|
| |||||||
 |
 |
| | Thread Tools |
|
#1
15th Mar 2009, 18:14
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! Found a trojan or something in MBAM. Thanks. Malwarebytes' Anti-Malware 1.31 Database version: 1495 Windows 5.1.2600 Service Pack 3 3/15/2009 8:39:48 PM mbam-log-2009-03-15 (20-39-41).txt Scan type: Quick Scan Objects scanned: 61087 Time elapsed: 21 minute(s), 31 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\svchost.exe (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:46:49 PM, on 3/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Free Desktop Clock\DesktopClock.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Garmin\ANT Agent\ANT Agent.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\drivers\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4061002 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-21-1206202269-1744925342-3452710213-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1206202269-1744925342-3452710213-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-21-1206202269-1744925342-3452710213-1006\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe (User '?') O4 - HKUS\S-1-5-21-1206202269-1744925342-3452710213-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User '?') O4 - HKUS\S-1-5-21-1206202269-1744925342-3452710213-1006\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe (User '?') O4 - HKUS\S-1-5-21-1206202269-1744925342-3452710213-1006\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User '?') O4 - HKUS\S-1-5-21-1206202269-1744925342-3452710213-1006\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe (User '?') O4 - HKUS\S-1-5-21-1206202269-1744925342-3452710213-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229742173692 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O24 - Desktop Component 0: (no name) - http://gamercard.xbox.com/kevin781.card -- End of file - 10839 bytes |
|
#2
15th Mar 2009, 19:46
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! Everything in the MBAM log says No action taken. Please run it again and have it fix everything it finds. After that is complete. Download random's system information tool (RSIT) by random/random from and save it to your Desktop.
__________________  |
|
#3
16th Mar 2009, 10:13
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! When I try to run RSIT, I get an error that says "Incorrect number of parameters in function call." I have tried re-installing but it still fails to work. |
|
#4
16th Mar 2009, 10:21
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! Please download from DDS by sUBs and save it to your Desktop. Vista users. Right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
__________________ |
|
#5
16th Mar 2009, 10:48
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! DDS (Ver_09-03-16.01) - NTFSx86 Run by Kevin Young at 13:47:53.92 on Mon 03/16/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11 ============== Running Processes =============== ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/?src=aim uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\sw g.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [SkinClock] c:\program files\free desktop clock\DesktopClock.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe uRun: [ANT Agent] c:\garmin\ant agent\ANT Agent.exe uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.ex e" -launchedbylogin StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ado ber~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229742173692 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = :\WINDOW ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\keviny~1\applic~1\mozilla\firefox\prof iles\mn4a3uh9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search= yesab&query= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\kevin young\application data\mozilla\firefox\profiles\mn4a3uh9.default\ext ensions\moveplayer@movenetworks.com\platform\winnt _x86-msvc\plugins\npmnqmp07076007.dll FF - plugin: c:\documents and settings\kevin young\local settings\application data\octoshape\octoshape streaming services\octoprogram-l03-nms0808270_sua_900\npoctoshape.dll FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-03-15 20:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-03-15 20:41 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-03-15 20:41 <DIR> --d----- c:\docume~1\keviny~1\applic~1\SUPERAntiSpyware.com 2009-03-12 14:04 <DIR> --dsh--- C:\found.001 2009-03-09 22:21 248,625 a------- C:\1280x1024.jpg 2009-03-01 13:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM 2009-02-27 17:34 306,688 a------- c:\windows\IsUninst.exe 2009-02-26 23:31 <DIR> --d----- c:\program files\common files\Vbox 2009-02-26 23:31 16,384 a------- c:\windows\system32\FileOps.exe 2009-02-26 23:31 <DIR> --d----- c:\windows\system32\Adobe 2009-02-26 23:29 <DIR> --d----- C:\Adobe Illustrator Installer 2009-02-21 13:14 <DIR> --d----- C:\MyAudio 2009-02-21 13:14 <DIR> --d----- c:\program files\AoA Audio Extractor ==================== Find3M ==================== 2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys 2009-02-03 14:11 10,520 a------- c:\windows\system32\avgrsstx.dll 2009-02-03 14:11 325,128 a------- c:\windows\system32\drivers\avgldx86.sys 2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll 2009-01-07 11:28 453,152 a------- c:\windows\system32\NVUNINST.EXE 2008-12-19 05:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 05:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 01:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe 2008-12-19 01:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2007-01-03 23:16 0 a------- c:\docume~1\keviny~1\applic~1\wklnhst.dat 2007-05-31 14:25 88 ---shr-- c:\windows\system32\DE744B18AA.sys 2007-05-31 14:25 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-08-18 21:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080 819\index.dat ============= FINISH: 13:48:08.57 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-03-16.01) ==== Disk Partitions ========================= ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) AC3Filter (remove only) Adobe AIR Adobe Anchor Service CS3 Adobe Anchor Service CS4 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge CS4 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps CS4 Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS3 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS4 Adobe Linguistics CS3 Adobe Linguistics CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS3 Adobe Reader 7.1.0 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Shockwave Player Adobe Stock Photos CS3 Adobe SVG Viewer 3.0 Adobe Type Support CS4 Adobe Update Manager CS3 Adobe Update Manager CS4 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AIM MusicLink 2.1.0.5 AIM Toolbar 5.0 AoA Audio Extractor 1.0 AOL Coach Version 1.0(Build:20040229.1 en) AOL Connectivity Services AOL Uninstaller (Choose which Products to Remove) AOLIcon Apple Mobile Device Support Apple Software Update Audacity 1.2.6 AutoUpdate AVG Free 8.0 Belkin 54g USB Network Adapter Bonjour Business Contact Manager for Outlook 2007 SP1 CCleaner (remove only) Conexant D850 56K V.9x DFVc Modem Connect Critical Update for Windows Media Player 11 (KB959772) Dell CinePlayer Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Support 3.1 Dell System Restore Digital Content Portal Digital Line Detect DivX Codec DivX Converter DivX Player DivX Web Player Documentation & Support Launcher EarthLink setup files EducateU ELIcon Free Desktop Clock 2.2 Games, Music, & Photos Launcher Garmin ANT Agent 2.1.7 Garmin WebUpdater GDR 3077 for SQL Server Database Services 2005 ENU (KB960089) GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089) Golf Swing Studio V1.0 Golf Swing Studio V1.0 (C:\Program Files\Golf Swing Studio\) Google Desktop Google Updater High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Intel(R) Matrix Storage Manager Intel(R) PRO Network Connections Intel(R) Quick Resume Technology Drivers Intel® Viiv™ Software Internet Service Offers Launcher iTunes Java(TM) 6 Update 11 Java(TM) 6 Update 7 KC Softwares VideoInspector kuler Learn2 Player (Uninstall Only) Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Accounting 2008 Microsoft Office Accounting 2008 Equifax Addin Microsoft Office Accounting 2008 Fixed Asset Manager Microsoft Office Accounting 2008 PayPal Addin Microsoft Office Accounting ADP Payroll Addin Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Professional 2007 Trial Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C Runtime Microsoft Visual C++ 2005 Redistributable Microsoft Works MobileMe Control Panel Modem Helper Mozilla Firefox (3.0.7) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser NetWaiting NetZeroInstallers Norton Security Scan Norton Security Scan (Symantec Corporation) NVIDIA Drivers NVIDIA PhysX OpenOffice.org Installer 1.0 Otto PDF Settings CS4 Photoshop Camera Raw QuickTime Rhapsody Player Engine Roxio MyDVD LE Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Sonic Activation Module Sonic Encoders Sonic Update Manager Suite Shared Configuration CS4 System Requirements Lab TI Connect 1.6 Trend Micro PC-cillin Internet Security 12 Update for Microsoft Office Outlook 2007 (KB952142) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb962871) Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update Rollup 2 for Windows XP Media Center Edition 2005 Ventrilo Client WebCyberCoach 3.2 Dell WebFldrs XP Windows Communication Foundation Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows Media Player 11 Windows Media Player Firefox Plugin Windows Movie Maker 2.0 Windows Presentation Foundation Windows Workflow Foundation Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 ==== End Of File =========================== |
|
#6
16th Mar 2009, 10:53
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix ---------- Uninstall:
Be sure to close all browser windows before beginning the install. Remove the old version(s) Download JavaRa
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
__________________ |
|
#7
16th Mar 2009, 13:41
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! ComboFix 09-03-15.01 - Kevin Young 2009-03-16 16:11:52.2 - NTFSx86 Running from: c:\documents and settings\Kevin Young\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 ))))))))))))))))))))))))))))))) . 2009-03-15 20:42 . 2009-03-15 20:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-03-15 20:41 . 2009-03-16 13:10 <DIR> d-------- c:\program files\SUPERAntiSpyware 2009-03-15 20:41 . 2009-03-16 13:10 <DIR> d-------- c:\documents and settings\Kevin Young\Application Data\SUPERAntiSpyware.com 2009-03-12 14:04 . 2009-03-12 14:04 <DIR> d--hs---- C:\found.001 2009-03-11 22:13 . 2009-03-11 22:13 1,374 --a------ c:\windows\imsins.BAK 2009-03-09 22:21 . 2009-03-09 22:21 248,625 --a------ C:\1280x1024.jpg 2009-03-01 13:49 . 2009-03-01 13:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM 2009-03-01 13:46 . 2009-03-01 13:46 <DIR> d-------- c:\program files\Adobe Media Player 2009-03-01 13:45 . 