Jump to content

Carya

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Carya
    Thank you very much. You've been a tremendous help. Have a good day.
  2. Carya
    Here it is again. I did upload the file you asked for. No idea why it has a different name there. In case it's hard to read, the one result there is for a Win32.TrojanHorse under eSafe. I am not gettting the Live Security Platinum popups any more, though. SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516 File name: tini.sys Detection ratio: 1 / 40 Analysis date: 2012-07-31 23:28:54 UTC ( 2 days, 1 hour ago ) 0 6 More details Antivirus Result Update AhnLab-V3 - 20120731 AntiVir - 20120731 Antiy-AVL - 20120727 Avast - 20120731 AVG - 20120731 BitDefender - 20120731 ByteHero - 20120723 CAT-QuickHeal - 20120731 ClamAV - 20120801 Commtouch - 20120731 Comodo - 20120731 DrWeb - 20120801 Emsisoft - 20120731 eSafe Win32.TrojanHorse 20120731 ESET-NOD32 - 20120731 F-Prot - 20120731 Fortinet - 20120731 GData - 20120731 Ikarus - 20120731 Jiangmin - 20120731 K7AntiVirus - 20120731 Kaspersky - 20120731 McAfee - 20120801 McAfee-GW-Edition - 20120731 Microsoft - 20120731 Norman - 20120731 nProtect - 20120731 Panda - 20120731 Rising - 20120731 Sophos - 20120801 SUPERAntiSpyware - 20120731 Symantec - 20120801 TheHacker - 20120730 TotalDefense - 20120731 TrendMicro - 20120801 TrendMicro-HouseCall - 20120801 VBA32 - 20120731 VIPRE - 20120731 ViRobot - 20120731 VirusBuster - 20120731
  3. Carya
    Here's the ComboFix log. I couldn't disable Avira so I had to uninstall it. My computer seems to be working normally at the moment. ComboFix 12-07-31.03 - Kim 08/02/2012 19:15:07.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1067 [GMT -4:00] Running from: c:\documents and settings\Kim\Desktop\ComboFix.exe FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\036E1BA60000FAA100001A577B07D287 c:\documents and settings\All Users\Application Data\036E1BA60000FAA100001A577B07D287\036E1BA60000FAA100001A577B07D287 c:\documents and settings\All Users\Application Data\036E1BA60000FAA100001A577B07D287\036E1BA60000FAA100001A577B07D287.exe c:\documents and settings\All Users\Application Data\036E1BA60000FAA100001A577B07D287\036E1BA60000FAA100001A577B07D287.ico c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk c:\documents and settings\Kim\Application Data\macsri.dll c:\documents and settings\Kim\WINDOWS c:\windows\EventSystem.log c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))))) . . 2012-08-02 21:38 . 2012-08-02 21:38 54016 ----a-w- c:\windows\system32\drivers\yugouo.sys 2012-08-02 19:34 . 2012-08-02 19:34 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2012-08-02 17:28 . 2012-08-02 17:28 -------- d-----w- c:\documents and settings\Kim\Local Settings\Application Data\{67F2B0BF-DCC7-11E1-8270-B8AC6F996F26} 2012-07-30 23:12 . 2009-04-30 22:23 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL 2012-07-30 23:11 . 2012-07-30 23:11 -------- d-----w- c:\program files\Realtek 2012-07-30 23:11 . 2009-06-24 14:43 831488 ----a-w- c:\windows\RtlExUpd.dll 2012-07-30 20:25 . 2012-07-30 20:25 -------- d-----w- c:\program files\iPod 2012-07-30 20:25 . 2012-07-30 20:27 -------- d-----w- c:\program files\iTunes 2012-07-30 20:10 . 2012-07-30 20:11 -------- d-----w- c:\program files\QuickTime 2012-07-15 04:38 . 2012-08-02 17:10 -------- d-----w- c:\documents and settings\Kim\Application Data\Skype 2012-07-15 04:37 . 2012-07-15 04:38 -------- d-----r- c:\program files\Skype 2012-07-15 04:37 . 2012-07-15 04:37 -------- d-----w- c:\program files\Common Files\Skype 2012-07-15 04:37 . 2012-07-15 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2012-07-14 06:27 . 2012-07-14 06:27 -------- d-----w- c:\windows\system32\Adobe 2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 22:32 . 2012-04-07 11:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-02 22:32 . 2011-05-17 15:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 17:46 . 2010-05-03 20:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:19 . 2008-04-26 00:05 1866112 ------w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2008-04-26 00:05 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2008-04-26 00:05 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-04-26 00:05 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 19:19 . 2008-04-26 01:48 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19 . 2008-04-26 01:48 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19 . 2008-04-26 00:15 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 19:19 . 2008-04-26 00:15 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19 . 2008-04-26 00:15 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 19:19 . 2009-11-18 15:33 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19 . 2008-04-26 01:48 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 19:19 . 2008-04-26 00:15 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 19:19 . 2008-04-26 00:15 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 19:19 . 2008-04-26 00:05 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 19:19 . 2008-04-26 01:48 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:19 . 2008-04-26 00:15 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 19:19 . 2008-04-26 00:15 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 19:18 . 