 AVG Resident Shield Alert & Web Shield Alert, Do not know how to remove it |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 4 2009, 05:11 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 7 Joined: 4-June 09 Member No.: 338,825  |
DDS (Ver_09-05-14.01) - NTFSx86 Run by Compaq_Owner at 2:48:23.73 on 06/04/2009 Thu Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.702.138 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\e.exe C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\windows\ld08.exe C:\windows\pp10.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\e.exe C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr C:\WINDOWS\system32\conime.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe, BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll EB: Internet Speed Monitor: {1b2588f5-45ce-4322-b755-d79944ad1b17} - c:\program files\ism\BndDrive6.dll EB: Internet Speed Monitor: {1ed6a320-8af3-4f06-868a-9ba95585712e} - c:\program files\ism\BndDrive7.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [QdrModule9] "c:\program files\qdrmodule\QdrModule9.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [AHNSD] "c:\program files\ahnlab\smart update utility\AhnSD.exe" mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageworkstation\TrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageworkstation\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sysldtray] c:\windows\ld08.exe mRun: [pp] c:\windows\pp10.exe dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: doginhispen.com Trusted Zone: whataboutadog.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 relog_ap ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\2zgixuf6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll ============= SERVICES / DRIVERS =============== R?2 AcrSch2Svc Task Scheduler;Acronis Scheduler2 Service AcrSch2Svc Task Scheduler;c:\windows\system32\e.exe run --> c:\windows\system32\e.exe run [?] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-24 325896] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-24 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-24 108552] R2 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files\ahnlab\smart update utility\AhnSDsv.exe [2008-4-28 174792] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-16 38496] S3 st324kj;st324kj;c:\windows\system32\drivers\st324kj.sys --> c:\windows\system32\drivers\st324kj.sys [?] =============== Created Last 30 ================ 2009-06-04 02:23 17,408 a------- c:\windows\run_1244116590.exe 2009-06-04 02:23 15,872 a------- c:\windows\run_1244127169.exe 2009-06-04 01:21 1 a------- c:\windows\9g2234wesdf3dfgjf23 2009-06-04 01:21 14,336 ----h--- c:\windows\pp10.exe 2009-06-04 01:21 2 ----h--- c:\windows\ro122730.dat 2009-06-04 01:19 14,848 ----h--- c:\windows\ld08.exe 2009-06-04 01:19 <DIR> --d----- c:\program files\Microsoft Common 2009-06-02 03:50 <DIR> --dsh--- c:\windows\system32\lowsec 2009-06-02 03:50 24,576 a---h--- c:\windows\system32\e.exe 2009-05-31 12:50 <DIR> --d----- c:\program files\The Creative Assembly 2009-05-26 00:11 <DIR> --d-h--- C:\$AVG8.VAULT$ ==================== Find3M ==================== 2009-05-01 14:44 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-01 14:44 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-05-01 14:44 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-03-29 21:03 36,095 a------- c:\windows\DIIUnin.dat 2009-03-29 21:02 21,840 a------t c:\windows\system32\SIntfNT.dll 2009-03-29 21:02 17,212 a------t c:\windows\system32\SIntf32.dll 2009-03-29 21:02 12,067 a------t c:\windows\system32\SIntf16.dll 2009-03-29 03:13 94,208 a------- c:\windows\DIIUnin.exe 2009-03-29 03:13 2,829 a------- c:\windows\DIIUnin.pif 2009-03-21 07:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll 2009-03-06 07:44 283,648 a------- c:\windows\system32\pdh.dll 2009-03-06 07:44 283,648 a------- c:\windows\system32\dllcache\pdh.dll 2006-03-30 20:52 1 ac------ c:\documents and settings\compaq_owner\SI.bin 2005-01-14 05:34 0 ac------ c:\docume~1\compaq~1\applic~1\wklnhst.dat 2003-04-03 00:21 23,938 ac---r-- c:\windows\inf\SMC2208.SYS ============= FINISH: 2:50:29.20 ===============
Attached File(s)
|
 |
 
|
|
Jun 4 2009, 07:07 AM
Post
#2
|
|
 Malware Killer Dog Group: HJT Team Posts: 18,699 Joined: 18-February 05 From: Belgium Member No.: 12,408 |
Hi,
* Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Jun 5 2009, 12:17 AM
Post
#3
|
|
|
New Member Group: Members Posts: 7 Joined: 4-June 09 Member No.: 338,825 |
Hello,
