Jump to content

pomygit

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks again- after much consideration I am still not happy that I have found the source of the browser hijack in my PC. I am still getting redirects from Firefox, so in the interests of security and peace of mind I have decided to format and with the aid of malwarebytes and AVG, try to keep the system clean. I thank the forum for its assistance in getting rid of 90% of the malware issues regards. Note that My laptop may be a separate matter
  2. So my blocker is still getting attacks- 06:18:59 DON MESSAGE Protection started successfully 06:19:09 DON MESSAGE IP Protection started successfully 06:42:52 DON IP-BLOCK 199.80.55.81 06:42:55 DON IP-BLOCK 199.80.55.81 06:43:01 DON IP-BLOCK 199.80.55.81 06:45:08 DON IP-BLOCK 208.94.233.40 06:45:11 DON IP-BLOCK 208.94.233.40 06:45:17 DON IP-BLOCK 208.94.233.40 thanks
  3. Ok I have now got rid of the P2p and paid for th upgrade to AVG latest copy. But I still seem to be getting browser redirects to odd sites. Is there some evidence of a known piece of Malware in the logs? if not perhaps there is something else I can try rather than a full format thanks
  4. I have recently (10 days ago) bought and installed Malwarebytes as a result of suspicions that there was too much activity going through my modem when no one was using a pc. Yesterday Malwarebytes detected and blocked 20 'attacks' from the same IP. I guess I need to know if this is way above normal activity? or because there was 20 blocks does this indicate that I have an issue?. My assumption is that blocks are not random - but instead derive from a trojan already on my machine. But is this wrong? Thanks for considering this
  5. There is a lot of strange stuff going on. Below is the text log from eset. However the securitycheck.exe seems to be killed as soon as it downloads- simply dissappears.- for this reason I have not run it also attached is the pdf print from total virus -------------------- follows_ log from eset H:\Documents and Settings\Anne\Local Settings\Application Data\Mozilla\Firefox\Profiles\evo0e5ly.default\Cache\5A0EA848d01 JS/Fraud.NAB trojan cleaned by deleting - quarantined H:\Documents and Settings\DON\Local Settings\Application Data\Identities\{8E10BF67-C6ED-497C-BDB5-B78EB27FA0D4}\Microsoft\Outlook Express\Inbox.dbx multiple threats unable to clean H:\Documents and Settings\DON\NetHood\business on mss-00260A (Mss-00260a)\2003_files\temp graham\6P6XGHQN\java[1].htm JS/NoClose.M trojan cleaned by deleting - quarantined H:\Documents and Settings\DON\NetHood\business on mss-00260A (Mss-00260a)\downloads\Roxio Easey Media Creater 7.5\Roxio Easy Media Creator 7.5 (2 X Cd Isos).rar probably a variant of Win32/Agent.MKLEVLM trojan deleted - quarantined H:\Documents and Settings\Holly\Local Settings\Application Data\Mozilla\Firefox\Profiles\wiwasr8n.default\Cache(4)\45622BE0d01 HTML/ScrInject.B.Gen virus deleted - quarantined H:\DUMP\Local\Identities\{096D1D67-7211-4FF1-AB6C-1B1E2F93FB0E}\Microsoft\Outlook Express\Inbox.dbx multiple threats unable to clean ----------------- enclosed pdf from virustotal. VirusTotal_dll_log.pdf
  6. After using Combofix this morning on my main PC - I have checked my log after 3 hours and three reboots. So far looking at the Malware bytes log I have not had an IP- block come up. This is promising so I hope that my earlier posts of the last log files look good. If the logs look good then I would like to start a scan and perhaps fix on my Laptop. But should I run Combo fixt first as it seems to have proved to be the most successful tool? Note that I have had 3 IP blocks today on this laptop. Not nearly as bad as my PC. My Laptop runs windows Vista (My pc is XP service pack 3) so there may be other issues here that you have to consider. thank you Don
  7. I have now run combo fix and also again run DDS.Scr and created a new dds.text file I trust this is correct- thanks Don DDS_new.txt combofix_log.txt
  8. thanks Chris - I am away from my PC till Friday so will do as you suggest for Friday evening (Sydney
