Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by the antivirus 360


  • This topic is locked This topic is locked
2 replies to this topic

#1 introuble123

introuble123

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 03 June 2009 - 08:57 PM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Tamara at 23:04:41.73 on Wed 06/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.11 [GMT -2.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tamara\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Research: {0b014b81-4e12-46f9-806f-55867af8fd3c} - c:\windows\system32\winsystems.dll
BHO: ShoppingReport: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
BHO: {39785784-55c1-4c60-9bff-cf2bd257e120} - c:\windows\system32\geBqQIAR.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnkKEtR.dll
BHO: {db9a916a-2ab5-1c3b-7de4-14a13331e22a}: {a22e1333-1a41-4ed7-b3c1-5ba2a619a9bd} - c:\windows\system32\ctzvxe.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {B7D3E479-CC68-42B5-A338-938ECE35F419} - No File
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [acid chic] c:\docume~1\tamara\applic~1\oncelog\debugknob.exe
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [98346857450511479851681625355729] c:\program files\antivirus 2009\av360.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [MotiveReportAgent] "c:\program files\common files\motive\mccibootstrapper.exe" /url="-appkey=motive -windowcontext=reportagent -url=file://c:\program files\common files\motive\reportagent.html" /browsertype=custommsie /browserpath="c:\program files\common files\motive\MotiveBrowser.exe" /hidden
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Blubster] c:\program files\blubster\Blubster.exe SILENT
mRun: [Bat Wave Base Dale] c:\documents and settings\all users.windows\application data\link axis bat wave\Tool Manager.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxsrvc.dll
Notify: pmnkKEtR - pmnkKEtR.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnkKEtR.dll
SEH: {0db00f52-e7da-f02a-7224-371e7600cffe}: {effc0067-e173-4227-a20f-ad7e25f00bd0} - c:\windows\system32\ctzvxe.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\geBqQIAR

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-03 22:21 <DIR> --d----- c:\windows\47D5D869FE574F2FA35883CFAA7B4968.TMP
2009-06-03 21:56 <DIR> --d----- c:\program files\Oncelog
2009-06-03 21:55 120,832 a------- c:\windows\system32\ctzvxe.dll
2009-06-03 21:55 120,832 a------- c:\windows\system32\ofpxnsfe.dll
2009-06-03 21:47 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-06-03 21:47 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-03 21:47 20,992 ac------ c:\windows\system32\dllcache\hid.dll
2009-06-03 21:47 20,992 a------- c:\windows\system32\hid.dll
2009-06-02 19:44 143 a------- c:\windows\system32\mcrh.tmp

==================== Find3M ====================

2009-06-03 23:05 2,561 a--sh--- c:\windows\system32\RAIQqBeg.ini2

============= FINISH: 23:07:59.62 ===============

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:06 PM

Posted 04 June 2009 - 10:48 PM

Hello introuble123,


Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.



Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:06 PM

Posted 16 June 2009 - 10:00 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users