My computer actually started going nuts to where I couldn't even get online or load any applications so I had to do a PC recovery. After this, I used Malwarebytes and there were about 25 objects found! I removed them and did another DDS. I'm also going to post trend micro hijackthis log that i ran also. Malwarebytes' Anti-Malware 1.37 Database version: 2232 Windows 5.1.2600 Service Pack 2 6/4/2009 10:03:13 PM mbam-log-2009-06-04 (22-03-13).txt Scan type: Quick Scan Objects scanned: 99353 Time elapsed: 6 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 2 Files Infected: 21 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\MicPhone (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully. c:\hgjokgc.exe (Trojan.Winwebsec) -> Quarantined and deleted successfully. c:\lquq.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\rdl11.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\naweuhrgybrnvnbwgokimolddb44.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\UACb8fa.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\_A00F3D8CD.exe (Trojan.Vundo) -> Quarantined and deleted successfully. c:\WINDOWS\Temp\temporary internet files\Content.IE5\Q1W945I3\ms[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. c:\program files\microsoft common\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\MicPhone\antit.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\MicPhone\antit.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\msmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\dhcp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\pp10.exe (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\ro122715.dat (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\ro122730.dat (Worm.KoobFace) -> Quarantined and deleted successfully. c:\WINDOWS\ro122739.dat (Worm.KoobFace) -> Quarantined and deleted successfully. DDS (Ver_09-05-14.01) - NTFSx86 Run by Compaq_Owner at 22:09:13.37 on Thu 06/04/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.702.417 [GMT -7:00] AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\hp\bin\cloaker.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\hp\bin\cloaker.exe c:\windows\i386\winnt32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll mRun: [PCDrProfiler] "c:\program files\pc-doctor 5 for windows\RunProfiler.exe" -r mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll ============= SERVICES / DRIVERS =============== R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-3-4 185968] R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-3-4 239216] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-3-4 161392] R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-3-24 127088] R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-2-4 53896] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050620.007\NAVENG.Sys [2005-8-26 73760] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050620.007\NavEx15.Sys [2005-8-26 632000] R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-2-4 324232] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-3-4 83568] S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-2-17 198368] =============== Created Last 30 ================ 2009-06-04 22:09 450,794 a------- C:\txtsetup.sif 2009-06-04 22:09 260,272 a------- C:\$LDR$ 2009-06-04 22:08 <DIR> --d----- C:\$WIN_NT$.~BT 2009-06-04 22:08 <DIR> --d----- c:\windows\setupupd 2009-06-04 21:53 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes 2009-06-04 21:53 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-04 21:53 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-04 21:47 221,184 a------- c:\windows\system32\wmpns.dll 2009-06-04 21:46 1,839 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_ED865AA-ABA SR1610NX NA540_YC_0Pres_QMXK535_E54NAheRED3_48_IAMETHYST-M_SMSI_V1.0_B3.33_T050817_WXH2_L409_M703_J80_7AMD_8Sempron_91.79_#050922_N10EC81 39_Z11C1048C_G10025954_OTSSTcorp CDW DVD TS-H492C.MRK 2009-06-04 21:44 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Symantec 2009-06-04 21:44 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Intuit 2009-06-04 21:44 <DIR> --d----- c:\documents and settings\compaq_owner\WINDOWS 2009-06-04 21:44 <DIR> --d----- c:\documents and settings\Compaq_Owner 2009-06-04 21:33 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-06-04 20:50 202 a------- C:\2.reg 2009-06-04 20:36 <DIR> --d----- c:\windows\dhcp 2009-06-04 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\12910464 2009-06-04 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\92920456 2009-06-04 20:33 20,480 a------- C:\naiyvquh.exe 2009-06-04 20:33 2 a------- C:\407489284 2009-05-31 12:50 <DIR> --d----- c:\program files\The Creative Assembly 2009-05-26 00:11 <DIR> --d-h--- C:\$AVG8.VAULT$ ==================== Find3M ==================== 2009-06-04 20:42 579 a------- C:\xcrashdump.dat 2009-03-29 21:03 36,095 a------- c:\windows\DIIUnin.dat 2009-03-29 03:13 94,208 a------- c:\windows\DIIUnin.exe 2009-03-29 03:13 2,829 a------- c:\windows\DIIUnin.pif 2006-03-30 20:52 1 ac------ c:\documents and settings\compaq_owner\SI.bin 2003-04-03 00:21 23,938 ac---r-- c:\windows\inf\SMC2208.SYS ============= FINISH: 22:10:07.28 =============== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:08:10 PM, on 6/4/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\hp\bin\cloaker.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\hp\bin\cloaker.exe c:\windows\i386\winnt32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 8514 bytes
Attached File(s)
|
|
|
|
|
Jun 5 2009, 12:19 AM
Post
#4
|
|
|
New Member Group: Members Posts: 7 Joined: 4-June 09 Member No.: 338,825 |
My computer started going nuts and the only thing that was popping out was 'System Security' which even changed my wallpaper to some warning message. My computer also started to restart unexpectedly. Right now, it seems fine but I'm surprised that there were so many objects found in the malwarebytes scan.
