Jump to content

Melinda in MT

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Everything posted by Melinda in MT

  1. Melinda in MT
    The computer I am working on got IS2010. I was finally able to run MBAM, HJT, ComboFix. But when I run DDS all I get is garbage in the txt file. I am posting from another computer because the other doesn't get on the net. I will keep working on running it. But want to get these out here for someone to look at. hijackthis2.txt mbam_log_2010_01_23__16_37_55_.txt ComboFix.txt
  2. Melinda in MT
    Not sure what my computer is infected with but I can't rum MBAM, can't run many programs or the internet, Mozilla or IE. The hijackthis log is first and then the combofix. Any help is appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:36:41 PM, on 1/23/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\PDF Complete\pdfsty.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Eagle Point Software2\Network License Manager\lservnt.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Kodak\printer\center\KodakSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe G:\Business\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) - https://content.ilinc.com/clientdownload/do...ad/ilinci86.dll O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\Bricscad\BrxProtIE.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Eagle Point LM - Rainbow Technologies, Inc. - C:\Program Files\Eagle Point Software2\Network License Manager\lservnt.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- End of file - 8186 bytes ComboFix 10-01-23.02 - Administrator 01/23/2010 14:01:13.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2431 [GMT -7:00] Running from: g:\business\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lsprst7.dll c:\windows\system32\nsprs.dll . ((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 ))))))))))))))))))))))))))))))) . 2010-01-23 21:00 . 2010-01-23 21:00 -------- d-----w- c:\windows\LastGood 2010-01-23 20:34 . 2010-01-23 20:34 1025 ----a-w- c:\windows\system32\serauth2.dll 2010-01-23 20:34 . 2010-01-23 20:34 1025 ----a-w- c:\windows\system32\serauth1.dll 2010-01-23 19:50 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-23 19:50 . 2010-01-23 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-23 19:50 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-23 18:42 . 2010-01-23 18:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-01-23 18:27 . 2010-01-23 18:27 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-21 02:18 . 2010-01-21 02:18 0 ----a-w- c:\windows\system32\drivers\{5B746011-89CE-4FD7-ACF3-F860665E7A38}.sys 2010-01-21 01:59 . 2010-01-23 18:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-21 01:59 . 2010-01-21 01:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-01-20 20:44 . 2010-01-20 20:44 0 ----a-w- c:\windows\system32\drivers\TCPIP_{CA0060E9-4A36-426E-AD77-71E059F0B925}.sys 2010-01-20 00:56 . 2010-01-20 00:56 -------- d-----w- C:\found.000 2010-01-15 23:51 . 2010-01-15 23:51 72192 ----a-w- c:\windows\system32\drivers\yubg8302N.sys 2010-01-15 16:44 . 2010-01-18 20:48 -------- d-----w- C:\data2010 2010-01-15 16:43 . 2010-01-15 16:43 -------- d-----w- C:\New Folder (3) 2010-01-13 12:45 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-07 18:56 . 2010-01-07 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-01-07 18:56 . 2010-01-07 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 20:58 . 2010-01-23 20:58 118784 ----a-w- c:\windows\system32\chg.exe 2010-01-23 20:57 . 2009-09-18 17:38 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-23 19:36 . 2007-01-03 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-23 19:03 . 2009-11-13 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-01-23 18:46 . 2010-01-23 18:46 2855 ----a-w- c:\windows\PIF\rkill.PIF 2010-01-23 18:34 . 2009-11-13 00:08 0 ----a-w- c:\windows\Pjesibekepemiy.bin 2010-01-23 18:27 . 2006-01-16 22:12 824960 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-01-21 15:56 . 2007-01-02 22:21 -------- d-----w- c:\program files\AutoCAD R14 2010-01-21 02:36 . 2007-03-16 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-01-21 02:32 . 2009-08-17 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-01-21 01:58 . 2008-07-31 20:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-21 01:52 . 2009-11-13 00:08 120 ----a-w- c:\windows\Omewef.dat 2010-01-16 00:15 . 2009-12-01 20:30 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat 2010-01-15 23:51 . 2009-08-17 17:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-12-22 15:20 . 2009-12-22 15:20 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2009-12-22 15:20 . 2009-12-22 15:20 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-12-17 15:48 . 2009-12-17 15:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hotbar_Icons 2009-12-16 21:01 . 2009-12-16 21:01 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2009-11-21 15:51 . 2006-02-28 02:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-16 15:09 . 2009-11-16 15:09 16 ----a-w- c:\documents and settings\NetworkService\Application Data\zxcvbd.dat 2009-11-13 20:31 . 2009-08-17 17:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-13 20:31 . 