Jump to content

mongoose2

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mongoose2
    seems all ok she's had it from sunday and hasn't rung with any problems Barry
  2. mongoose2
    seems good not my machine friend will get it back monday when she returns from holiday Many thanks Barry
  3. mongoose2
    A0000289.ocx;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3;Adware.Gdown;Moved.; I have turned off system restore. Should I delete the files in systen volume information then turn system restore back on Barry above is log from DrWeb
  4. mongoose2
    just dl Dr Cure final MBAM log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4176 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 08/06/2010 18:27:48 mbam-log-2010-06-08 (18-27-48).txt Scan type: Quick scan Objects scanned: 129804 Time elapsed: 14 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Barry be back when latest scan finished
  5. mongoose2
    have run a number of scans Avira removed 29 infections online scanner Nod removed 2 more running malwarebytes again but seems clear now Thanks for all your help Is there anything else I can run Barry
  6. mongoose2
    Thats positive malwarebytes is running log as follows Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4176 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07/06/2010 20:56:59 mbam-log-2010-06-07 (20-56-59).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 190114 Time elapsed: 53 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickyPlaeyr (Trojan.DNSChanger) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c6264c5-45a6-4a3a-9c73-b0d73d722e61}\NameServer (Trojan.DNSChanger) -> Data: 85.255.0.0,85.255.0.0 -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\QuickyPlaeyr (Trojan.DNSChanger) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Chloe\My Documents\Free.Movie.License.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\QuickyPlaeyr\Uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Program Files\eGames\BUGS\egames.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\eGames\Moon Buggy\egames.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\eGames\Moonshot\egames.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\eGames\Nebulae Fighter SE\egames.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully. Barry
  7. mongoose2
    as requested ComboFix 10-06-06.05 - VAL 07/06/2010 18:05:24.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.166 [GMT 1:00] Running from: f:\malwarebytes\Combo-Fix.exe AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\gxvxctcnaydrhljnsirnnexqmnilusrdsofvq.sys c:\windows\system32\gxvxccounter c:\windows\system32\gxvxclqifnbmtubhqftxonuamwcxbprsaydpn.dll c:\windows\system32\Vb40016.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gxvxcserv.sys -------\Legacy_gxvxcserv.sys ((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 ))))))))))))))))))))))))))))))) . 2010-06-07 15:24 . 2010-06-07 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-06-06 20:00 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-06 20:00 . 2010-06-06 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-06 20:00 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-06 19:41 . 2010-06-06 19:41 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-06-06 19:34 . 2010-06-06 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-06 18:18 . 2010-06-06 18:18 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-06-06 18:18 . 2010-06-06 18:18 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-06-06 16:33 . 2010-06-06 16:33 -------- d-----w- C:\$AVG 2010-06-06 16:20 . 2010-06-06 16:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-06 16:20 . 2010-06-06 18:18 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-06 16:20 . 2010-06-06 16:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-06 16:20 . 2010-06-06 18:18 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-06 16:19 . 2010-06-07 13:57 -------- d-----w- c:\windows\system32\drivers\Avg 2010-06-06 16:16 . 2010-06-06 16:16 -------- d-----w- c:\program files\AVG 2010-06-06 16:15 . 2010-06-06 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-07 17:17 . 2009-02-19 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki 2010-06-07 16:53 . 2006-07-19 08:56 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-06-07 16:47 . 2006-07-19 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-06-07 16:44 . 2007-10-29 13:54 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-07 16:42 . 2008-05-05 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-10 06:15 . 2004-08-10 11:51 420352 ----a-w- c:\windows\system32\vbscript.dll 2008-05-05 22:13 . 2008-05-06 10:03 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-03-29 17:14 . 2008-03-29 17:14 56 --sh--r- c:\windows\system32\6DAB9D232C.sys 2010-02-23 09:54 . 2007-01-07 11:47 88 --sh--r- c:\windows\system32\747A50FC76.sys 2010-02-23 09:54 . 2007-01-07 11:47 6060 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-24 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "UIExec"="c:\program files\T-Mobile Mobile Broadband Manager\UIExec.exe" [2009-07-16 132608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-06 16:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2007-12-07 15:30 71008 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2006-02-09 22:34 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2004-07-19 06:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] 2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-05-05 22:13 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1236169364\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-10-14 12:49 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-06-10 09:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-06-10 09:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] 2005-07-12 18:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2007-10-18 11:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-07-19 09:00 98304 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-02-24 16:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-11-05 21:58 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Common Files\\AOL\\1236169364\\ee\\aolsoftware.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06/06/2010 17:20 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [06/06/2010 17:20 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [06/06/2010 17:18 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [06/06/2010 17:18 308064] R2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Mobile Broadband Manager\AssistantServices.exe [23/02/2010 10:55 241664] S2 gupdate1c9ba8b2ac68e6;Google Update Service (gupdate1c9ba8b2ac68e6);c:\program files\Google\Update\GoogleUpdate.exe [11/04/2009 10:50 133104] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/07/2006 10:04 29744] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [23/02/2010 10:55 9728] --- Other Services/Drivers In Memory --- *Deregistered* - BMLoad . Contents of the 'Scheduled Tasks' folder 2010-06-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-21 02:59] 2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 09:50] 2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 09:50] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe TCP: {9C6264C5-45A6-4A3A-9C73-B0D73D722E61} = 85.255.0.0,85.255.0.0 DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\VAL\Application Data\Mozilla\Firefox\Profiles\mlc5zxk4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\VAL\Application Data\Mozilla\Firefox\Profiles\mlc5zxk4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\T-Mobile Mobile Broadband Manager\addon\components\bmboc_addon3.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-Norton Ghost 10 - c:\program files\Norton Ghost\Agent\GhostTray.exe MSConfigStartUp-O2Start - c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-07 18:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(612) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\WinZip\wzshlstb.dll c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\System32\DLA\DLASHX_W.DLL c:\windows\system32\DLAAPI_W.DLL c:\windows\System32\DLA\DLACResW.dll c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll c:\windows\system32\wpdshext.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Dell Network Assistant\hnm_svc.exe c:\program files\Kontiki\KService.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe . ************************************************************************** . Completion time: 2010-06-07 18:21:12 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-07 17:21 Pre-Run: 33,522,696,192 bytes free Post-Run: 33,926,455,296 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - BF57C07D5B4CD0B46372A52CA4DD0D56 and new DDs DDS (Ver_10-03-17.01) - NTFSx86 Run by VAL at 18:22:12.85 on 07/06/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.139 [GMT 1:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\explorer.exe F:\malwarebytes\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [uIExec] "c:\program files\t-mobile mobile broadband manager\UIExec.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab TCP: {9C6264C5-45A6-4A3A-9C73-B0D73D722E61} = 85.255.0.0,85.255.0.0 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\val\applic~1\mozilla\firefox\profiles\mlc5zxk4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\val\application data\mozilla\firefox\profiles\mlc5zxk4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\t-mobile mobile broadband manager\addon\components\bmboc_addon3.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-6 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-6 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-6 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-6 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-6 308064] R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile mobile broadband manager\AssistantServices.exe [2010-2-23 241664] S2 gupdate1c9ba8b2ac68e6;Google Update Service (gupdate1c9ba8b2ac68e6);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-7-19 29744] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-2-23 9728] =============== Created Last 30 ================ 2010-06-07 16:57:35 0 d-sha-r- C:\cmdcons 2010-06-07 16:54:19 98816 ----a-w- c:\windows\sed.exe 2010-06-07 16:54:19 77312 ----a-w- c:\windows\MBR.exe 2010-06-07 