Jump to content

booma123456

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Blade, Thanks for your help! Please find attached the combofix and dds logs. Thanks! ComboFix.txt DDS.txt
  2. Hey all, Hopefully someone can help me with this... MBAM didn't find anything, so I ran DeFogger, GMER. Here are the attached logs: __________________ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4190 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/11/2010 10:08:09 PM mbam-log-2010-06-11 (22-08-09).txt Scan type: Full scan (C:\|) Objects scanned: 163699 Time elapsed: 29 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ______________________ DDS (Ver_10-03-17.01) - NTFSx86 Run by Chao at 22:51:23.83 on Fri 06/11/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.499 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Chao\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Chao\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/linksys mDefault_Page_URL = hxxp://my.yahoo.com/linksys mStart Page = hxxp://my.yahoo.com/linksys BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [Google Update] "c:\documents and settings\chao\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe" mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Notify: avgrsstarter - avgrsstx.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\chao\applic~1\mozilla\firefox\profiles\wvq3yj5m.default\ FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\chao\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-22 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-24 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-24 29584] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-24 242896] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-3-11 1872320] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328] =============== Created Last 30 ================ 2010-06-12 02:49:14 0 ----a-w- c:\documents and settings\chao\defogger_reenable 2010-06-07 22:44:28 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-25 14:50:11 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-05-25 14:50:11 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-05-25 14:50:11 0 d-----w- c:\program files\Real Alternative 2010-05-21 03:51:52 0 d-----w- c:\program files\MSECache 2010-05-19 05:27:45 0 d-----w- c:\program files\VideoLAN ==================== Find3M ==================== 2010-06-02 22:34:39 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-05-30 16:21:37 30112 ----a-w- c:\docume~1\chao\applic~1\GDIPFONTCACHEV1.DAT 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-24 21:54:24 172032 ----a-w- c:\windows\system32\nvuide.exe 2009-12-25 19:38:14 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat ============= FINISH: 22:52:51.92 =============== Hopefully someone can help? TIA! attach.zip
  3. So I think I have a problem with Malware, but I'm honestly not sure. A few days ago, my computer started restarting at random times. It's gotten more and more frequent since then. I'd done MBAM scans and found nothing. I've done a-squared scans and found nothing. I've done Spybot scans and found nothing. I've done Avast! scans and found nothing. I went to the Event Viewer (I'm using Windows XP Pro) and the errors I keep getting are from "Service Control Manager" event 7026. Sometimes there's an error from "disk" (error 7). I *think* that the restarts might have something to do with that? I thought it might have been that I was using too many system resources, but I haven't been doing anything differently since before the restarts started happening and if anything, I'm using up less memory/running less programs. Anyone have any ideas? Thanks!
  4. Hi elise, I currently use AVG free, is that good enough, or should I download one of the other firewalls you mentioned as well? Also, I ran ESET and it found some things. I've attached the relevant file. One more thing -- in running MBAM and trying to get it to work, I've had to rename the file, should I copy and past the exe file back with mbam.exe now or should I just keep using it with the new (random) name? esetscan.txt
  5. Thanks, just ran MBAM again, and got something like 10 infections. Attached is the log file. I've also been asked to restart, which I'll be doing immediately. mbam_log_2010_02_28__15_08_11_.txt
  6. Hi Elise, Thanks again! Here's the most recent log after I copy and pasted that script. combofix1.txt
  7. Hi elise, thanks so much for getting back to me. I ran combofix and uninstalled bitcomet (I temporarily turned off AVG free, and then turned back on again) and have attached the text log. combofix.txt
  8. Hi All, I was hoping you could help me with whatever is wrong with my computer. I recently started experiencing pop-ups that have asked me to install stopzilla (I didn't, but I'm not sure x'ing out of it matters). I ran a-squared, Malwarebytes, and spybot. It got some stuff it seems like, but most recently Malwarebytes runs, finds 2 things, asks to restart, but when it restarts I get an error and can't seem to get rid of the last two trojans. I have the following logs available: mbam, DDS, Attach, and ark. Malwarebytes' Anti-Malware 1.44 Database version: 3805 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/28/2010 8:53:01 AM mbam-log-2010-02-28 (08-53-01).txt Scan type: Full Scan (C:\|H:\|) Objects scanned: 237804 Time elapsed: 57 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\minibozeyi (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_09-12-01.01) - NTFSx86 Run by Chao at 9:04:52.70 on Sun 02/28/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1497 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Malwarebytes' Anti-Malware\UBbU1TThw.exe C:\Documents and Settings\Chao\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {6d0b2967-c527-48c5-93e6-c5622f18ed41} - hufowebi.dll uRun: [Google Update] "c:\documents and settings\chao\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [DXDllRegExe] dxdllreg.