2009-08-17 17:12 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-13 20:31 . 2009-08-17 17:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-13 00:04 . 2009-11-13 00:04 24 ----a-w- c:\documents and settings\LocalService\Application Data\zxcvbd.dat 2009-11-04 10:15 . 2009-08-18 20:44 579848 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-29 07:46 . 2006-02-28 02:00 832512 ------w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2006-02-28 02:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 2006-02-28 02:00 17408 ----a-w- c:\windows\system32\corpol.dll 2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-23_20.52.04 ))))))))))))))))))))))))))))))))))))))))) . - 2006-04-25 17:43 . 2010-01-23 20:47 71264 c:\windows\system32\perfc009.dat + 2006-04-25 17:43 . 2010-01-23 21:02 71264 c:\windows\system32\perfc009.dat + 2006-04-25 17:43 . 2010-01-23 21:02 441454 c:\windows\system32\perfh009.dat - 2006-04-25 17:43 . 2010-01-23 20:47 441454 c:\windows\system32\perfh009.dat + 2010-01-23 20:55 . 2010-01-23 20:55 15710720 c:\windows\Installer\35a2d.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 20:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-05-04 344064] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-07-14 279576] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-02 257088] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-07 185872] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720] "Drag'n'Drop_Autolaunch"="c:\program files\Iomega HotBurn Pro\Autolaunch.exe" [2004-12-01 131072] "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-13 20:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Executive Software\\Diskeeper\\Diskeeper.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Eagle Point Software\\EGPT\\PROGRAM\\egpt.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2009 10:12 AM 333192] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/13/2009 1:30 PM 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/13/2009 1:30 PM 285392] R2 Eagle Point LM;Eagle Point LM;c:\program files\Eagle Point Software2\Network License Manager\lservnt.exe [11/12/2008 2:30 PM 577536] R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [10/30/2008 9:58 AM 28672] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/18/2006 11:16 PM 534040] S0 okfgck;okfgck;c:\windows\system32\drivers\ewtlbdf.sys --> c:\windows\system32\drivers\ewtlbdf.sys [?] S0 xhpqhfzq;xhpqhfzq; [x] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2009 10:12 AM 360584] S1 yubg8302N;yubg8302N;c:\windows\system32\drivers\yubg8302N.sys [1/15/2010 4:51 PM 72192] S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [7/30/2008 12:49 PM 9881] S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [2/27/2006 7:00 PM 12800] --- Other Services/Drivers In Memory --- *Deregistered* - dnbudf . Contents of the 'Scheduled Tasks' folder 2010-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 22:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.Google.com uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxps://content.ilinc.com/clientdownload/download/ilinci86.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v3nlpmwd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: XULRunner: {B51F9201-2ABC-4548-827E-F7DC6CC16438} - c:\documents and settings\Administrator\Local Settings\Application Data\{B51F9201-2ABC-4548-827E-F7DC6CC16438}\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 14:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-01-23 14:04:45 ComboFix-quarantined-files.txt 2010-01-23 21:04 ComboFix2.txt 2010-01-23 20:54 Pre-Run: 87,386,624,000 bytes free Post-Run: 87,349,608,448 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - CBB76E1883B2FB6FED7896A6376F23C0 ComboFix.txt hijackthis2.txt
  3. Melinda in MT
    Am working on my husbands computer - he somehow got the FakeAlert trojan. Terrible thing to get rid of! Thank goodness I found this site. I followed AdvancedSetup's steps to get mbam to run and thankfully it worked! I first found the infection with AVG which said it was removed -NOT! Here are the mbam and hjt logs. This computer is not hooked up to the internet right now so I am transferring info from my usb flash drive back and forth. Thanks!! MBAM Malwarebytes' Anti-Malware 1.31 Database version: 1456 Windows 5.1.2600 Service Pack 2 12/16/2008 5:22:18 PM mbam-log-2008-12-16 (17-22-18).txt Scan type: Quick Scan Objects scanned: 48167 Time elapsed: 2 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\TDSScfub.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSoeqh.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\TDSSb390.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temp\TDSSb381.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully. HJT Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:53:40 PM, on 12/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Visioneer OneTouch\OneTouchMon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3650 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3650 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 5828 bytes mbam_log_2008_12_16__17_22_18_.txt mbam_log_2008_12_16__17_22_18_.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.