2009-03-01 13:45 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-03-01 11:14 . 2009-03-01 13:33 <DIR> d-------- c:\documents and settings\Kevin Young\Application Data\Download Manager 2009-02-27 17:34 . 1998-10-29 17:45 306,688 --a------ c:\windows\IsUninst.exe 2009-02-26 23:31 . 2009-02-26 23:31 <DIR> d-------- c:\windows\system32\Adobe 2009-02-26 23:31 . 2009-02-26 23:31 <DIR> d-------- c:\program files\Common Files\Vbox 2009-02-26 23:31 . 2001-10-26 18:16 16,384 --a------ c:\windows\system32\FileOps.exe 2009-02-26 23:29 . 2009-02-26 23:29 <DIR> d-------- C:\Adobe Illustrator Installer 2009-02-21 13:14 . 2009-03-15 10:17 <DIR> d-------- c:\program files\AoA Audio Extractor 2009-02-21 13:14 . 2009-03-15 10:24 <DIR> d-------- C:\MyAudio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-03-16 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-16 17:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-16 00:13 --------- d-----w c:\documents and settings\Kevin Young\Application Data\uTorrent 2009-03-15 22:00 --------- d-----w c:\program files\Norton Security Scan 2009-03-15 22:00 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-12 18:26 --------- d-----w c:\program files\Common Files\AOL 2009-03-12 18:26 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-03-12 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-01 17:48 --------- d-----w c:\program files\Common Files\Adobe 2009-02-27 21:17 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-23 18:36 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-02-11 23:17 --------- d-----w c:\program files\Microsoft SQL Server 2009-02-03 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8 2009-02-03 18:11 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-27 17:58 --------- d-----w c:\program files\Common Files\Elecard 2007-01-04 03:16 0 ----a-w c:\documents and settings\Kevin Young\Application Data\wklnhst.dat 2008-10-14 23:40 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-05-31 18:25 88 --sh--r c:\windows\system32\DE744B18AA.sys 2007-05-31 18:25 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-08-19 01:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080 819\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "SkinClock"="c:\program files\Free Desktop Clock\DesktopClock.exe" [2006-10-01 334848] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-06-26 68856] "ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2008-09-02 8203352] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-14 29744] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-03 1601304] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-01-15 86016] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712] "nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-03 14:11 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp] --a------ 2004-04-01 16:51 1589248 c:\dell\DellHelp\DellHelp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] --a------ 2005-10-05 04:12 94208 c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-10-14 19:39 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2006-07-06 08:15 151552 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 11:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 11:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2009-01-15 08:19 13680640 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM] --a------ 2006-04-11 19:39 176201 c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe] --a------ 2005-08-30 17:36 823362 c:\program files\Trend Micro\Internet Security 12\pccguide.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2006-07-24 18:20 282624 c:\windows\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "5353:TCP"= 5353:TCP:Adobe CSI CS4 R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-14 29744] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-02-03 325128] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-03 298264] S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312] S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXP Flt.sys [2007-09-17 202768] S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-30 290889] S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-08-30 585792] S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpr eflt.sys [2007-09-17 35856] S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-08-30 262215] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272] --- Other Services/Drivers In Memory --- *Deregistered* - adfs *Deregistered* - AegisP *Deregistered* - AFD *Deregistered* - ALG *Deregistered* - AOL ACS *Deregistered* - Apple Mobile Device *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - avg8wd *Deregistered* - AvgLdx86 *Deregistered* - AvgMfx86 *Deregistered* - BcmSqlStartupSvc *Deregistered* - Beep *Deregistered* - Belkin Wireless USB Network Adapter Service *Deregistered* - Bonjour Service *Deregistered* - Browser *Deregistered* - Cdfs *Deregistered* - COMSysApp *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmio *Deregistered* - dmload *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - ehRecvr *Deregistered* - ehSched *Deregistered* - ELService *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fax *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - gusvc *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - HTTP *Deregistered* - i2omgmt *Deregistered* - IAANTMON *Deregistered* - ImapiService *Deregistered* - IpNat *Deregistered* - iPod Service *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - Kbdclass *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - McrdSvc *Deregistered* - MDM *Deregistered* - mdmxsdk *Deregistered* - mnmdd *Deregistered* - Mouclass *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - MSSQL$MSSMLBIZ *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - NVSvc *Deregistered* - PartMgr *Deregistered* - PcCtlCom *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - rdpdr *Deregistered* - RemoteRegistry *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - SQLWriter *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - tm_cfw *Deregistered* - Tmfilter *Deregistered* - Tmntsrv *Deregistered* - TmPfw *Deregistered* - Tmpreflt *Deregistered* - tmproxy *Deregistered* - tmtdi *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - Vsapint *Deregistered* - w32time *Deregistered* - Wanarp *Deregistered* - wanatw *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1cd82bd2-688a-11dd-a80e-00173f13b137}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{677cb2b4-5270-11dc-a6a1-00173f13b137}] \Shell\AutoRun\command - E:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{88366e40-cd46-11dd-a8c3-00173f13b137}] \Shell\AutoRun\command - ab31.exe \Shell\explore\Command - ab31.exe \Shell\open\Command - ab31.exe . Contents of the 'Scheduled Tasks' folder 2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-15 c:\windows\Tasks\Norton Security Scan for Kevin Young.job - c:\program files\Norton Security Scan\Nss.exe [2009-03-11 20:20] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-DLA - c:\windows\System32\DLA\DLACTRLW.EXE . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=aim uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Kevin Young\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search= yesab&query= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\Kevin Young\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp07076007.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-16 16:17:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(884) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\nvsvc32.exe c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\progra~1\TRENDM~1\INTERN~1\pccguide.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************** ************************ . Completion time: 2009-03-16 16:23:09 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-16 20:23:07 Pre-Run: 209,483,907,072 bytes free Post-Run: 209,572,769,792 bytes free 361 --- E O F --- 2009-03-15 03:24:37 |
|
#8
16th Mar 2009, 14:05
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: :Processes
explorer.exe
:reg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88366e40-cd46-11dd-a8c3-00173f13b137}]
:files
C:\found.001
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
* Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. ---------- After posting the OTMoveIt3 log... Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
 Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
__________________ |
|
#9
16th Mar 2009, 17:35
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! ========== PROCESSES ========== Process explorer.exe killed successfully. ========== REGISTRY ========== ========== FILES ========== C:\found.001 moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\KEVINY~1\LOCALS~1\Temp\etilqs_cGlFMwz9 5Ogs8ASJLaeu scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_85c.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\url classifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\XUL .mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03162009_173347 Files moved on Reboot... File C:\DOCUME~1\KEVINY~1\LOCALS~1\Temp\etilqs_cGlFMwz9 5Ogs8ASJLaeu not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_85c.dat not found! C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_001_ moved successfully. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_002_ moved successfully. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_003_ moved successfully. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\url classifier3.sqlite moved successfully. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\XUL .mfl moved successfully. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, March 16, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, March 16, 2009 19:44:01 Records in database: 1917679 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ Scan statistics: Files scanned: 105752 Threat name: 1 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 02:07:48 File name / Threat name / Threats count C:\Program Files\Trend Micro\Internet Security 12\Quarantine\32.tmp Infected: EICAR-Test-File 1 C:\Program Files\Trend Micro\Internet Security 12\Quarantine\33.tmp Infected: EICAR-Test-File 1 The selected area was scanned. |
|
#10
16th Mar 2009, 17:56
| |||
| |||
| HJT and MBAM Reveal Infections, Help Evilfantasy! Empty the Trend Micro Quarantine. How is the computer running now?
__________________ |
|
| |
| Bookmarks |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Malware Infections (Ron T001Precisead) | Elzi | Virus, Spyware & Security | 8 | 19th Sep 2009 14:31 |
| Programs Missing Executables, MBAM/SAS Won't Run on Reboot | endoyaru | Virus, Spyware & Security | 2 | 25th Aug 2009 10:50 |
| Damage done following virus infections - registry errors, among others | amy | Virus, Spyware & Security | 16 | 1st Feb 2009 14:16 |
| MBAM Errors | mbossardet | Virus, Spyware & Security | 1 | 8th Jan 2009 13:22 |
| MBAM reveals Infections | inflames | Virus, Spyware & Security | 13 | 15th Dec 2008 20:06 |
| Thread Tools | |
| |