  9. I have posted a typical day of IP blocks - this is from the Malwarebytes log- It seems excessive to me to have so many blocked attacks and it is this that concerns me more than anything. If I trace the Ip for these blocks there are many from Russia and china - obviously I am no pleased about this ------------------ 05:03:59 Anne IP-BLOCK 87.242.115.49 05:04:01 Anne IP-BLOCK 87.242.115.49 05:04:05 Anne IP-BLOCK 87.242.115.49 05:04:10 Anne IP-BLOCK 89.149.209.150 05:04:12 Anne IP-BLOCK 89.149.209.150 05:04:16 Anne IP-BLOCK 89.149.209.150 08:34:01 DON MESSAGE Protection started successfully 08:34:36 DON MESSAGE IP Protection started successfully 08:38:38 DON IP-BLOCK 89.149.209.150 08:38:40 DON IP-BLOCK 89.149.209.150 08:38:44 DON IP-BLOCK 89.149.209.150 09:00:52 DON IP-BLOCK 88.85.93.35 09:00:55 DON IP-BLOCK 88.85.93.35 09:01:01 DON IP-BLOCK 88.85.93.35 09:01:08 DON IP-BLOCK 88.85.93.35 09:01:11 DON IP-BLOCK 88.85.93.35 09:01:17 DON IP-BLOCK 88.85.93.35 10:07:34 DON IP-BLOCK 115.84.178.117 10:07:36 DON IP-BLOCK 115.84.178.117 10:07:40 DON IP-BLOCK 115.84.178.117 12:29:32 DON IP-BLOCK 121.10.236.133 12:29:37 DON IP-BLOCK 121.10.236.133 12:29:42 DON IP-BLOCK 121.10.236.133 12:29:47 DON IP-BLOCK 121.10.236.133 12:29:52 DON IP-BLOCK 121.10.236.133 16:38:28 DON IP-BLOCK 89.149.209.150 16:38:30 DON IP-BLOCK 89.149.209.150 16:38:34 DON IP-BLOCK 89.149.209.150 16:38:41 DON IP-BLOCK 87.242.115.49 16:38:43 DON IP-BLOCK 87.242.115.49 16:38:47 DON IP-BLOCK 87.242.115.49 17:19:20 DON MESSAGE Protection started successfully 17:19:26 DON MESSAGE IP Protection started successfully 17:20:22 DON IP-BLOCK 115.84.178.117 17:20:24 DON IP-BLOCK 115.84.178.117 17:20:28 DON IP-BLOCK 115.84.178.117 17:21:19 DON IP-BLOCK 89.187.53.8 17:21:22 DON IP-BLOCK 89.187.53.8 17:21:28 DON IP-BLOCK 89.187.53.8 17:23:05 DON IP-BLOCK 89.149.209.150 17:23:07 DON IP-BLOCK 89.149.209.150 17:23:11 DON IP-BLOCK 89.149.209.150 17:23:18 DON IP-BLOCK 87.242.115.49 17:23:20 DON IP-BLOCK 87.242.115.49 17:23:24 DON IP-BLOCK 87.242.115.49 17:49:35 DON MESSAGE Protection started successfully 17:49:40 DON MESSAGE IP Protection started successfully 18:39:20 DON MESSAGE Protection started successfully 18:39:45 DON MESSAGE IP Protection started successfully 18:40:42 DON IP-BLOCK 89.149.209.150 18:40:44 DON IP-BLOCK 89.149.209.150 18:40:48 DON IP-BLOCK 89.149.209.150 21:49:00 DON MESSAGE Protection started successfully 21:49:05 DON MESSAGE IP Protection started successfully
  10. Yes of course you are absolutely correct - I could not get it to work without locking and tried for 24 hours- never mind Ok so this is my dds file pasted and attached is the attach file- Is there another file I should send up? DDS (Ver_10-03-17.01) - NTFSx86 Run by DON at 17:22:32.28 on Mon 30/08/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1023.65 [GMT 10:00] AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== H:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe H:\WINDOWS\System32\svchost.exe -k netsvcs H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe H:\WINDOWS\system32\ZoneLabs\vsmon.exe H:\WINDOWS\system32\spoolsv.exe svchost.exe H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe H:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe H:\PROGRA~1\AVG\AVG8\avgam.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\system32\inetsrv\inetinfo.exe H:\PROGRA~1\AVG\AVG8\avgrsx.exe H:\Program Files\Java\jre6\bin\jqs.exe H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\svchost.exe -k imgsvc H:\PROGRA~1\AVG\AVG8\avgemc.exe H:\WINDOWS\system32\wuauclt.exe H:\Program Files\AVG\AVG8\avgcsrvx.exe H:\Program Files\Java\jre6\bin\jusched.exe H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\system32\RUNDLL32.EXE H:\WINDOWS\system32\LVCOMSX.EXE H:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE H:\Program Files\Logitech\Video\LogiTray.exe H:\Program Files\Logitech\ImageStudio\LogiTray.exe H:\SCANJET\PrecisionScanPro\HPLamp.exe H:\WINDOWS\System32\svchost.exe -k HTTPFilter H:\Program Files\Microsoft Hardware\Keyboard\type32.exe H:\Program Files\iTunes\iTunesHelper.exe H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe H:\Program Files\TomTom HOME 2\HOMERunner.exe H:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE H:\Program Files\Common Files\Real\Update_OB\realsched.exe H:\PROGRA~1\AVG\AVG8\avgtray.exe H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\SecCopy\SecCopy.exe H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe H:\Program Files\Skype\Phone\Skype.exe H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe H:\Program Files\Common Files\VideoMate\ComproRemote.exe H:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe H:\Program Files\Logitech\Logitech Internet Handset\LOGI_HDS.exe H:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe H:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe H:\Program Files\Logitech\Video\FxSvr2.exe H:\Program Files\iPod\bin\iPodService.exe H:\Program Files\Skype\Plugin Manager\skypePM.exe H:\Program