Results 1 to 4 of 4

Thread: Windows XP Recovery infection

  1. #1
    Member
    Join Date
    Jun 2008
    Location
    UK
    Posts
    68

    Default Windows XP Recovery infection

    I think my PC is infected. I had a Windows XP Recovery popup and my desktop disappeared. I ran Malwarebytes and it found and removed some trojan files. My C drive was hidden and it looked empty!
    I have since managed to get my desktop back again and am able to see the contents of my C drive.

    I notice iexplore.exe regularly runs in the background. Even after I kill the process it reappears a few minutes later so there must still be some sort of infection.

    Will be happy if someone can help me have a clean PC again!


    Thanks



    DDS LOG

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 02/11/2005 06:54:05
    System Uptime: 20/05/2011 08:30:36 (2 hours ago)
    .
    Motherboard: FUJITSU SIEMENS | | D2190-A
    Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU | 3058/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 69 GiB total, 43.653 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 98 GiB total, 89.401 GiB free.
    Z: is FIXED (NTFS) - 20 GiB total, 19.46 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Network Controller
    Device ID: PCI\VEN_1397&DEV_2BD0&SUBSYS_2BD01397&REV_02\4&31D8784D&0&48F0
    Manufacturer:
    Name: Network Controller
    PNP Device ID: PCI\VEN_1397&DEV_2BD0&SUBSYS_2BD01397&REV_02\4&31D8784D&0&48F0
    Service:
    .
    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 6600 slide
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP1638: 11/05/2011 17:20:51 - System Checkpoint
    RP1639: 12/05/2011 03:00:17 - Software Distribution Service 3.0
    RP1640: 13/05/2011 08:35:09 - System Checkpoint
    RP1641: 13/05/2011 20:08:24 - Software Distribution Service 3.0
    RP1642: 14/05/2011 20:34:54 - System Checkpoint
    RP1643: 16/05/2011 02:33:49 - System Checkpoint
    RP1644: 16/05/2011 08:51:37 - Installed Windows XP Wdf01009.
    RP1645: 16/05/2011 08:52:48 - Installed Windows XP Wudf01009.
    RP1646: 17/05/2011 11:53:22 - Software Distribution Service 3.0
    RP1647: 18/05/2011 13:37:39 - System Checkpoint
    RP1648: 19/05/2011 01:07:19 - Windows Defender Checkpoint
    RP1649: 19/05/2011 01:12:45 - Windows Defender Checkpoint
    RP1650: 19/05/2011 17:46:01 - Windows Defender Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Ad-Aware SE Personal
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Illustrator CS
    Adobe Reader X (10.0.1)
    Adobe SVG Viewer 3.0
    avast! Free Antivirus
    Belkin Bluetooth Software
    BroadJump Client Foundation
    Calculator Powertoy for Windows XP
    CD-ROM
    eGS-Overlay EUROPE
    ERUNT 1.1j
    ffdshow v1.1.3489 [2010-06-28]
    FlashForge
    Free DWG Viewer 6.3
    Free Media Player 0.1
    Garmin City Navigator Europe v9
    Garmin MapSource
    Garmin USB Drivers
    Google Earth
    Google Update Helper
    Google Updater
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photo Printing Software
    hp psc 900 series
    HP Share-to-Web
    Intel(R) Graphics Media Accelerator Driver
    InterVideo WinDVD
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Magical Jelly Bean KeyFinder
    Malwarebytes' Anti-Malware
    MapSource
    MapSource - European City Navigator v6
    markilux-bildschirmschoner ScreenSaver
    markilux-screensaver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Publisher 2002
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Works
    Microsoft XML Parser
    Mozilla Firefox 4.0.1 (x86 en-GB)
    Mozilla Thunderbird (3.1.10)
    MSVC80_x86
    MSVC80_x86_v2
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MYOB BusinessBasics
    Nero BurnRights
    Nero OEM
    NeroVision Express 3 SE
    NeroVision Express Content
    Netscape (7.1)
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia Software Updater
    OpenOffice.org 3.1
    PartitionMagic
    PC Connectivity Solution
    PowerQuest PartitionMagic 8.0
    QuickBooks SimpleStart
    QuickTime
    Real Alternative 2.0.2 Lite
    Registry Mechanic
    Safety Camera Map
    SAGEM F@st 800-840
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Smart Link 56K Modem
    Software Update for Web Folders
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    Tec-Sun Trade Calculator
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    UBCD4Win 3.04
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VAG-COM Release 704.1
    Viewpoint Media Player (Remove Only)
    WebFldrs XP
    Windows Defender
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
    Windows Driver Package - Nokia Modem (10/07/2010 4.6)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Hotfix - KB895181
    Windows Media Player 10 Hotfix - KB888656
    Windows Media Player 11
    Windows Messenger 5.1
    Windows XP Service Pack 3
    WinRAR archiver
    Works Suite-Betriebssystem-Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/05/2011 10:01:14, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
    20/05/2011 00:05:43, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor PCIIde SiSRaid2 viamraid
    17/05/2011 11:51:04, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================






    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6619

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    20/05/2011 00:02:07
    mbam-log-2011-05-20 (00-02-07).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 46879
    Time elapsed: 45 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DQMiuyMNARayQk (Trojan.FakeMS.Gen) -> Value: DQMiuyMNARayQk -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\all users\application data\dqmiuymnarayqk.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\Brian\application data\Sun\Java\deployment\cache\6.0\8\7847cb48-16b41ef2 (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello sufferinginsilence,

    The log posted is the "attach.txt which is why the log says, "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT"

    Please revisit the FAQ and then start a new topic. http://forums.spybot.info/showpost.p...50&postcount=2

    DDS Log

    Download to your desktop DDS from one of the links below:

    Link 1
    Link 2

    • Double click the tool to run it.
    • If a black Screen opens, just read the contents and do nothing.
    • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
    • Copy/Paste the contents of 'DDS.txt' into your post.
    • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)


    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Member
    Join Date
    Jun 2008
    Location
    UK
    Posts
    68

    Default

    sorry Tashi, I posted the wrong text...


    I will post a new post

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Cheers, please start a new topic as helpers look for ones without a response.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •