Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus infection. help!


  • Please log in to reply
3 replies to this topic

#1 ciaciachew

ciaciachew

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 21 October 2011 - 01:18 AM

Hi Guys,

Few days back, my anti virus software prompted me of virus:
trojan horse generic25.agge
trojan horse dropper.generic4.bjlx

Immediately i removed it from the virus vault.. update the anti virus and did a full scan..

The full scan didn't show any virus.

But today, avg prompted me the virus again.. I suspect there's really some virus infection on my PC.

Can anyone help me.. Realise that sometimes when i go to www.google.com, the i.e hangs.. but i don't have any other problem with other url.

thanks

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:18 PM

Posted 21 October 2011 - 04:01 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ciaciachew

ciaciachew
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 23 October 2011 - 12:35 AM

Hi,

Please refer to below log:

==
Security Check:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 18
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````
==

Mini Toolbox:
MiniToolBox by Farbar
Ran by hcchew (administrator) on 23-10-2011 at 11:39:33
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.autoconfig_url", <Apology, confidential>
"network.proxy.http", <Apology, confidential>
"network.proxy.http_port", 8080
"network.proxy.type", 1
========================= Hosts content: =================================

<Apology, confidential>

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=10.4.177.102 mask=255.255.255.0
set address name="Local Area Connection" gateway=10.4.177.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=10.4.27.7 register=PRIMARY
add dns name="Local Area Connection" addr=10.4.27.6 index=2
set wins name="Local Area Connection" source=static addr=none

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : chewelson Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-23-AE-38-27-E8Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® WiFi Link 5300 AGN Physical Address. . . . . . . . . : 00-21-6A-49-D7-F2 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 192.168.1.1 Lease Obtained. . . . . . . . . . : Sunday, October 23, 2011 11:38:07 AM Lease Expires . . . . . . . . . . : Monday, October 24, 2011 11:38:07 AMDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.235.48, 74.125.235.52, 74.125.235.51, 74.125.235.49
74.125.235.50

Pinging google.com [74.125.235.48] with 32 bytes of data:Reply from 74.125.235.48: bytes=32 time=10ms TTL=57Reply from 74.125.235.48: bytes=32 time=11ms TTL=57Ping statistics for 74.125.235.48: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 10ms, Maximum = 11ms, Average = 10msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 98.139.180.149, 209.191.122.70
67.195.160.76

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:Reply from 72.30.2.43: bytes=32 time=322ms TTL=57Reply from 72.30.2.43: bytes=32 time=242ms TTL=57Ping statistics for 72.30.2.43: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 242ms, Maximum = 322ms, Average = 282msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 23 ae 38 27 e8 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 21 6a 49 d7 f2 ...... Intel® WiFi Link 5300 AGN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.2 20
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 2 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/23/2011 11:35:56 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/22/2011 09:49:43 AM) (Source: Application Hang) (User: )
Description: Hanging application sqlplusw.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/22/2011 09:48:05 AM) (Source: Application Hang) (User: )
Description: Hanging application sqlplusw.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/18/2011 02:18:02 PM) (Source: Application Hang) (User: )
Description: Hanging application sqlplusw.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/18/2011 02:17:51 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/18/2011 02:17:43 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/18/2011 02:09:39 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/18/2011 09:36:25 AM) (Source: Microsoft Office 12) (User: )
Description: Faulting application outlook.exe, version 12.0.6423.1000, stamp 49b08185, faulting module msvcrt.dll, version 7.0.2600.5512, stamp 4802a188, debug? 0, fault address 0x000381cd.

Error: (10/13/2011 03:32:48 PM) (Source: Microsoft Office 12) (User: )
Description: Faulting application outlook.exe, version 12.0.6423.1000, stamp 49b08185, faulting module msvcrt.dll, version 7.0.2600.5512, stamp 4802a188, debug? 0, fault address 0x000381cd.

Error: (10/12/2011 06:41:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7047


System errors:
=============
Error: (10/23/2011 11:38:06 AM) (Source: DCOM) (User: hcchew)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (10/23/2011 11:37:45 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/23/2011 11:37:45 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/23/2011 11:37:45 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/23/2011 11:36:20 AM) (Source: Service Control Manager) (User: )
Description: The Dell ControlPoint Button Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/23/2011 09:41:13 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.4 for the Network Card with network address 00216A49D7F2 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (10/22/2011 09:22:19 AM) (Source: DCOM) (User: hcchew)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (10/22/2011 09:17:58 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2011 09:17:58 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/22/2011 09:17:58 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.


Microsoft Office Sessions:
=========================
Error: (10/18/2011 09:36:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6514.5001. This session lasted 887 seconds with 360 seconds of active time. This session ended with a crash.

