Jump to content

serpntene

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by serpntene

  1. Hi all. I thought I would also mention that the main .exe on this was labeled njg.exe. Can find only one known association which is with mhp.exe.
  2. Okay, if I have read the directions correctly I am supposed to post these logs in the thread. If not, please forgive me as I am half asleep now. Following the directions found here I ran DeFogger but after clicking okay was NOT prompted to reboot the machine. Page says skip any steps that cannot be completed, so I moved along. Mbam most recent log file- Malwarebytes' Anti-Malware 1.44 Database version: 3622 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/29/2010 7:57:10 PM mbam-log-2010-01-29 (19-57-10).txt Scan type: Quick Scan Objects scanned: 145617 Time elapsed: 7 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS DDS (Ver_09-12-01.01) - NTFSx86 Run by Rebecca Cooper at 21:59:28.93 on Fri 01/29/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.189 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Rebecca Cooper\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie {d3f669eb-57ce-4f45-8fbd-e245cbb46366} BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [F5JMWNZTHI] c:\docume~1\rebecc~1\locals~1\temp\Njg.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Tnadecaguh] rundll32.exe "c:\windows\ureconisixe.dll",Startup mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\windows\temp\drweb.exe mPolicies-system: EnableLUA = 0 (0x0) dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) dPolicies-explorer: NoFolderOptions = 1 (0x1) dPolicies-system: DisableTaskMgr = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy-dash-game/online/DairyDashWeb.1.0.0.15.cab DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} - hxxp://www.arcadetown.com/swf/tastyplanet.1.0.0.4.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8ADC4409-4FBF-4224-B73F-2392C721BCB4} - hxxp://games.bigfishgames.com/en_butterflyescape/online/GenimoWebGamesControl.cab DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} - hxxp://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab TCP: NameServer = 93.188.162.14,93.188.166.53 TCP: {3AB791B3-C287-41A3-97A2-9590EC30B539} = 93.188.162.14,93.188.166.53 AppInit_DLLs: c:\windows\system32\kbdsock.dll c:\windows\system32\zomejuhe.dll,tuvikize.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: sumonapuj - {fd133537-5e84-4609-b87c-f7eb084b7b27} - c:\windows\system32\zomejuhe.dll STS: kupuhivus: {fd133537-5e84-4609-b87c-f7eb084b7b27} - c:\windows\system32\zomejuhe.dll LSA: Notification Packages = scecli tuneyevi.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\rebecc~1\applic~1\mozilla\firefox\profiles\im81q534.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: XULRunner: {CE436162-C178-4635-BFA4-F00E8FBFEF6C} - c:\documents and settings\rebecca cooper\local settings\application data\{CE436162-C178-4635-BFA4-F00E8FBFEF6C} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-4 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-4 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-4 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-30 56816] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S0 tkqti;tkqti; [x] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [2007-5-15 13765] =============== Created Last 30 ================ 2010-01-30 02:53:38 0 ----a-w- c:\documents and settings\rebecca cooper\defogger_reenable 2010-01-29 23:26:47 0 ----a-w- c:\windows\Jcufivolupufax.bin 2010-01-29 23:26:46 120 ----a-w- c:\windows\Tlasac.dat 2010-01-21 23:05:19 0 d-----w- c:\program files\Avenue Flo 2010-01-12 19:15:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-12 03:33:29 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Hot Lava Games 2010-01-11 13:43:43 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Genimo 2010-01-05 20:07:53 1148 -c----w- c:\windows\system32\dllcache\snd.htm 2010-01-05 20:06:54 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2010-01-05 20:06:54 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll 2010-01-05 20:06:20 294912 -c----w- c:\windows\system32\dllcache\msaud32.acm 2010-01-05 20:06:15 97117 -c----w- c:\windows\system32\dllcache\mplayer2.hlp 2010-01-05 20:06:15 2778 -c----w- c:\windows\system32\dllcache\mplogoh.gif 2010-01-05 20:06:15 2545 -c----w- c:\windows\system32\dllcache\mplogo.gif 2010-01-05 20:06:15 1885 -c----w- c:\windows\system32\dllcache\mplayer2.cnt 2010-01-05 20:06:15 18286 -c----w- c:\windows\system32\dllcache\mplayer2.inf 2010-01-05 20:05:58 457607 -c----w- c:\windows\system32\dllcache\mdlib.wmv 2010-01-05 20:05:34 290816 -c----w- c:\windows\system32\dllcache\l3codeca.acm 2010-01-05 20:05:05 81920 ------w- c:\windows\system32\ieencode.dll 2010-01-05 20:04:31 5971 -c----w- c:\windows\system32\dllcache\events.js 2010-01-05 20:04:14 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2010-01-05 20:04:02 9585 -c----w- c:\windows\system32\dllcache\controls.css 