2010-02-13 17:14 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18 . 2010-02-13 17:14 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 19:18 . 2010-02-13 17:14 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2008-04-26 00:05 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2008-04-26 00:05 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42 . 2008-04-26 00:05 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2008-04-26 00:05 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2008-04-26 00:05 385024 ------w- c:\windows\system32\html.iec 2008-02-08 01:46 . 2008-02-08 01:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-02-08 01:46 . 2008-02-08 01:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-02-08 01:46 . 2008-02-08 01:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-02-08 01:46 . 2008-02-08 01:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-02-08 01:46 . 2008-02-08 01:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-02-08 01:46 . 2008-02-08 01:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-02-08 01:46 . 2008-02-08 01:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-03-16 21:27 . 2007-03-16 21:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2007-03-16 21:27 . 2007-03-16 21:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2007-03-16 21:27 . 2007-03-16 21:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2007-07-20 16:47 . 2007-07-20 16:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-02-08 01:46 . 2008-02-08 01:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2012-07-18 11:26 . 2011-04-30 17:33 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kim\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kim\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kim\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kim\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "CrossRiderPlugin"="c:\program files\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-14 12669544] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-14 110184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944] "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X] . c:\documents and settings\Kim\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Dropbox.lnk - c:\documents and settings\Kim\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [4/28/2008 2:05 PM 120832] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/11/2010 2:37 AM 691696] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 10:44 AM 27016] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/12/2010 12:12 PM 225856] R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [9/8/2011 8:14 PM 23608] R4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys --> c:\windows\system32\DRIVERS\avkmgr.sys [?] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 10:44 AM 497280] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [6/10/2009 5:41 AM 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [6/10/2009 5:41 AM 166384] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 7:24 AM 250056] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/30/2009 9:55 AM 1684736] S3 GSService;GSService;c:\windows\system32\GSService.exe [9/1/2011 10:12 AM 450048] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 12:42 PM 113120] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/25/2008 8:05 PM 14336] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/10/2009 5:40 AM 1124848] S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [9/8/2011 8:14 PM 244736] . --- Other Services/Drivers In Memory --- . *Deregistered* - avipbb *Deregistered* - ssmdrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:32] . 2012-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57] . . ------- Supplementary Scan ------- . uStart Page = www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: cbs.com\www TCP: DhcpNameServer = 192.168.1.1 DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - ProfilePath - c:\documents and settings\Kim\Application Data\Mozilla\Firefox\Profiles\3unxlj3q.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . BHO-{fa1f57f9-b03d-4c8d-8949-0441b5ac8b25} - (no file) HKLM-Run-macsri - c:\documents and settings\Kim\Application Data\macsri.dll SafeBoot-klmdb.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-02 19:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(728) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . - - - - - - - > 'lsass.exe'(784) c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll . Completion time: 2012-08-02 19:24:32 ComboFix-quarantined-files.txt 2012-08-02 23:24 ComboFix2.txt 2010-05-11 01:38 . Pre-Run: 2,214,731,776 bytes free Post-Run: 7,013,781,504 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 7259F00158C34E3C5582DA191B13704F
  4. Carya
    Thanks for the prompt help. Here are the results: SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516 File name: tini.sys Detection ratio: 1 / 40 Analysis date: 2012-07-31 23:28:54 UTC ( 1 day, 23 hours ago ) 0 6 More details Antivirus Result Update AhnLab-V3 - 20120731 AntiVir - 20120731 Antiy-AVL - 20120727 Avast - 20120731 AVG - 20120731 BitDefender - 20120731 ByteHero - 20120723 CAT-QuickHeal - 20120731 ClamAV - 20120801 Commtouch - 20120731 Comodo - 20120731 DrWeb - 20120801 Emsisoft - 20120731 eSafe Win32.TrojanHorse 20120731 ESET-NOD32 - 20120731 F-Prot - 20120731 Fortinet - 20120731 GData - 20120731 Ikarus - 20120731 Jiangmin - 20120731 K7AntiVirus - 20120731 Kaspersky - 20120731 McAfee - 20120801 McAfee-GW-Edition - 20120731 Microsoft - 20120731 Norman - 20120731 nProtect - 20120731 Panda - 20120731 Rising - 20120731 Sophos - 20120801 SUPERAntiSpyware - 20120731 Symantec - 20120801 TheHacker - 20120730 TotalDefense - 20120731 TrendMicro - 20120801 TrendMicro-HouseCall - 20120801 VBA32 - 20120731 VIPRE - 20120731 ViRobot - 20120731 VirusBuster - 20120731
