Jump to content

Grumpytoo

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by Grumpytoo

  1. Diagnostic Report (1.9.0019.0): ----------------------------------------- WGA Data--> Validation Status: Geographically blocked PID Validation Code: 13 Cached Validation Code: N/A Windows Product Key: *****-*****-WGYJY-HHYDH-KKX9B Windows Product Key Hash: wxqOMJsR+LRtbxR3p9MmRqRwfUk= Windows Product ID: 76487-640-0427404-23437 Windows Product ID Type: 1 Windows License Type: Volume Windows OS version: 5.1.2600.2.00010100.3.0.pro ID: {FDAFC751-242A-4DC7-8A50-975DB71B7936}(1) Is Admin: Yes TestCab: 0x0 WGA Version: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: N/A Architecture: N/A Build lab: N/A TTS Error: N/A Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005 Resolution Status: N/A WgaER Data--> ThreatID(s): N/A Version: N/A WGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32) Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.5512] File Mismatch: C:\WINDOWS\system32\setupapi.dll[5.1.2600.5508] Other data--> Office Details: <GenuineResults><MachineData><UGUID>{FDAFC751-242A-4DC7-8A50-975DB71B7936}</UGUID><Version>1.9.0019.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-KKX9B</PKey><PID>76487-640-0427404-23437</PID><PIDType>1</PIDType><SID>S-1-5-21-1757981266-879983540-1801674531</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0808 </Version><SMBIOSVersion major="2" minor="4"/><Date>20080327000000.000000+000</Date></BIOS><HWID>98E8390F01008068</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>E. Australia Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>haiter</name><model>XP-Windows7</model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Licensing Data--> N/A Windows Activation Technologies--> N/A HWID Data--> N/A OEM Activation 1.0 Data--> BIOS string matches: yes Marker string from BIOS: 14FF0:ASUSTeK Computer Inc Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005 OEM Activation 2.0 Data--> N/A
  2. c:\windows\explorer.exe - no virus found ( analisis/96214ea2356ac16f258946223cfdbb6cff6f44a51425fa86ab10abbedd330a71-1262220408 ) c:\windows\system32\winlogon.exe - 2/41 results - eSafe 7.0.17.0 2010.01.05 Win32.Banker ; McAfee-GW-Edition 6.8.5 2010.01.05 Heuristic.LooksLike.Win32.Esploeo.J . ( analisis/5786d04a702ff48ad28fb9e055a6c86509b8c9a01e9b9b6c8b531c6483e79819-1262734005 ) c:\windows\system32\ctfmon.exe 3/41 results : Authentium 5.2.0.5 2010.02.20 W32/Dropper.ASNB eSafe 7.0.17.0 2010.02.18 Win32.Banker F-Prot 4.5.1.85 2010.02.20 W32/Dropper.ASNB analisis/e1e11638ca6670c45287101da8fe5be9dbb258e19e7397493ffcc750e02a09d1-1266752880
  3. Thanks for helping me Attached is the log you requested. ComboFix.txt
  4. MBAM detected TDSS and rogue multiple AV. I fixed it but on reboot it was still there. Ran AVG and fixed the problems it detected.Ran MBAM again and still the same problem.Ran tds killer followed by mbam and now tdss is not detected but I am still being redirected with firefox and sometimes new tabs will open themselves going to odd sites. Ran GMER but when I tried to save the log the PC froze.The 2nd time with gmer cause an instant blue screen and the 3rd time again froze the PC. DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Grumpy at 7:52:20.37 on Wed 04/07/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.450 [GMT 10:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Grumpy\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.au/ mWinlogon: SFCDisable=-99 (0xffffff9d) BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) uPolicies-explorer: NoWindowsUpdate = 1 (0x1) mPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\grumpy\applic~1\mozilla\firefox\profiles\4pr0ylg0.default\ FF - component: c:\documents and settings\grumpy\application data\mozilla\firefox\profiles\4pr0ylg0.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\components\FFExternalAlert.dll FF - component: c:\documents and settings\grumpy\application data\mozilla\firefox\profiles\4pr0ylg0.default\extensions\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\components\RadioWMPCore.dll FF - component: c:\documents and settings\grumpy\application data\mozilla\firefox\profiles\4pr0ylg0.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\sony online entertainment\station launcher\npsoe.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-6 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-6 29512] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-6 242696] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-6 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-6 308064] S3 efipsk;efipsk;\??\c:\docume~1\grumpy\locals~1\temp\efipsk.sys --> c:\docume~1\grumpy\locals~1\temp\efipsk.sys [?] S4 AMDFusionSVC;AMD Fusion Utility Service;c:\program files\amd\amd fusion utility for desktops\FusionSVC.exe [2009-9-8 383544] S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-16 25832] S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] =============== Created Last 30 ================ 2010-04-06 21:50:13 0 ----a-w- c:\documents and settings\grumpy\defogger_reenable 2010-04-06 12:44:52 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-04-06 12:23:44 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2010-04-06 12:23:44 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2010-04-06 12:23:43 0 d-----w- c:\program files\SpywareBlaster 2010-04-06 12:13:54 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-06 11:58:31 0 d--h--w- C:\$AVG 2010-04-06 08:18:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-06 08:18:29 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-06 08:18:27 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-04-06 08:18:17 0 d-----w- c:\windows\system32\drivers\Avg 2010-04-06 08:18:02 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-03-16 07:21:15 23 ----a-w- c:\windows\BlendSettings.ini ==================== Find3M ==================== 2010-04-06 21:26:13 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-03-29 14:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 14:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-18 09:30:20 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-05-18 09:30:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-05-18 09:30:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090519\index.dat 2009-05-18 09:30:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 7:53:29.20 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.