Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Doctor


  • This topic is locked This topic is locked
8 replies to this topic

#1 Joobyjub

Joobyjub

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 30 March 2009 - 12:36 AM

Hi, I keep getting this strange pop up asking me to download Virusdoctor. Each time I have shut down my computer completely, so I am not sure if I am infected or if this was just a random popup. Just to be safe here is my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:32 AM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.penny-arcade.com/
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Coast to Coast AM] C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: En&queue current page with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link tar&get with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with BI&D - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O8 - Extra context menu item: Open current page with BID Link E&xplorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E6F23E5-DB9A-4838-99CE-521BDCA919EC}: NameServer = 192.168.15.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7055 bytes

Any help would be great.

Edited by Joobyjub, 30 March 2009 - 01:01 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:57 PM

Posted 07 April 2009 - 03:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Joobyjub

Joobyjub
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 12 April 2009 - 12:33 AM

Alright, sorry I took so long. Since last time I have not had the popup and have also purchased and installed Malewarebytes Anti-Malware.


Here's my DDS report.


DDS (Ver_09-03-16.01) - NTFSx86
Run by heptus at 12:30:07.21 on Sat 04/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1022 [GMT -7:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zune\Zune.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\heptus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.penny-arcade.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Coast to Coast AM] c:\program files\coast to coast am media center\Coast to Coast AM Media Center.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: En&queue current page with BID - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Open current page with BID Link E&xplorer - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: {5E6F23E5-DB9A-4838-99CE-521BDCA919EC} = 192.168.15.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\heptus\applic~1\mozilla\firefox\profiles\gjudcdjk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.penny-arcade.com
FF - component: c:\documents and settings\heptus\application data\mozilla\firefox\profiles\gjudcdjk.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-3-4 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-4 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-4 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-4 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-27 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-3-27 1356616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-30 179856]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-5 24652]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-3-4 29208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-30 15504]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-3-7 93184]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-3-4 29208]
S4 Dmm_utnccd;Dmm_utnccd; [x]

=============== Created Last 30 ================

2009-04-09 23:38 <DIR> --d-h--- c:\windows\PIF
2009-04-07 19:13 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-04-07 19:00 <DIR> --d----- c:\program files\Netflix
2009-04-07 18:44 189,784 a------- c:\windows\system32\PnkBstrB.xtr
2009-04-07 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\id Software
2009-04-05 03:05 <DIR> --d----- c:\documents and settings\heptus\Tracing
2009-04-05 03:00 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-05 02:57 <DIR> --d----- c:\program files\Microsoft
2009-04-05 02:55 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-30 13:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-30 13:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-30 13:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 13:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 13:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 20:50 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-29 20:43 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-29 20:42 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-29 20:42 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-29 20:42 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-29 20:42 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-29 20:42 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-29 20:42 <DIR> --d----- C:\879b874308817003d2a44dd945a5f917
2009-03-29 20:42 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-29 20:42 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-29 20:20 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-29 20:10 <DIR> --d----- c:\windows\system32\scripting
2009-03-29 20:10 <DIR> --d----- c:\windows\l2schemas
2009-03-29 20:10 <DIR> --d----- c:\windows\system32\en
2009-03-29 20:10 <DIR> --d----- c:\windows\system32\bits
2009-03-29 20:05 <DIR> --d----- c:\windows\network diagnostic
2009-03-29 00:18 <DIR> --d----- c:\program files\Trend Micro
2009-03-29 00:01 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-29 00:01 <DIR> --d----- c:\docume~1\heptus\applic~1\HouseCall 6.6
2009-03-28 23:45 1,152 a------- c:\windows\system32\windrv.sys
2009-03-28 23:44 <DIR> --d----- c:\docume~1\heptus\applic~1\GetRightToGo
2009-03-28 23:22 <DIR> --d----- c:\docume~1\heptus\applic~1\Malwarebytes
2009-03-28 23:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 17:47 <DIR> --d----- c:\program files\EA Games
2009-03-27 17:38 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-03-27 17:38 17,212 a------- c:\windows\system32\SIntf32.dll
2009-03-27 17:38 12,067 a------- c:\windows\system32\SIntf16.dll
2009-03-27 16:20 35,766 a------- c:\windows\DIIUnin.dat
2009-03-27 16:20 94,208 a------- c:\windows\DIIUnin.exe
2009-03-27 16:20 2,829 a------- c:\windows\DIIUnin.pif
2009-03-27 16:07 <DIR> --d----- c:\program files\Diablo II
2009-03-25 03:00 <DIR> --d----- c:\windows\system32\KB905474
2009-03-23 23:02 <DIR> --d----- c:\program files\Consumer Update Firmware
2009-03-17 20:42 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2009-03-17 20:42 444,776 a------- c:\windows\system32\d3dx10_35.dll
2009-03-17 20:42 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-03-17 20:42 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2009-03-17 20:42 443,752 a------- c:\windows\system32\d3dx10_34.dll
2009-03-17 20:42 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2009-03-17 20:42 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-03-13 22:50 <DIR> --d----- c:\program files\common files\DirectX
2009-03-13 22:31 <DIR> --d----- C:\AeriaGames
2009-03-12 13:10 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-12 13:10 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-12 13:10 <DIR> --d----- c:\windows\system32\Adobe
2009-03-12 13:04 <DIR> --d----- c:\program files\Steam

