56K Modem
Software Update for Web Folders
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Tec-Sun Trade Calculator
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
UBCD4Win 3.04
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VAG-COM Release 704.1
Viewpoint Media Player (Remove Only)
WebFldrs XP
Windows Defender
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Hotfix - KB895181
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 11
Windows Messenger 5.1
Windows XP Service Pack 3
WinRAR archiver
Works Suite-Betriebssystem-Pack
.
==== Event Viewer Messages From Past Week ========
.
20/05/2011 10:01:14, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
20/05/2011 00:05:43, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor PCIIde SiSRaid2 viamraid
17/05/2011 11:51:04, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================






Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6619

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20/05/2011 00:02:07
mbam-log-2011-05-20 (00-02-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 46879
Time elapsed: 45 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DQMiuyMNARayQk (Trojan.FakeMS.Gen) -> Value: DQMiuyMNARayQk -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\dqmiuymnarayqk.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Brian\application data\Sun\Java\deployment\cache\6.0\8\7847cb48-16b41ef2 (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.

tashi
2011-05-20, 20:01
Hello sufferinginsilence,

The log posted is the "attach.txt which is why the log says, "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT" ;)

Please revisit the FAQ and then start a new topic. http://forums.spybot.info/showpost.php?p=1150&postcount=2

DDS Log

Download to your desktop DDS from one of the links below:

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)


Double click the tool to run it.
If a black Screen opens, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)


Best regards.

sufferinginsilence
2011-05-21, 02:13
sorry Tashi, I posted the wrong text...


I will post a new post

tashi
2011-05-21, 03:16
Cheers, please start a new topic as helpers look for ones without a response. :)