|
|
|
|
|
Jun 5 2009, 02:28 AM
Post
#5
|
|
|
Malware Killer Dog Group: HJT Team Posts: 18,699 Joined: 18-February 05 From: Belgium Member No.: 12,408 |
QUOTE Right now, it seems fine but I'm surprised that there were so many objects found in the malwarebytes scan. Why are you suprised?Your computer was severly infected and maybe still is. That's why... * Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Post the log from ComboFix in your next reply. Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how. By the way, I see you had AVG before, uninstalled and installed NIS instead. Did you purchase NIS? -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Jun 10 2009, 12:58 AM
Post
#6
|
|
|
New Member Group: Members Posts: 7 Joined: 4-June 09 Member No.: 338,825 |
Hello,
Were you talking about norton? if so, i uninstalled it because i did not have a key or anything to do with it. I'm guessing it was preinstalled on the computer when i first got it but the subscription is expired now anyway. I should only have AVG now. Here's the combofix log. Also, sorry if I was surprised, I'm not exactly much of an expert with computers. I just thought if i did the recovery that it would erase everything back to its factory installed state so i thought there wouldn't be anything wrong now. =P ComboFix 09-06-09.06 - Compaq_Owner 06/09/2009 22:31.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.702.391 [GMT -7:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\as.txt c:\documents and settings\All Users\Application Data\12910464 c:\documents and settings\All Users\Application Data\12910464\12910464.exe c:\documents and settings\All Users\Application Data\12910464\12910464.glu c:\documents and settings\All Users\Application Data\12910464\pc12910464cnf c:\documents and settings\All Users\Application Data\12910464\pc12910464ins c:\documents and settings\All Users\Application Data\92920456 c:\documents and settings\All Users\Application Data\92920456\92920456.exe c:\progra~1\COMMON~1\{1849C~1 c:\progra~1\COMMON~1\{3849C~1 c:\temp\17o7 c:\temp\17o7\tmpTF.log c:\temp\tn3 c:\windows\IE4 Error Log.txt c:\windows\Install.txt c:\windows\KBPK090604.log c:\windows\search_res.txt C:\xcrashdump.dat D:\Autorun.inf D:\Desktop.ini . ((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 ))))))))))))))))))))))))))))))) . 2009-06-05 06:02 . 2009-06-10 04:51 -------- d-----w- c:\windows\system32\drivers\Avg 2009-06-05 06:02 . 2009-06-05 06:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-05 06:02 . 2009-06-05 06:02 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-05 06:02 . 2009-06-05 06:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-05 06:02 . 2009-06-05 06:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-06-05 04:54 . 2009-06-05 04:54 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-05 04:53 . 2009-06-05 04:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes 2009-06-05 04:53 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-05 04:53 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-05 04:48 . 2009-06-05 04:48 7406 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_63cb6bfc.exe 2009-06-05 04:48 . 2009-06-05 04:48 1078 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_6e5d1ad4.exe 2009-06-05 04:47 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-06-05 04:42 . 2005-08-27 05:12 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS 2009-06-05 03:50 . 2009-06-05 03:50 202 ----a-w- C:\2.reg 2009-06-05 03:36 . 2009-06-05 05:03 -------- d-----w- c:\windows\dhcp 2009-06-05 03:33 . 2009-06-05 03:33 20480 ----a-w- C:\naiyvquh.exe 2009-05-31 19:50 . 2009-05-31 19:50 -------- d-----w- c:\program files\The Creative Assembly 2009-05-26 07:11 . 2009-06-04 23:20 -------- d--h--w- C:\$AVG8.VAULT$ 2009-05-26 05:25 . 2009-05-26 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-05-16 01:07 . 2009-05-16 01:05 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll 2009-05-16 01:07 . 2009-05-16 01:05 3401496 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-10 05:27 . 2005-01-14 12:34 33128 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-10 05:05 . 2005-08-27 05:31 -------- d-----w- c:\program files\Symantec 2009-06-10 05:02 . 2005-08-27 05:31 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-05 13:45 . 2005-08-27 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-06-05 05:52 . 2009-03-25 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-06-05 04:54 . 2009-04-16 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-05 04:46 . 