==================== Find3M ====================

2009-04-07 14:30 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-04-07 14:26 22,328 a------- c:\docume~1\heptus\applic~1\PnkBstrK.sys
2009-04-07 14:25 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-03-29 20:13 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-27 19:43 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-27 19:43 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-27 19:43 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-27 19:43 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-03-27 19:43 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-03-27 19:43 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-03-10 12:36 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-07 02:06 98,304 a------- c:\windows\system32CmdLineExt.dll
2009-03-06 02:22 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-03-06 02:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-03-06 02:21 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-03-06 01:55 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-03-06 01:55 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\ESLV53ZL.DAT
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\ZVLJV5NP.DAT
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\NVJVZ3F7.DAT
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\NVFBZ5JB.DAT
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\8H3NTRBB.DAT
2009-03-04 18:31 558,142 a------- c:\windows\java\packages\Q2357DB1.ZIP
2009-03-04 18:31 155,995 a------- c:\windows\java\packages\UE8RF7TJ.ZIP
2009-03-04 18:29 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 12:30:29.78 ===============

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:57 PM

Posted 13 April 2009 - 10:01 AM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

You have probably managed to remove the malware yourself with Malwarebytes' Anti-Malware

Can you update Malwarebytes' Anti-Malware and run a quick scan and then post the log. Also are you receiving any other problems?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 Joobyjub

Joobyjub
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 16 April 2009 - 08:37 PM

The only things I have done to my computer in an attempt to remove any potential malware, was the installation of AVG (full suite) and the installation of Malewarebytes Anti Maleware. Anyhow I ran MAM once again and it found nothing, but here's my DDS report anyway.


DDS (Ver_09-03-16.01) - NTFSx86
Run by heptus at 8:33:56.90 on Thu 04/16/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1026 [GMT -7:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zune\Zune.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\heptus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.penny-arcade.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Coast to Coast AM] c:\program files\coast to coast am media center\Coast to Coast AM Media Center.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\heptus\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: En&queue current page with BID - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Open current page with BID Link E&xplorer - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: {5E6F23E5-DB9A-4838-99CE-521BDCA919EC} = 192.168.15.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\heptus\applic~1\mozilla\firefox\profiles\gjudcdjk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.penny-arcade.com
FF - component: c:\documents and settings\heptus\application data\mozilla\firefox\profiles\gjudcdjk.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-3-4 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-4 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-4 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-4 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-27 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-3-27 1356616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-30 179856]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-5 24652]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-3-4 29208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-30 15504]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-30 38496]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-3-7 93184]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-3-4 29208]
S4 Dmm_utnccd;Dmm_utnccd; [x]