2010-01-05 20:04:02 8298 -c----w- c:\windows\system32\dllcache\contents.htm 2010-01-05 20:04:02 6878 -c----w- c:\windows\system32\dllcache\controls.js 2010-01-05 20:04:02 381425 -c----w- c:\windows\system32\dllcache\copycd.wmv 2010-01-05 20:03:59 184959 -c----w- c:\windows\system32\dllcache\compact.wmz 2010-01-05 20:03:57 773 -c----w- c:\windows\system32\dllcache\cnth.gif 2010-01-05 20:03:57 773 -c----w- c:\windows\system32\dllcache\cnt.gif 2010-01-05 20:03:57 772 -c----w- c:\windows\system32\dllcache\cntd.gif 2010-01-05 20:03:56 760 -c----w- c:\windows\system32\dllcache\cloapph.gif 2010-01-05 20:03:56 717 -c----w- c:\windows\system32\dllcache\cloapp.gif 2010-01-05 20:03:43 999 -c----w- c:\windows\system32\dllcache\bktrh.gif 2010-01-04 17:38:54 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Avira 2010-01-03 04:25:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-03 04:25:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-03 03:38:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-01-03 03:34:57 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-01-03 03:34:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-01-03 03:34:55 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-01-03 03:34:55 110592 -c----w- c:\windows\system32\dllcache\services.exe 2010-01-03 03:34:54 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-01-03 03:34:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-01-03 03:34:52 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2010-01-03 03:34:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-01-03 03:34:50 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-01-03 03:33:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-01-03 03:33:07 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-01-03 03:33:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-03 03:33:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-01-03 03:32:56 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-01-03 03:32:31 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-01-03 03:30:47 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-01-03 03:28:22 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2010-01-03 03:28:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-03 03:28:19 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2010-01-03 03:28:15 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-01-03 03:28:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2010-01-03 03:27:38 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-01-03 03:27:37 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-01-03 03:27:36 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-01-03 03:27:21 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-01-02 03:46:59 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll 2010-01-02 03:45:59 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll 2010-01-02 03:44:59 82172 -c--a-w- c:\windows\system32\dllcache\bopomofo.nls 2010-01-02 03:44:59 66728 -c--a-w- c:\windows\system32\dllcache\big5.nls 2010-01-02 03:44:55 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll 2010-01-02 03:44:52 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll 2010-01-02 03:43:05 488 ---ha-r- c:\windows\system32\logonui.exe.manifest 2010-01-02 03:42:58 749 ---ha-r- c:\windows\WindowsShell.Manifest 2010-01-02 03:42:58 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest 2010-01-02 03:42:58 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest 2010-01-02 03:42:58 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest 2010-01-02 03:34:50 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys 2010-01-02 03:31:04 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-01-02 03:31:04 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-01-02 03:31:04 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-01-02 03:31:04 13312 ----a-w- c:\windows\system32\irclass.dll 2010-01-02 03:30:51 8574 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT 2010-01-02 03:30:51 7382 -c--a-w- c:\windows\system32\dllcache\OEMBIOS.CAT 2010-01-02 03:30:50 797189 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT 2010-01-02 03:30:50 399645 -c--a-w- c:\windows\system32\dllcache\MAPIMIG.CAT 2010-01-02 03:30:50 37484 -c--a-w- c:\windows\system32\dllcache\MW770.CAT 2010-01-02 03:30:50 13472 -c--a-w- c:\windows\system32\dllcache\HPCRDP.CAT 2010-01-01 21:55:34 401096704 ----a-w- c:\windows\MEMORY.DMP ==================== Find3M ==================== 2010-01-02 03:42:09 22720 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-30 06:36:54 992 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-08 11:00:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2007-06-01 09:37:40 774144 ----a-w- c:\program files\RngInterstitial.dll ============= FINISH: 22:00:11.48 =============== ARK and Attach are zipped and attached to this post. If archived them right. If I didn't, I can always attach them separately. Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.