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nemuravam] Rundll32.exe "c:\windows\system32\zepulabe.dll",a mRun: [minibozeyi] Rundll32.exe "yoduvofa.dll",s dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-system: EnableLUA = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll AppInit_DLLs: c:\windows\system32\ c:\windows\system32\zibuzuhu.dll c:\windows\system32\zepulabe.dll,sajuyaya.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SSODL: kuvazumog - {d827dd22-05b8-4f43-a57d-b25fcbd53188} - c:\windows\system32\zibuzuhu.dll SSODL: tosubejor - {680f411f-62c0-4955-859b-3ca694431cbe} - c:\windows\system32\zepulabe.dll STS: kupuhivus: {d827dd22-05b8-4f43-a57d-b25fcbd53188} - c:\windows\system32\zibuzuhu.dll STS: jugezatag: {680f411f-62c0-4955-859b-3ca694431cbe} - c:\windows\system32\zepulabe.dll LSA: Notification Packages = scecli mlode32.dll sajuyaya.dll IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe IFEO: MSASCui.exe - c:\windows\system32\svchost.exe IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe IFEO: msseces.exe - c:\windows\system32\svchost.exe Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\chao\applic~1\mozilla\firefox\profiles\hklj41w4.default\ FF - prefs.js: browser.startup.homepage - hxxps://webmail.tufts.edu/|https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2|http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1188609840&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855|http://goat.law.upenn.edu/ FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\chao\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\chao\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\chao\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMXENG.DLL FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-10-12 28424] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 360584] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-1-19 1858144] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-24 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-24 285392] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S0 mzpgiy;mzpgiy; [x] S2 duppxahze;duppxahze;\??\c:\windows\system32\drivers\wonvpk.sys --> c:\windows\system32\drivers\wonvpk.sys [?] S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-10-29 644096] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] =============== Created Last 30 ================ 2010-02-28 14:01:17 148 -c--a-w- c:\documents and settings\chao\defogger_reenable 2010-02-28 04:39:02 696832 -c--a-w- c:\windows\isRS-000.tmp 2010-02-28 04:38:59 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-28 04:38:57 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-02-28 02:05:36 95 -c--a-w- c:\windows\wininit.ini 2010-02-27 22:31:47 0 dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-27 22:17:38 0 dc----w- c:\program files\Dr. Guard 2010-02-10 02:19:35 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll 2010-02-10 02:19:24 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2010-02-10 02:19:14 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll 2010-02-10 02:19:14 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll 2010-02-10 02:19:11 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe 2010-02-07 19:42:49 0 dc----w- c:\program files\Overland 2010-02-06 17:32:01 90112 -c--a-r- c:\windows\system32\hpovst08.dll 2010-02-06 17:32:01 565248 -c--a-r- c:\windows\system32\hpotscl.dll 2010-02-06 16:56:58 38867 -c----w- c:\windows\hpomdl03.dat 2010-02-06 16:56:58 29258 -c--a-w- c:\windows\hpoins03.dat 2010-02-06 15:45:29 0 dc----w- c:\windows\system32\NtmsData 2010-02-05 23:20:35 626960 -c--a-r- c:\windows\system32\hpvaut32.dll 2010-02-05 23:20:35 487424 -c--a-r- c:\windows\system32\hpvcp70.dll 2010-02-05 23:20:35 44544 -c--a-r- c:\windows\system32\MSXML4a.dll 2010-02-05 23:20:35 344064 -c--a-r- c:\windows\system32\hpvcr70.dll 2010-02-05 23:17:08 0 dc----w- c:\program files\common files\HP 2010-02-05 23:16:41 35840 -c--a-w- c:\windows\system32\drivers\AFS2K.SYS 2010-02-05 23:11:38 38867 -c----w- c:\windows\hpomdl03.dat.temp 2010-02-05 23:11:38 29188 -c----w- c:\windows\hpoins03.dat.temp 2010-02-05 17:14:59 0 dc----w- c:\program files\common files\Hewlett-Packard 2010-02-05 17:12:59 15104 -c--a-w- c:\windows\system32\drivers\usbscan.sys 2010-02-05 17:12:59 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-02-05 17:12:31 0 dc----w- c:\program files\HP 2010-02-05 17:11:04 21744 -c--a-w- c:\windows\system32\drivers\HPZius12.sys 2010-02-05 17:11:04 16496 -c--a-w- c:\windows\system32\drivers\HPZipr12.sys 2010-02-05 17:11:03 51088 -c--a-w- c:\windows\system32\drivers\hpzid412.sys 2010-02-05 17:11:00 274432 -c--a-r- c:\windows\system32\hpgwiamd.dll 2010-02-05 17:11:00 270336 -c--a-w- c:\windows\system32\HPZc3212.dll ==================== Find3M ==================== 2010-02-28 14:02:35 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs 2010-02-28 14:02:32 0 -c--a-w- c:\windows\system32\drivers\logiflt.iad 2009-12-31 16:50:03 353792 -c--a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14:05 916480 -c--a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43:27 343040 -c--a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08:23 33280 -c--a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26:15 2145280 -c--a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43:51 2023936 -c--a-w- c:\windows\system32\ntkrnlpa.exe 1601-01-01 00:03:28 65024 -csha-w- c:\windows\system32\gojidisi.dll 1601-01-01 00:03:52 65024 -csha-w- c:\windows\system32\hufowebi.dll 1601-01-01 00:03:28 40960 -csha-w- c:\windows\system32\kifupiza.dll 1601-01-01 00:03:52 65024 -csha-w- c:\windows\system32\yoduvofa.dll 1601-01-01 00:03:28 95232 -csha-w- c:\windows\system32\zepulabe.dll 2009-04-29 07:18:13 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042920090430\index.dat ============= FINISH: 9:05:27.78 =============== I'd appreciate any help with this, thanks! ark.zip Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.