Error: (10/13/2011 03:32:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6514.5001. This session lasted 21781 seconds with 4740 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================


2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
AUO Wizard (Version: 1.0.0)
AVG 2011 (Version: 10.0.1411)
AVG 2011 (Version: 10.0.1522)
BandLuxe HSDPA Utility R11 (Version: 1.10.0006)
Bonjour (Version: 2.0.4.0)
Broadcom Gigabit Integrated Controller (Version: 11.31.01)
CodeSite 3.0.1 Client Tools (Version: 3.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HDA D330 MDC V.92 Modem (Version: 7.75.00.51)
CutePDF Writer 2.8
Dell ControlPoint Connection Manager (Version: 1.1.1)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 7.2.101.215)
ExamDiff 1.8 (Build 1.8.0.7) (Version: 1.8.0.7)
HWiNFO32 Version 3.73 (Version: 3.73)
IDT Audio (Version: 1.0.6124.0)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software (Version: 12.00.4000)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 18 (Version: 6.0.180)
KeePass Password Safe 1.14 (Version: 1.14)
Knowledge Xpert for PLSQL V9.0 (Version: 8.0)
Lotus Notes 6.5.2 (Version: 6.52.4152)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Professional 2003 (Version: 11.0.3216.5614)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (Version: 9.00.1399.06)
Microsoft SQL Server 2005 Analysis Services (Version: 9.00.1399.06)
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.1054)
Microsoft SQL Server 2005 Books Online (English) (Version: 9.00.1399.06)
Microsoft SQL Server 2005 Integration Services (Version: 9.00.1399.06)
Microsoft SQL Server 2005 Notification Services (Version: 9.00.1399.06)
Microsoft SQL Server 2005 Tools (Version: 9.00.1399.06)
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Books Online (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Policies (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1600.1)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Browser (Version: 10.50.1600.1)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (Version: 3.5.8080.0)
Microsoft SQL Server Native Client (Version: 9.00.1399.06)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.1399.06)
Microsoft SQL Server System CLR Types (Version: 10.50.1600.1)
Microsoft SQL Server VSS Writer (Version: 10.50.1600.1)
Microsoft Sync Framework Runtime v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Services for ADO.NET v2.0 (x86) (Version: 2.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual Studio 2005 Premier Partner Edition - ENU (Version: 8.0.50727.42)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
Mobile Partner (Version: 16.002.03.03.203)
Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Oracle Data Provider for .NET Help (Version: 10.2.000)
Qexplain2full (Version: 6.0.5)
Quest Software Toad for Oracle Version 9.0
Quest SQL Tuning for Oracle (Version: SQL Tuning)
QuickTime (Version: 7.69.80.9)
Reflection X 9.0 (Version: 9.0.001)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (Version: 3.53.02)
Safari (Version: 5.33.21.1)
SQL Server 2008 R2 Analysis Services (Version: 10.50.1600.1)
SQL Server 2008 R2 BI Development Studio (Version: 10.50.1600.1)
SQL Server 2008 R2 Client Tools (Version: 10.50.1600.1)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1)
SQL Server 2008 R2 Full text search (Version: 10.50.1600.1)
SQL Server 2008 R2 Integration Services (Version: 10.50.1600.1)
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1)
SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SQLXML4 (Version: 9.00.1399.06)
TextPad 5 (Version: 5.3.1)
VPN Client
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows PowerShell™ 1.0 (Version: 2)
WinRAR 4.00 beta 5 (32-bit) (Version: 4.00.5)
WinSCP 4.2.7 (Version: 4.2.7)
Wisdom-soft Set up ScreenHunter 5.1 Free
Xming 6.9.0.31 (Version: 6.9.0.31)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 3539.09 MB
Available physical RAM: 2702.62 MB
Total Pagefile: 5420.93 MB
Available Pagefile: 4742.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:35.47 GB) (Free:8.75 GB) NTFS
2 Drive d: () (Fixed) (Total:39.05 GB) (Free:9.57 GB) NTFS

========================= Users: ========================================

User accounts for \\CHEWELSON

Administrator Guest hcchew
HelpAssistant SUPPORT_388945a0


**** End of log ****

==


Malware:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8003

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/23/2011 11:47:44 AM
mbam-log-2011-10-23 (11-47-44).txt

Scan type: Quick scan
Objects scanned: 173634
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\hcchew\application data\9B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


==



GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-23 13:30:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST980313 rev.0003
Running: rtb4iegm.exe; Driver: C:\DOCUME~1\hcchew\LOCALS~1\Temp\uwlyipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBA471738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xBA4717DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBA471878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBA471914]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

==

thanks

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:18 PM

Posted 23 October 2011 - 10:17 AM

Was this your edit?
<Apology, confidential>

Does AVG give you any file name and location of the apparent infection?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users