2009-06-05 04:46 1839 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ED865AA-ABA SR1610NX NA540_YC_0Pres_QMXK535_E54NAheRED3_48_IAMETHYST-M_SMSI_V1.0_B3.33_T050817_WXH2_L409_M703_J80_7AMD_8Sempron_91.79_#050922_N10EC81 39_Z11C1048C_G10025954_OTSSTcorp CDW DVD TS-H492C.MRK 2009-06-05 04:46 . 2005-08-27 05:24 -------- d-----w- c:\program files\Easy Internet signup 2009-06-02 05:17 . 2009-03-29 10:05 -------- d-----w- c:\program files\Diablo II 2009-04-28 21:37 . 2009-04-28 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-28 21:37 . 2009-04-28 21:34 -------- d-----w- c:\program files\Common Files\Apple 2009-04-28 21:36 . 2009-04-28 21:36 -------- d-----w- c:\program files\Bonjour 2009-04-28 21:34 . 2009-04-28 21:34 -------- d-----w- c:\program files\Apple Software Update 2009-04-28 21:34 . 2009-04-28 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-04-26 04:31 . 2009-04-26 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-04-26 04:30 . 2009-04-26 04:28 -------- d-----w- c:\program files\Yahoo! 2009-04-16 23:11 . 2009-04-16 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-02 23:29 . 2009-04-02 23:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-03-30 04:03 . 2009-03-29 10:13 36095 ----a-w- c:\windows\DIIUnin.dat 2009-03-29 10:13 . 2009-03-29 10:13 94208 ----a-w- c:\windows\DIIUnin.exe 2009-03-29 10:13 . 2009-03-29 10:13 2829 ----a-w- c:\windows\DIIUnin.pif 2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-19 00:55 . 2009-04-26 04:28 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-08-27 05:03 . 2005-05-11 00:50 253952 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe 2005-08-27 05:03 . 2005-05-11 00:50 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe 2005-11-22 05:59 . 2005-10-29 05:05 344064 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe 2005-08-27 04:48 . 2005-06-08 11:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe 2005-08-27 04:56 . 2005-08-27 04:56 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe 2005-08-27 04:56 . 2005-08-27 04:56 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe 2005-03-04 16:40 . 2005-03-04 16:40 48752 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe 2004-11-03 06:59 . 2004-11-03 06:59 218240 c:\program files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe 2007-02-21 04:06 . 2007-02-21 04:06 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe 2006-03-15 03:14 . 2006-11-19 08:32 406016 c:\program files\Grisoft\AVG Free\bak\avgcc.exe 2005-02-26 05:34 . 2005-02-26 05:34 245760 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe 2005-02-26 05:34 . 2005-02-26 05:34 245760 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe 2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe 2005-02-17 13:11 . 2005-02-17 13:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe 2005-08-27 05:11 . 2005-08-27 05:11 98304 c:\program files\QuickTime\bak\qttask.exe 2005-08-27 05:11 . 2005-08-27 05:11 98304 c:\program files\QuickTime\qttask.exe 2006-10-10 23:32 . 2004-08-04 12:00 208952 c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE 2006-10-10 23:32 . 2004-08-04 12:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe 2006-10-10 23:33 . 2004-08-04 12:00 44032 c:\windows\ime\imkr6_1\bak\IMEKRMIG.EXE 2006-10-10 23:33 . 2004-08-04 12:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-27 180269] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928] "PCDrProfiler"="" [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-05 06:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/4/2009 11:02 PM 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/4/2009 11:02 PM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/24/2009 8:10 PM 298776] --- Other Services/Drivers In Memory --- *NewlyCreated* - HTTPFILTER . Contents of the 'Scheduled Tasks' folder 2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-06-05 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 23:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-09 22:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-06-10 22:39 ComboFix-quarantined-files.txt 2009-06-10 05:39 Pre-Run: 52,640,096,256 bytes free Post-Run: 52,670,525,440 bytes free 171 |
|
|
|
|
Jun 10 2009, 02:23 AM
Post
#7
|
|
|
Malware Killer Dog Group: HJT Team Posts: 18,699 Joined: 18-February 05 From: Belgium Member No.: 12,408 |
Hi,
