lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Nafamamo.dll Error Windows/system32 and Virtumonde

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Nafamamo.dll Error Windows/system32 and Virtumonde




Reply
Page 3 of 4 12 3 4
 
Thread Tools
  #21  
Old 18th Apr 2009, 22:06
Moderator Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Disable SpySweeper so it does not block any fixes.

You can re-enable it after you're clean.

To disable SpySweeper:
  • Open Spysweeper and click Options over to the left then Program Options and uncheck Load at windows startup
  • Over to the left click Shields and uncheck everything.
  • Uncheck Home page shield
  • Uncheck Automatically restore default without notification
----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)
  • O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
  • O1 - Hosts: 82.98.231.89 best-click-scanner.info
  • O2 - BHO: (no name) - {6B614AB8-BFAD-4E71-8D15-C9E775B2F85D} - (no file)
  • O2 - BHO: {c005df30-bdf6-2139-20c4-fc47330df38a} - {a83fd033-74cf-4c02-9312-6fdb03fd500c} - (no file)
  • O18 - Filter hijack: text/html - {756c3454-c197-4fc3-ac6c-f6041ef9cb2b} - C:\WINDOWS\system32\mst122.dll
  • O20 - Winlogon Notify: hgGyvvvS - hgGyvvvS.dll (file missing)
  • O20 - Winlogon Notify: ssqOHwXq - ssqOHwXq.dll (file missing)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix
__________________
  #22  
Old 18th Apr 2009, 23:33
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

I didn't get the log. I ran ComboFix, I watched it for about 5 minutes and then walked out of the room. Came back 20 minutes later and my computer looked like it restarted - it was on the main user login page. However, in the 5 minutes that I was watching it, I did see a few of the files it deleted and one of them was the system32/nafamamo.dll that I was having the main issue with. The warning has not popped up at all!!!

If there is a way to go back in and retrieve the log, let me know and I will do that. Otherwise it seems like my computer is fixed!!!!

I can't thank you enough for your help!! I am so glad I stumbled upon this site!!!

If I need to do anything else since you weren't able to see this ComboFix log, let me know.
  #23  
Old 19th Apr 2009, 09:58
Moderator Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Look in C:\combofix.txt for the log.
__________________
  #24  
Old 19th Apr 2009, 12:52
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Nothing there... I wonder if it never finished since it looked as though it restarted...
  #25  
Old 19th Apr 2009, 13:00
Moderator Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Just to be sure run ComboFix again. It will reproduce the log that I need.
__________________
  #26  
Old 19th Apr 2009, 13:31
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