=============== Created Last 30 ================

2009-04-15 06:11 <DIR> --d----- c:\program files\common files\HP
2009-04-15 06:10 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-04-15 06:08 38,400 a------- c:\windows\system32\hpz3l054.dll
2009-04-15 06:08 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-15 06:08 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-15 06:08 282,680 a------- c:\windows\system32\HPZidr12.dll
2009-04-15 06:08 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-04-15 06:08 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-04-15 06:08 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-04-15 06:08 65,536 a------- c:\windows\system32\HPZinw12.exe
2009-04-15 06:08 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-04-15 06:07 <DIR> --d----- c:\program files\HP
2009-04-15 06:05 117,158 a------- c:\windows\hpoins11.dat
2009-04-15 06:05 49,664 a------- c:\windows\system32\drivers\HPZid412.sys
2009-04-15 06:05 16,496 a------- c:\windows\system32\drivers\HPZipr12.sys
2009-04-15 06:04 827,392 a------- c:\windows\system32\hpotiop2.dll
2009-04-15 06:04 659,456 a------- c:\windows\system32\hpowiax2.dll
2009-04-15 06:04 254,026 a------- c:\windows\system32\hpovst09.dll
2009-04-15 06:04 98,304 a------- c:\windows\system32\hpzjsn01.dll
2009-04-15 06:04 77,824 a------- c:\windows\system32\HPZIDS01.dll
2009-04-15 06:03 11,634 a------- c:\windows\hpomdl11.dat
2009-04-15 05:46 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-15 05:46 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-15 05:46 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-04-15 05:46 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-04-15 05:13 <DIR> --d----- c:\docume~1\heptus\applic~1\OpenOffice.org
2009-04-15 05:11 <DIR> --d----- c:\program files\JRE
2009-04-15 05:11 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-04-09 23:38 <DIR> --d-h--- c:\windows\PIF
2009-04-07 19:13 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-04-07 19:00 <DIR> --d----- c:\program files\Netflix
2009-04-07 18:44 189,784 a------- c:\windows\system32\PnkBstrB.xtr
2009-04-07 14:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\id Software
2009-04-05 03:05 <DIR> --d----- c:\documents and settings\heptus\Tracing
2009-04-05 03:00 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-05 02:57 <DIR> --d----- c:\program files\Microsoft
2009-04-05 02:55 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-30 13:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-30 13:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-30 13:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-30 13:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 13:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 20:50 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-29 20:43 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-29 20:42 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-29 20:42 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-29 20:42 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-29 20:42 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-29 20:42 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-29 20:42 <DIR> --d----- C:\879b874308817003d2a44dd945a5f917
2009-03-29 20:42 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-29 20:42 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-29 20:20 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-29 20:10 <DIR> --d----- c:\windows\system32\scripting
2009-03-29 20:10 <DIR> --d----- c:\windows\l2schemas
2009-03-29 20:10 <DIR> --d----- c:\windows\system32\en
2009-03-29 20:10 <DIR> --d----- c:\windows\system32\bits
2009-03-29 20:05 <DIR> --d----- c:\windows\network diagnostic
2009-03-29 00:18 <DIR> --d----- c:\program files\Trend Micro
2009-03-29 00:01 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-29 00:01 <DIR> --d----- c:\docume~1\heptus\applic~1\HouseCall 6.6
2009-03-28 23:45 1,152 a------- c:\windows\system32\windrv.sys
2009-03-28 23:44 <DIR> --d----- c:\docume~1\heptus\applic~1\GetRightToGo
2009-03-28 23:22 <DIR> --d----- c:\docume~1\heptus\applic~1\Malwarebytes
2009-03-28 23:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-27 17:47 <DIR> --d----- c:\program files\EA Games
2009-03-27 17:38 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-03-27 17:38 17,212 a------- c:\windows\system32\SIntf32.dll
2009-03-27 17:38 12,067 a------- c:\windows\system32\SIntf16.dll
2009-03-27 16:20 35,766 a------- c:\windows\DIIUnin.dat
2009-03-27 16:20 94,208 a------- c:\windows\DIIUnin.exe
2009-03-27 16:20 2,829 a------- c:\windows\DIIUnin.pif
2009-03-27 16:07 <DIR> --d----- c:\program files\Diablo II
2009-03-25 03:00 <DIR> --d----- c:\windows\system32\KB905474
2009-03-23 23:02 <DIR> --d----- c:\program files\Consumer Update Firmware
2009-03-21 07:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-03-17 20:42 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2009-03-17 20:42 444,776 a------- c:\windows\system32\d3dx10_35.dll
2009-03-17 20:42 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-03-17 20:42 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2009-03-17 20:42 443,752 a------- c:\windows\system32\d3dx10_34.dll
2009-03-17 20:42 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2009-03-17 20:42 81,768 a------- c:\windows\system32\xinput1_3.dll