  5. Carya
    Hello. I just had the Live Security Platinum hijacker show up on my computer today and after following the guide, I'm still unable to get rid of it with Malware Bytes. I have the current version of the program. I'm attaching my ddss and attach logs. Thanks in advance for your help. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by Kim at 17:54:06 on 2012-08-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1279 [GMT -4:00] . AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Free Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Kim\Desktop\iExplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe . ============== Pseudo HJT Report =============== . uStart Page = www.google.com uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - c:\program files\crossriderwebapps\Crossrider.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: {fa1f57f9-b03d-4c8d-8949-0441b5ac8b25} - No File TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [CrossRiderPlugin] c:\program files\crossriderwebapps\Crossrider.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRunOnce: [036E1BA60000FAA100001A577B07D287] c:\documents and settings\all users\application data\036e1ba60000faa100001a577b07d287\036E1BA60000FAA100001A577B07D287.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [iSW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden" mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [macsri] "c:\windows\system32\rundll32.exe" "c:\documents and settings\kim\application data\macsri.dll",ReadObjectFromFile dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html StartupFolder: c:\docume~1\kim\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\kim\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kim\application data\dropbox\bin\Dropbox.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\soundtaxi\YouTubeRipper.dll IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: cbs.com\www DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247494154828 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{C67231EC-60A4-42AB-BD5C-AED771BB1F94} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\kim\application data\mozilla\firefox\profiles\3unxlj3q.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\kim\application data\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll . ============= SERVICES / DRIVERS =============== . R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-4-28 120832] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-12 36000] R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-12 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-12 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-12 83392] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016] R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-5-12 225856] R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-9-8 23608] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-6-10 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-6-10 166384] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-30 1684736] S3 GSService;GSService;c:\windows\system32\GSService.exe [2011-9-1 450048] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-25 14336] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-10 1124848] S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2011-9-8 244736] . =============== Created Last 30 ================ . 2012-08-02 21:38:53 54016 ----a-w- c:\windows\system32\drivers\yugouo.sys 2012-08-02 19:32:27 9827016 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-08-02 17:28:08 -------- d-----w- c:\documents and settings\kim\local settings\application data\{67F2B0BF-DCC7-11E1-8270-B8AC6F996F26} 2012-08-02 17:28:06 427520 ----a-w- c:\documents and settings\kim\application data\macsri.dll 2012-08-02 17:27:43 -------- d-----w- c:\documents and settings\all users\application data\036E1BA60000FAA100001A577B07D287 2012-07-30 23:12:03 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL 2012-07-30 23:11:24 -------- d-----w- c:\program files\Realtek 2012-07-30 23:11:03 831488 ----a-w- c:\windows\RtlExUpd.dll 2012-07-30 20:25:55 -------- d-----w- c:\program files\iPod 2012-07-30 20:25:31 -------- d-----w- c:\program files\iTunes 2012-07-15 04:37:58 -------- d-----r- c:\program files\Skype 2012-07-14 06:27:52 -------- d-----w- c:\windows\system32\Adobe 2012-07-05 22:45:34 5030088 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2012-07-27 04:33:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-27 04:33:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 13:19:59 1866112 ------w- c:\windows\system32\win32k.sys 2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec 2012-05-09 03:39:41 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys . ============= FINISH: 17:55:17.64 =============== dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.