Ute
Members-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Ute
-
Greetings Elise, Have updated Adobe reader. After thinking about it, can almost guarantee that somewhere along my browsing I viewed and downloaded several .pdf files recently. Probably where and how I got infected... Here is the mbam log you requested: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.18.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: KATHY [administrator] 5/18/2012 12:29:56 PM mbam-log-2012-05-18 (12-29-56).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 327488 Time elapsed: 1 hour(s), 1 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thanks again for all your help. Ute
-
Greetings, I have zipped the attach.txt file as requested. Let me know if there are any problems with accessing it. No problems so far...I think things are OK. Thank you, Ute attach.zip
-
Greetings, Here is the ComboFix Log: ComboFix 12-05-13.03 - Owner 05/13/2012 12:29:18.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1297 [GMT -7:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 ))))))))))))))))))))))))))))))) . . 2012-05-11 16:28 . 2012-05-11 16:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-11 16:21 . 2012-05-11 16:21 -------- d-----w- c:\program files\TDSS KILLER 2012-04-25 21:37 . 2012-04-25 21:37 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 21:37 . 2012-04-25 21:37 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-25 21:37 . 2012-04-25 21:37 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-04-22 20:25 . 2012-04-22 22:52 -------- d-----w- C:\Downloads 2012-04-22 20:22 . 2012-04-25 03:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Free Download Manager 2012-04-22 20:22 . 2012-04-22 20:22 -------- d-----w- c:\program files\Free Download Manager . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 07:54 . 2012-04-03 17:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 07:54 . 2011-05-19 15:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:14 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2012-02-18 15:33 . 2010-05-03 18:16 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-18 15:33 . 2008-09-26 03:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-25 21:37 . 2012-02-09 01:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056] "Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTHelper"="CTHELPER.EXE" [2004-03-19 24576] "CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-13 296056] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464] "NvMediaCenter"="NvMCTray.dll" [2012-02-10 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-09 08:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\SecondLife\\SLVoice.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\SecondLife\\SecondLife.exe"= "c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Cryptic Studios\\Star Trek Online\\Live\\GameClient.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "57019:TCP"= 57019:TCP:*:Disabled:Pando Media Booster "57019:UDP"= 57019:UDP:*:Disabled:Pando Media Booster "57488:TCP"= 57488:TCP:Pando Media Booster "57488:UDP"= 57488:UDP:Pando Media Booster . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 295248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2/21/2012 7:35 PM 2348352] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2011 8:36 PM 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 10:40 AM 257696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2011 8:36 PM 136176] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 2:37 PM 129976] . Contents of the 'Scheduled Tasks' folder . 2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:54] . 2012-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-27 03:36] . 2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-27 03:36] . 2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-162531612-1801674531-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:55] . 2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-162531612-1801674531-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:55] . 2012-05-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-162531612-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 23:14] . 2012-05-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-162531612-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 23:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk Trusted Zone: aol.com\free TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8d6h5d3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-13 12:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(864) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1364) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-05-13 12:37:25 ComboFix-quarantined-files.txt 2012-05-13 19:37 ComboFix2.txt 2012-05-11 22:35 . Pre-Run: 54,154,493,952 bytes free Post-Run: 54,216,708,096 bytes free . - - End Of File - - 5D72BB71091446C310E4F11BEA4B081A Thankyou, Ute
-
First, let me say "Thank you, Elise," for your response. I know you volunteer to help folks like me with computer malware. Her is the dds.txt: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by Owner at 11:53:37 on 2012-05-13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1118 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [updReg] c:\windows\UpdReg.EXE mRun: [sBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe /r mRun: [CTHelper] CTHELPER.EXE mRun: [CTDVDDET] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: aol.com\free DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213492015515 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{A640C912-16F6-43B5-A971-47012180ECD8} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\i8d6h5d3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\videolan\vlc2012\vlc\npvlc.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-21 2348352] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 257696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-26 136176] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976] . =============== Created Last 30 ================ . 2012-05-12 17:03:49 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes 2012-05-12 17:03:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-12 17:03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-12 17:03:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-05-11 22:56:33 -------- d-----w- c:\program files\ESET 2012-05-11 22:20:53 -------- d-sha-r- C:\cmdcons 2012-05-11 16:28:24 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-11 16:21:11 -------- d-----w- c:\program files\TDSS KILLER 2012-04-25 21:37:22 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 21:37:17 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-04-25 21:37:17 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-04-22 20:25:52 -------- d-----w- C:\Downloads 2012-04-22 20:22:53 -------- d-----w- c:\documents and settings\owner\application data\Free Download Manager 2012-04-22 20:22:46 -------- d-----w- c:\program files\Free Download Manager . ==================== Find3M ==================== . 2012-05-05 07:54:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 07:54:04 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec 2012-02-22 02:32:42 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-02-22 02:32:42 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-02-22 02:32:31 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-02-18 15:33:36 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-02-18 15:33:36 472808 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 11:53:54.92 =============== Regards, Ute
-
Greetings, After tunning my normal AVG scan this morning it came back with "C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\i8d6h5d3.default\urlclassifier3.sqlite-journal";"Hidden file";"Object is inaccessible." I did a search for this threat and found this link to your site: http://forums.malwarebytes.org/index.php?showtopic=95704 I pretty much followed the list of things to do and when I got to the part about ESET Scan also got the following: C:\Documents and Settings\Owner\My Documents\Downloads\media.player.codec.pack.v4.0.2.setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined C:\System Volume Information\_restore{99D6B6C8-B032-4CAB-A1B3-6A052314E79C}\RP950\A0221272.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined Now I'm completely spooked and not sure if my computer is clean or not. I have a router and use the free AVG as my anti-virus protection. I'd appreciate any help or suggestions you may have. I also can post logs of scan results if you need those as well. Thanks in advance for any assistance you are ableto provide! Regards, Ute