Files\Mozilla Firefox\firefox.exe H:\Documents and Settings\DON\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.smh.com.au/ uURLSearchHooks: H - No File uURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {15B735AB-F948-9BC3-3554-FC6A60DDDAEE} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\progra~1\spybot~1\SDHelper.dll BHO: {6AC235A8-F93A-9BF3-3554-FC6A60DDDAEE} - No File BHO: {75BDC97C-7A5B-70F3-8E2C-2760B5FE9E7B} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - h:\program files\java\jre6\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {F8D9DDD2-19C7-35AB-AD15-79FBD3059E42} - No File uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe uRun: [second Copy] "h:\program files\seccopy\SecCopy.exe" uRun: [PcSync] h:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog uRun: [NBJ] "h:\program files\ahead\nero backitup\NBJ.exe" uRun: [skype] "h:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [spybotSD TeaTimer] h:\program files\spybot - search & destroy\TeaTimer.exe mRun: [sunJavaUpdateSched] "h:\program files\java\jre6\bin\jusched.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE h:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup mRun: [NeroFilterCheck] h:\windows\system32\NeroCheck.exe mRun: [LVCOMSX] h:\windows\system32\LVCOMSX.EXE mRun: [LVCOMS] h:\program files\common files\logitech\qcdriver\LVCOMS.EXE mRun: [LogitechVideoTray] h:\program files\logitech\video\LogiTray.exe mRun: [LogitechVideoRepair] h:\program files\logitech\video\ISStart.exe mRun: [LogitechImageStudioTray] h:\program files\logitech\imagestudio\LogiTray.exe mRun: [LogitechGalleryRepair] h:\program files\logitech\imagestudio\ISStart.exe mRun: [HP Lamp] h:\scanjet\precisionscanpro\HPLamp.exe mRun: [Alcmtr] ALCMTR.EXE mRun: [intelliType] "h:\program files\microsoft hardware\keyboard\type32.exe" mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe" mRun: [ZoneAlarm Client] "h:\program files\zone labs\zonealarm\zlclient.exe" mRun: [TomTomHOME.exe] "h:\program files\tomtom home 2\HOMERunner.exe" -s mRun: [PCSuiteTrayApplication] h:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup mRun: [TkBellExe] "h:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AVG8_TRAY] h:\progra~1\avg\avg8\avgtray.exe mRun: [QuickTime Task] "h:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "h:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Malwarebytes' Anti-Malware] "h:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE dRun: [Picasa Media Detector] h:\program files\picasa2\PicasaMediaDetector.exe StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - h:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - h:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\compro~2.lnk - h:\program files\common files\videomate\ComproRemote.exe StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\compro~1.lnk - h:\program files\common files\videomate\ComproSchedulerDTV.exe StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - h:\program files\logitech\logitech internet handset\LOGI_HDS.exe IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {3AEE37F6-CC82-494A-828F-1310FD5C050C} = 203.2.75.132,198.142.0.51 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - h:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll AppInit_DLLs: ifdev.dll aacstream.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - h:\docume~1\don\applic~1\mozilla\firefox\profiles\5sb7vlg6.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au FF - plugin: h:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: h:\program files\mozilla firefox\plugins\npitunes.dll FF - plugin: h:\program files\picasa2\npPicasa3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;h:\windows\system32\drivers\avgrkx86.sys [2008-4-25 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [2008-4-25 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;h:\windows\system32\drivers\avgmfx86.sys [2007-11-12 27784] R1 AvgTdiX;AVG8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [2008-4-25 108552] R1 KLIF;KLIF;h:\windows\system32\drivers\klif.sys [2007-11-25 127768] R1 vsdatant;vsdatant;h:\windows\system32\vsdatant.sys [2007-11-25 395080] R2 avg8emc;AVG8 E-mail Scanner;h:\progra~1\avg\avg8\avgemc.exe [2009-7-10 908056] R2 avg8wd;AVG8 WatchDog;h:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-9 297752] R2 MBAMService;MBAMService;h:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-27 304464] R2 vsmon;TrueVector Internet Monitor;h:\windows\system32\zonelabs\vsmon.exe -service --> h:\windows\system32\zonelabs\vsmon.exe -service [?] R3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [2010-8-27 20952] R3 VMHybrid;VMHybrid service;h:\windows\system32\drivers\VMHybrid.sys [2006-5-9 1043072] S2 Serv-U;Serv-U FTP Server;h:\program files\rhinosoft.com\serv-u\servudaemon.exe --> h:\program files\rhinosoft.com\serv-u\ServUDaemon.exe [?] S3 EPUSBSTOR;EPSON USB Storage Driver;h:\windows\system32\drivers\epusbsto.sys [2001-9-10 17976] =============== Created Last 30 ================ 2010-08-30 07:12:04 0 ----a-w- h:\documents and settings\don\defogger_reenable 2010-08-27 02:56:12 0 d-----w- h:\docume~1\don\applic~1\Malwarebytes 2010-08-27 02:55:44 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys 2010-08-27 02:55:39 0 d-----w- h:\docume~1\alluse~1\applic~1\Malwarebytes 2010-08-27 02:55:13 20952 ----a-w- h:\windows\system32\drivers\mbam.sys 2010-08-27 02:55:12 0 d-----w- h:\program files\Malwarebytes' Anti-Malware 2010-08-20 12:03:34 0 d-----w- h:\windows\system32\F011A7B6C10 2010-08-20 10:50:06 0 d-----w- h:\windows\system32\F013D61599C 2010-08-20 08:01:41 0 d-----w- h:\program files\ACD Systems 2010-08-20 07:54:45 0 d-----w- h:\windows\system32\F01399A5B6B 2010-08-20 07:53:32 453120 --sh--w- h:\windows\system32\ifdev.dll 2010-08-20 07:11:57 9856 ----a-w- h:\windows\system32\drivers\pfc.sys 2010-08-20 06:59:09 0 d-----w- h:\windows\system32\wbem\Repository 2010-08-20 05:43:15 0 d-----w- h:\docume~1\don\applic~1\ACD Systems 2010-08-20 05:33:40 0 d-----w- h:\docume~1\alluse~1\applic~1\ACD Systems 2010-08-20 05:33:38 0 d-----w- h:\program files\common files\ACD Systems 2010-08-12 21:31:53 0 d-----w- H:\DVD1 2010-08-02 08:28:54 744448 -c----w- h:\windows\system32\dllcache\helpsvc.exe ==================== Find3M ==================== 2010-08-30 07:22:50 1472337952 --sha-w- h:\windows\system32\drivers\fidbox.dat 2010-08-30 07:15:02 17268344 --sha-w- h:\windows\system32\drivers\fidbox.idx 2010-06-30 12:31:35 149504 ----a-w- h:\windows\system32\schannel.dll 2010-06-24 12:22:03 916480 ----a-w- h:\windows\system32\wininet.dll 2010-06-23 13:44:04 1851904 ----a-w- h:\windows\system32\win32k.sys 2010-06-17 14:03:00 80384 ----a-w- h:\windows\system32\iccvid.dll 2010-06-14 07:41:45 1172480 ----a-w- h:\windows\system32\msxml3.dll 2010-06-03 02:41:44 3600384 ----a-w- h:\windows\system32\GPhotos.scr 2008-08-18 10:51:00 32768 --sha-w- h:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081820080819\index.dat ============= FINISH: 17:24:58.21 =============== Attach.txt
  11. This GMER peice of software has been running all night making the log files- after 10 hours it is still going - so wont interupt it now- sorry for this delay Chris
  12. I am sorry for this delay and thank you sincerely but I have run the GMER software for several hours an towards the end it crashes- so I start again. If it fails this next time I will zip all the other files - and perhaps this will do.
  13. For the past 10 days I seem to have had browser redirects and problems to the extent that a few days ago I had put malwarebytes (the bought one) onall my systems. Now as I sit working on my laptop which seems to be pretty clean my desktop has blocked about 20 or so IP attacks in a 6 hour period and blocks several more whenever I reboot my desktop. So I have followed all the instructions on running the "Im infected - What do I do now". I have not attempted to analyse any of the text or log files- this would be interesting but frankly beyond my pc skills. Note that I have already restored my system to an earlier date. Clearly this may have been an error by me because the malware would now be in some or all of the past profiles. I am unsure about this. So I would be truly indebted to one of you guys if you could look through some of this stuff and tell me what the next step is. If I have to format and start again this would be a great shame - but lets not go there yet. Note that I run windows xp on my desktop where all the issues are I have always used AVG as my virus software I use zone alarm freebee as my firewall I now use malwarebytes to keep the browser hijackers at bay I dont think I could do any more than this. The GMER rootkit analyser has been chugging away for about an hour so at the end of all this I will upload or attach all that is required (see below) Attached to this is the zip file which includes, the malware log file, the dds.txt, the attach.txt and also the ark.txt that was saved after running GMER rootkit analyser - thats 4 files in total.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.