16:54:19 256512 ----a-w- c:\windows\PEV.exe 2010-06-07 16:54:19 161792 ----a-w- c:\windows\SWREG.exe 2010-06-06 20:00:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-06 20:00:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-06 20:00:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-06 19:34:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-06 16:33:50 0 d-----w- C:\$AVG 2010-06-06 16:20:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-06 16:20:12 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-06 16:20:11 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-06 16:19:47 0 d-----w- c:\windows\system32\drivers\Avg 2010-06-06 16:16:06 0 d-----w- c:\program files\AVG 2010-06-06 16:15:44 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 ==================== Find3M ==================== 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2008-03-29 17:14:25 56 --sh--r- c:\windows\system32\6DAB9D232C.sys 2010-02-23 09:54:07 88 --sh--r- c:\windows\system32\747A50FC76.sys 2010-02-23 09:54:08 6060 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-02-12 12:41:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021220090213\index.dat ============= FINISH: 18:22:54.67 =============== Attach.zip
  8. mongoose2
    As requested PC infected with rootkit Malwarebytes wont run attached logs from GMER and DDS DDS (Ver_10-03-17.01) - NTFSx86 Run by VAL at 16:18:52.42 on 07/06/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.116 [GMT 1:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe F:\malwarebytes\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Bar = uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [uIExec] "c:\program files\t-mobile mobile broadband manager\UIExec.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab TCP: NameServer = 85.255.0.0,85.255.0.0 TCP: {9C6264C5-45A6-4A3A-9C73-B0D73D722E61} = 85.255.0.0,85.255.0.0 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\val\applic~1\mozilla\firefox\profiles\mlc5zxk4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\val\application data\mozilla\firefox\profiles\mlc5zxk4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\t-mobile mobile broadband manager\addon\components\bmboc_addon3.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-6 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-6 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-6 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-6 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-6 308064] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488] R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-7-19 822424] R2 UI Assistant Service;UI Assistant Service;c:\program files\t-mobile mobile broadband manager\AssistantServices.exe [2010-2-23 241664] S2 gupdate1c9ba8b2ac68e6;Google Update Service (gupdate1c9ba8b2ac68e6);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-7-19 29744] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-2-23 9728] =============== Created Last 30 ================ 2010-06-06 20:00:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-06 20:00:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-06 20:00:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-06 19:34:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-06 16:33:50 0 d--h--w- C:\$AVG 2010-06-06 16:20:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-06 16:20:12 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-06 16:20:11 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-06 16:19:47 0 d-----w- c:\windows\system32\drivers\Avg 2010-06-06 16:16:06 0 d-----w- c:\program files\AVG 2010-06-06 16:15:44 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 ==================== Find3M ==================== 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll 2008-03-29 17:14:25 56 --sh--r- c:\windows\system32\6DAB9D232C.sys 2010-02-23 09:54:07 88 --sh--r- c:\windows\system32\747A50FC76.sys 2010-02-23 09:54:08 6060 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-02-12 12:41:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021220090213\index.dat ============= FINISH: 16:19:43.75 =============== I can see from Googling its a rootkit trojan just how do I get rid of it Barry ark.txt Attach.zip
  9. mongoose2
    windows xp service pack 3 and no error message. had task manager open and nothing appeared in there Barry
  10. mongoose2
    I have read topic on TSSS stopping Malwarebytes from running however on the PC I have been asked to look at for a friend there is no sign of TSSS. The problem stems from being run without a firewall or antivirus being installed. the list of prblems are as follows 1. rightclicking the HD and selecting properties causes Explorer.exe to crash. 2. Cannot run defrag nor can I scan the HD with Microsoft tools. 3. I installed AVG free without any issues it found 6 infections which are in the Virus Vault. 4. downloaded M-Ban.exe renamed it and installed (no problems) will not run in either safe mode or normal 5. AVG free will not run in safe mode but will run in Normal? Any suggestions as to what to do next. I have some computer skills but am no expert. Barry
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.