This looks like this isn't the first time you got infected. You really have to be more careful. I'll post some tips afterwards how to do this  * Open notepad - don't use any other texteditor than notepad or the script will fail. Copy/paste the text in the quotebox below into notepad: QUOTE File:: C:\naiyvquh.exe AWF:: c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe c:\program files\Grisoft\AVG Free\bak\avgcc.exe Folder:: c:\windows\dhcp c:\program files\Hewlett-Packard\HP Boot Optimizer\bak c:\program files\HP\HP Software Update\bak c:\program files\QuickTime\bak c:\windows\ime\imjp8_1\bak c:\windows\ime\imkr6_1\bak c:\program files\Common Files\Symantec Shared\Security Center\bak c:\program files\Common Files\Symantec Shared\bak c:\hp\drivers\hplsbwatcher\bak c:\program files\ATI Technologies\ATI Control Panel\bak c:\program files\Common Files\Real\Update_OB\bak Save this as txtfile CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.  This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Jun 10 2009, 05:03 PM
Post
#8
|
|
|
New Member Group: Members Posts: 7 Joined: 4-June 09 Member No.: 338,825 |
ComboFix 09-06-09.06 - Compaq_Owner 06/10/2009 14:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.702.391 [GMT -7:00] Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "C:\naiyvquh.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\hp\drivers\hplsbwatcher\bak c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe C:\naiyvquh.exe c:\program files\ATI Technologies\ATI Control Panel\bak c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe c:\program files\Common Files\Real\Update_OB\bak c:\program files\Common Files\Real\Update_OB\bak\realsched.exe c:\program files\Common Files\Symantec Shared\bak c:\program files\Common Files\Symantec Shared\bak\ccApp.exe c:\program files\Common Files\Symantec Shared\Security Center\bak c:\program files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe c:\program files\Hewlett-Packard\HP Boot Optimizer\bak c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe c:\program files\HP\HP Software Update\bak c:\program files\HP\HP Software Update\bak\HPwuSchd2.exe c:\program files\QuickTime\bak c:\program files\QuickTime\bak\qttask.exe c:\windows\dhcp c:\windows\ime\imjp8_1\bak c:\windows\ime\imjp8_1\bak\IMJPMIG.EXE c:\windows\ime\imkr6_1\bak c:\windows\ime\imkr6_1\bak\IMEKRMIG.EXE . ((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 ))))))))))))))))))))))))))))))) . 2009-06-05 06:02 . 2009-06-10 21:30 -------- d-----w- c:\windows\system32\drivers\Avg 2009-06-05 06:02 . 2009-06-05 06:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-05 06:02 . 2009-06-05 06:02 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-05 06:02 . 2009-06-05 06:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-05 06:02 . 2009-06-05 06:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-06-05 04:54 . 2009-06-05 04:54 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-05 04:53 . 2009-06-05 04:53 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes 2009-06-05 04:53 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-05 04:53 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-05 04:48 . 2009-06-05 04:48 7406 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_63cb6bfc.exe 2009-06-05 04:48 . 2009-06-05 04:48 1078 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_6e5d1ad4.exe 2009-06-05 04:47 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-06-05 04:42 . 2005-08-27 05:12 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS 2009-06-05 03:50 . 2009-06-05 03:50 202 ----a-w- C:\2.reg 2009-05-31 19:50 . 2009-05-31 19:50 -------- d-----w- c:\program files\The Creative Assembly 2009-05-26 07:11 . 2009-06-04 23:20 -------- d--h--w- C:\$AVG8.VAULT$ 2009-05-26 05:25 . 2009-05-26 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-05-16 01:07 . 2009-05-16 01:05 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll 2009-05-16 01:07 . 2009-05-16 01:05 3401496 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-10 21:36 . 2005-08-27 05:10 -------- d-----w- c:\program files\QuickTime 2009-06-10 21:36 . 2005-08-27 05:31 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-10 05:27 . 2005-01-14 12:34 33128 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-10 05:05 . 2005-08-27 05:31 -------- d-----w- c:\program files\Symantec 2009-06-05 13:45 . 2005-08-27 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-06-05 05:52 . 2009-03-25 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-06-05 04:54 . 2009-04-16 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-05 04:46 . 