ComboFix 09-04-19.04 - Jackie 04/19/2009 15:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.258 [GMT -5:00]
Running from: c:\documents and settings\Jackie\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
FW: Webroot Internet Security Essentials *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Jackie\Application Data\inst.exe
c:\windows\system32\aIkRtBeg.ini
c:\windows\system32\aIkRtBeg.ini2
c:\windows\system32\bowivigo.dll
c:\windows\system32\fosepaju.dll
c:\windows\system32\nafamamo.dll
c:\windows\system32\tuuFLkkj.ini2
c:\windows\system32\UCLSstwa.ini
c:\windows\system32\UCLSstwa.ini2
c:\windows\Tasks\qhdstcxk.job
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-19 04:21 . 2009-04-19 04:21 -------- d-----w c:\program files\Trend Micro
2009-04-18 08:01 . 2009-04-18 08:11 1374 ----a-w c:\windows\imsins.BAK
2009-04-18 01:25 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-18 01:25 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-18 01:25 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-18 01:25 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-18 01:25 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-18 01:25 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-18 01:25 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-18 01:25 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-18 01:25 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-18 01:22 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-18 01:22 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-18 01:22 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 03:58 . 2009-03-09 07:53 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-17 03:15 . 2009-04-17 03:15 -------- d-----w c:\documents and settings\Jackie\Application Data\Malwarebytes
2009-04-17 03:14 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-17 03:14 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 03:14 . 2009-04-17 03:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-17 03:14 . 2009-04-17 03:14 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-16 23:41 . 2009-04-16 23:41 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-16 23:41 . 2009-04-16 23:41 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-16 23:41 . 2009-04-16 23:41 -------- d-----w c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-04-16 23:40 . 2009-04-16 23:40 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-16 23:09 . 2009-04-16 23:09 -------- d-----w c:\program files\CCleaner
2009-04-15 22:37 . 2009-04-15 22:37 -------- d-----w c:\documents and settings\Administrator\Application Data\Webroot
2009-04-15 22:36 . 2009-04-15 22:36 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-04-09 20:55 . 2009-04-09 21:08 -------- d-----w c:\documents and settings\Jackie\Application Data\U3
2009-04-05 00:29 . 2009-04-05 00:29 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-05 00:18 . 2009-04-05 00:17 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-04-05 00:18 . 2009-04-05 00:17 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-04-05 00:18 . 2009-04-05 00:17 129784 ------w c:\windows\system32\pxafs.dll
2009-04-05 00:18 . 2009-04-05 00:17 116472 ------w c:\windows\system32\pxcpyi64.exe
2009-04-05 00:18 . 2009-04-05 00:17 118520 ------w c:\windows\system32\pxinsi64.exe
2009-04-04 01:53 . 2009-04-04 01:53 -------- d-----w c:\windows\system32\syncdb
2009-03-25 01:12 . 2009-03-25 01:12 -------- d-----w c:\program files\Common Files\xing shared
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-17 04:02 . 2009-04-17 04:01 17465 ----a-w C:\JavaRa.log
2009-04-17 04:01 . 2006-04-05 02:16 -------- d-----w c:\program files\Java
2009-04-17 03:51 . 2006-04-05 02:32 -------- d-----w c:\program files\McAfee
2009-04-17 03:49 . 2008-11-10 20:38 -------- d-----w c:\program files\Common
2009-04-16 23:25 . 2006-04-08 00:32 -------- d-----w c:\program files\Dl_cats
2009-04-16 23:04 . 2006-04-05 02:27 -------- d-----w c:\program files\WildTangent
2009-04-16 23:03 . 2006-04-05 02:24 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-16 23:03 . 2006-04-05 02:24 -------- d-----w c:\program files\Viewpoint
2009-04-16 01:39 . 2009-04-16 01:39 -------- d-----w c:\documents and settings\Administrator\Application Data\Symantec
2009-04-16 01:39 . 2008-09-06 00:55 -------- d-----w c:\program files\Whale Communications
2009-04-13 05:04 . 2009-01-13 05:04 47104 --sha-w c:\windows\system32\yagatezi.exe
2009-04-09 17:36 . 2006-05-07 16:37 -------- d-----w c:\documents and settings\Jackie\Application Data\LimeWire
2009-04-08 16:21 . 2006-04-08 02:05 62504 ----a-w c:\documents and settings\Frankie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 02:20 . 2006-04-07 01:45 62504 ----a-w c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 00:26 . 2006-04-10 22:38 -------- d-----w c:\program files\Common Files\Adobe
2009-03-29 21:28 . 2005-04-25 07:03 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-03-29 21:03 . 2006-08-12 23:24 -------- d-----w c:\documents and settings\Jackie\Application Data\Download Manager
2009-03-25 16:06 . 2008-11-04 19:57 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 16:06 . 2008-11-04 19:57 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 16:06 . 2008-11-04 19:57 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 16:06 . 2008-11-04 19:57 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 16:05 . 2008-11-04 19:57 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-25 01:12 . 2006-04-05 02:24 -------- d-----w c:\program files\Common Files\Real
2009-03-25 01:11 . 2003-02-21 09:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-15 14:12 . 2006-04-05 02:30 -------- d-----w c:\program files\Common Files\Corel
2009-03-15 14:12 . 2006-04-06 22:09 -------- d-----w c:\documents and settings\Jackie\Application Data\Corel
2009-03-15 14:12 . 2006-04-05 02:30 -------- d-----w c:\program files\Corel
2009-03-13 19:53 . 2006-04-07 01:45 8354 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-10 01:21 . 2009-03-10 01:21 -------- d-----w c:\program files\Smilebox
2009-03-09 10:19 . 2009-01-13 23:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-05-10 05:25 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-10 17:51 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 18:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2007-05-09 22:23 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 09:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 09:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-10 17:51 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 17:51 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-10 17:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 17:50 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-14 19:05 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 17:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 00:02 . 2008-10-14 19:05 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-08 00:02 . 2004-08-04 03:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-10 17:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-14 19:05 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-10 17:51 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-14 19:05 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-10 17:51 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-14 19:05 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 17:51 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-11 18:22 . 2008-12-19 22:47 2516 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-11 18:21 . 2008-12-19 22:47 88 --sh--r c:\documents and settings\All Users\Application Data\A4E934F6EB.sys
2008-12-19 23:17 . 2008-12-19 23:05 853860607 ----a-w c:\program files\ADBEPHSPCS4_LS1.7z
2008-12-19 23:05 . 2008-12-19 23:05 1228240 ----a-w c:\program files\ADBEPHSPCS4_LS1.exe
2008-12-15 18:12 . 2007-05-18 23:21 47360 ----a-w c:\documents and settings\Jackie\Application Data\pcouffin.sys
2007-08-15 18:41 . 2007-08-15 18:41 130 ----a-w c:\documents and settings\Frankie\Local Settings\Application Data\fusioncache.dat
2006-12-07 05:06 . 2006-12-07 05:06 24520 -c--a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-12-07 05:06 . 2006-12-07 05:06 128 -c--a-w c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2006-04-08 17:53 . 2006-04-08 17:53 129 ----a-w c:\documents and settings\Jackie\Local Settings\Application Data\fusioncache.dat
2007-12-10 03:04 . 2007-09-16 15:39 88 --sha-r c:\windows\system32\A4E934F6EB.sys
2006-06-06 03:00 . 2006-04-07 01:45 104 -csh--r c:\windows\system32\EBF634E9A4.sys
2008-08-06 00:10 . 2008-08-06 00:10 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080 806\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2003-05-14 1847296]
"SSRunScript"="c:\program files\Support.com\Charter\bin\SSRunScript.exe" [2003-02-19 40960]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 36904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-25 198160]
"UserFaultCheck"="c:\windows\system32\dumprep. exe" [2008-04-14 10752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [2005-06-07 69632]
c:\documents and settings\Jackie\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-7-31 385024]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-4 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-4 24576]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\nafamamo.dl l
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144900070\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144900070\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google Video\\gupload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\DLA\\DLACTRLW.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:https
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs 0bbc.sys [2008-11-12 29808]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.ex e [2008-11-13 1086840]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{105b4ca0-2513-11de-b59e-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-02 15:53]
2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-02 15:53]
2009-04-10 c:\windows\Tasks\wrSpySweeper_LCDA255A558564399AE2 6AA303B7F83CC.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-12-21 23:11]
2009-04-10 c:\windows\Tasks\wrSpySweeper_LCDA255A558564399AE2 6AA303B7F83CC.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-12-21 23:11]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://cccamera.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/barnyardinvasion/sis/slgwebinstall.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/ghbabeldeluxe/zylomplayer.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://cccamera.lifepics.com/net/Uploader/LPUploader57.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 15:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3300)
c:\program files\SiteAdvisor\6172\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
************************************************** ************************
.
Completion time: 2009-04-19 15:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 20:30
Pre-Run: 9,419,685,888 bytes free
Post-Run: 11,556,356,096 bytes free
288 --- E O F --- 2009-04-19 18:57
  #27  
Old 19th Apr 2009, 13:36
Moderator Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Quote:
FW: McAfee Personal Firewall *enabled*
FW: Webroot Internet Security Essentials *disabled*
Two firewalls is never a good idea. You should consider uninstalling one or the other.