==================== Find3M ====================

2009-04-12 06:54 138,944 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-12 06:53 189,784 a------- c:\windows\system32\PnkBstrB.exe
2009-04-07 14:30 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-04-07 14:26 22,328 a------- c:\docume~1\heptus\applic~1\PnkBstrK.sys
2009-04-07 14:25 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-03-29 20:13 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-27 19:43 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-27 19:43 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-27 19:43 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-27 19:43 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-03-27 19:43 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-03-27 19:43 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-03-10 12:36 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-07 02:06 98,304 a------- c:\windows\system32CmdLineExt.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 02:22 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-03-06 02:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-03-06 02:21 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-03-06 01:55 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-03-06 01:55 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\ESLV53ZL.DAT
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\ZVLJV5NP.DAT
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\NVJVZ3F7.DAT
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\NVFBZ5JB.DAT
2009-03-06 01:21 2,678 a------- c:\windows\java\packages\data\8H3NTRBB.DAT
2009-03-04 18:31 558,142 a------- c:\windows\java\packages\Q2357DB1.ZIP
2009-03-04 18:31 155,995 a------- c:\windows\java\packages\UE8RF7TJ.ZIP
2009-03-04 18:29 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-20 01:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 01:10 81,920 -------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-16 18:34 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-16 18:34 348,160 a------- c:\windows\system32\msvcr71.dll

============= FINISH: 8:34:29.32 ===============

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:57 PM

Posted 16 April 2009 - 09:22 PM

I know this seems like a nit pick, but could you please post the log from Malwarebytes' Anti-Malware, the last one and any other logs that showed a problem that was removed. There is more info there that it is clean.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 Joobyjub

Joobyjub
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 18 April 2009 - 08:30 PM

Sorry, I have not run combofix yet, however my Malewarebytes did recently pick up something (coolwebsearch or something like that) that I never even knew I had, but here is the log showing it was detected and cleaned.

Malwarebytes' Anti-Malware 1.36
Database version: 1999
Windows 5.1.2600 Service Pack 3

4/17/2009 10:17:09 PM
mbam-log-2009-04-17 (22-17-09).txt

Scan type: Full Scan (C:\|I:\|)
Objects scanned: 206020
Time elapsed: 2 hour(s), 0 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\iWin Games\iWinGamesHookIE.dll (Trojan.BHO) -> Delete on reboot.



And here is the most recent scan which shows everything is clean

Malwarebytes' Anti-Malware 1.36
Database version: 2002
Windows 5.1.2600 Service Pack 3

4/18/2009 8:22:07 AM
mbam-log-2009-04-18 (08-22-07).txt

Scan type: Full Scan (C:\|I:\|)
Objects scanned: 205828
Time elapsed: 47 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:57 PM

Posted 19 April 2009 - 09:16 AM

If you have not run combofix, don't worry about it. Go ahead and delete the file.

Instead Download and scan with Spybot S&D 1.6.0
http://www.safer-networking.org/en/download/index.html

1. Install Spybot. Be sure to UNCHECK TeaTimer when presented with the option to install.
2. Run Spybot, go to the Menu Bar at the top choose Mode and make certain that "Default mode" has a check mark beside it.
3. Click the button "Search for Updates".
4. If any updates are found, install them by placing a checkmark next to each one and clicking "Download Updates".If you encounter any error messages while downloading the updates, manually download them from here.
5. Click on "Immunize". When it detects what has or has not been blocked, block all remaining items by clicking the green plus sign next to immunize at the top.
6. Click the button "Check for Problems".
7. When Spybot is complete, it will be showing RED entries, bold BLACK entries and GREEN entries in the window.
8. Make certain there is a check mark beside all of the RED entries ONLY.
9. Choose "Fix Selected Problems" and allow Spybot to fix the RED entries.
10. When the fix is done, right click in the white area of the report and select save results to file. Save the file and the attach it to your next post.
11. REBOOT to complete the scan and clear memory.

Note: After Windows loads, Spybot may run again to clean some files that it could not clean during the prior session. Follow the same procedure.

The immunize feature is the main part that I want to make sure is run, so when you get ready to run it, make sure all your browser windows are closed, then run it.

After it has finished running, open your browser, and do some surfing and see if you get that popup again.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:12:57 PM

Posted 29 April 2009 - 11:30 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users