2009-06-05 04:46 1839 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ED865AA-ABA SR1610NX NA540_YC_0Pres_QMXK535_E54NAheRED3_48_IAMETHYST-M_SMSI_V1.0_B3.33_T050817_WXH2_L409_M703_J80_7AMD_8Sempron_91.79_#050922_N10EC81 39_Z11C1048C_G10025954_OTSSTcorp CDW DVD TS-H492C.MRK 2009-06-05 04:46 . 2005-08-27 05:24 -------- d-----w- c:\program files\Easy Internet signup 2009-06-02 05:17 . 2009-03-29 10:05 -------- d-----w- c:\program files\Diablo II 2009-04-28 21:37 . 2009-04-28 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-28 21:37 . 2009-04-28 21:34 -------- d-----w- c:\program files\Common Files\Apple 2009-04-28 21:36 . 2009-04-28 21:36 -------- d-----w- c:\program files\Bonjour 2009-04-28 21:34 . 2009-04-28 21:34 -------- d-----w- c:\program files\Apple Software Update 2009-04-28 21:34 . 2009-04-28 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-04-26 04:31 . 2009-04-26 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-04-26 04:30 . 2009-04-26 04:28 -------- d-----w- c:\program files\Yahoo! 2009-04-16 23:11 . 2009-04-16 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-02 23:29 . 2009-04-02 23:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-03-30 04:03 . 2009-03-29 10:13 36095 ----a-w- c:\windows\DIIUnin.dat 2009-03-29 10:13 . 2009-03-29 10:13 94208 ----a-w- c:\windows\DIIUnin.exe 2009-03-29 10:13 . 2009-03-29 10:13 2829 ----a-w- c:\windows\DIIUnin.pif 2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-19 00:55 . 2009-04-26 04:28 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-10_05.37.13 ))))))))))))))))))))))))))))))))))))))))) . + 2005-08-27 04:46 . 2005-06-28 17:21 22752 c:\windows\system32\spupdsvc.exe - 2005-08-27 04:46 . 2005-02-25 03:35 22752 c:\windows\system32\spupdsvc.exe + 2005-08-27 04:44 . 2005-06-28 17:20 13536 c:\windows\system32\spmsg.dll + 2004-08-04 12:00 . 2007-04-30 15:20 5537792 c:\windows\system32\wmp.dll + 2004-08-04 12:00 . 2007-04-30 15:20 5537792 c:\windows\system32\dllcache\wmp.dll + 2007-08-15 09:28 . 2004-08-11 15:45 5550080 c:\windows\$NtUninstallKB936782_WMP10$\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-27 180269] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-05 06:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/4/2009 11:02 PM 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/4/2009 11:02 PM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/24/2009 8:10 PM 298776] . Contents of the 'Scheduled Tasks' folder 2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-06-05 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 23:46] . - - - - ORPHANS REMOVED - - - - HKLM-Run-PCDrProfiler - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-10 14:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(568) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-06-10 14:43 ComboFix-quarantined-files.txt 2009-06-10 21:43 ComboFix2.txt 2009-06-10 05:39 Pre-Run: 52,636,839,936 bytes free Post-Run: 52,623,949,824 bytes free 161 --- E O F --- 2009-06-10 06:01 |
|
|
|
|
Jun 10 2009, 06:01 PM
Post
#9
|
|
|
Malware Killer Dog Group: HJT Team Posts: 18,699 Joined: 18-February 05 From: Belgium Member No.: 12,408 |
Hi,
This looks OK again. * Go to start > run and copy and paste next command in the field: ComboFix /u Make sure there's a space between Combofix and / Then hit enter. This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again. Let me know in your next reply how things are now. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Jun 10 2009, 06:09 PM
Post
#10
|
|
|
New Member Group: Members Posts: 7 Joined: 4-June 09 Member No.: 338,825 |
"This looks like this isn't the first time you got infected. You really have to be more careful. I'll post some tips afterwards how to do this"
Everything seems fine so far. Any tips for future? Thanks a bunch! |
|
|
|
|
Jun 10 2009, 06:12 PM
Post
#11
|
|
|
Malware Killer Dog Group: HJT Team Posts: 18,699 Joined: 18-February 05 From: Belgium Member No.: 12,408 |
Glad I could help.
Please read my Prevention page with lots of info and tips how to prevent this in the future. And if you want to improve speed/system performance after malware removal, take a look here. Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. Happy Surfing again! -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Jun 15 2009, 10:52 AM
Post
#12
|
|
|
Malware Killer Dog Group: HJT Team Posts: 18,699 Joined: 18-February 05 From: Belgium Member No.: 12,408 |
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 06:49 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.