The rest of the log looks OK. How is the computer running now?
__________________
  #28  
Old 19th Apr 2009, 13:39
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Running great. No pop ups or warnings.

I really appreciate your help!!
  #29  
Old 19th Apr 2009, 13:41
Moderator Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

Sounds good.

Time to do some cleanup and secure the work you have done.

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.
The above procedure will:
  • Delete:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.


----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
  #30  
Old 19th Apr 2009, 16:52
Member Group
  
Default Nafamamo.dll Error Windows/system32 and Virtumonde

The Secunia update site gave me 5 updates to Macromedia flashplayer, 2 for Apple Quicktime, and 2 for Adobe Flashplayer. Do I really need to update all of those, or can I just use the last one listed - that looks like the most recent version?
Reply
Page 3 of 4 12 3 4

Register

Bookmarks

Similar Threads
Thread Thread Starter Forum Replies Last Post
usbhub.sys driver missing in C:\WINDOWS\system32\drivers mxmatt15 General Software Chat 5 4th Nov 2009 21:14
Can Not Find Script File C:\WINDOWS\system32\Lio.vbs blubla Virus, Spyware & Security 17 26th Oct 2009 16:39
RIS Problem "Windows\system32\config\system" alfred01 Windows Operating Systems 0 17th Jun 2009 14:12
\windows\system32\config\system missing or corrupt fenderdude Windows Operating Systems 1 23rd Dec 2008 07:47
Virtumonde.dll, vundo here is my hijack log... mason61391 Virus, Spyware & Security 5 22nd Sep 2008 19:46
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.