Jump to content

Recommended Posts

Hey guys! Thanks in advance for any assistance I might receive - especially since it's the holiday weekend.

My parents have this ancient Windows XP, and they must've gotten it infected somehow - all of their personal files and folders aappeared to be missing. After spending a bit of time with the PC, I was able to determine that the files hadn't been removed, but simply marked as hidden. I went through and unchecked "hidden" in properties, so that solved that issue, but I wanted to run a Malwarebytes scan just to be sure to get rid of the source of the problem. Since this isn't my own personal computer, I had to download it - and I've been unable to install the program. It gets all the way up until the final step and then says "access is denied" and shuts down. I've attempted all of the suggestions for getting it working that I've found on this forum, including renaming the setup file, changing the extention, using the Run command, trying to do it in Safe Mode, etc., and nothing so far has worked. As prompted in the sticky post, I ran a DDS scan, and the first text results are posted below, and the second is attached.

Again, any help at all would be much appreciated! Thank you very much!

---

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Wood Family at 19:58:36 on 2011-11-26

.

============== Running Processes ===============

.

\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

C:\Program Files\Lexmark 2300 Series\ezprint.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\PROGRA~1\RETROG~2\bar\1.bin\6hbrmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\PROGRA~1\RETROG~4\bar\1.bin\2zbrmon.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Logitech Vid\Vid.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\lxcgcoms.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\RETROG~4\bar\1.bin\2zmedint.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Wood Family\Desktop\dds.scr

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

uInternet Settings,ProxyOverride = *.local;<local>

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

uURLSearchHooks: N/A: {432c5b35-3b9b-4417-8bdf-cb7b564cad2f} - c:\program files\retrogamerie\bar\1.bin\6hSrcAs.dll

uURLSearchHooks: N/A: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - c:\program files\retrogamer_2z\bar\1.bin\2zSrcAs.dll

BHO: {01b19f19-4615-4d14-a959-3e453da1a3c7} - c:\documents and settings\wood family\local settings\application data\SecurityUser.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Search Assistant BHO: {6ffed9d8-942f-4384-aa29-d3bd083a346a} - c:\program files\retrogamer_2z\bar\1.bin\2zSrcAs.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: {b4eeda34-67a2-4915-a821-4f22f093fec1} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Toolbar BHO: {fc1e426b-fa76-428f-b680-86ef1edb13c1} - c:\progra~1\retrog~4\bar\1.bin\2zbar.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: {b4eeda34-67a2-4915-a821-4f22f093fec1} - No File

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: Retrogamer: {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - c:\program files\retrogamer_2z\bar\1.bin\2zbar.dll

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\Vid.exe" -bootmode

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe

mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe

mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"

mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"

mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [RetrogamerIE Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\6hbrmon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16

mRun: [startNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [Retrogamer Search Scope Monitor] "c:\progra~1\retrog~4\bar\1.bin\2zsrchmn.exe" /m=2 /w /h

mRun: [Retrogamer_2z Browser Plugin Loader] c:\progra~1\retrog~4\bar\1.bin\2zbrmon.exe

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

IE: &Search - http://tbedits.retrogamer.com/one-toolbaredits/menusearch.jhtml?s=100000494&p=RGxdm008YYus&si=XXXXXXXXXX&a=AFDF370E-3359-48BC-B349-557552D7A221&n=2011111221

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\documents and settings\wood family\application data\dvdvideosoftiehelpers\youtubetomp3.htm

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.lkqcorp.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.200.1

TCP: Interfaces\{92BBDC61-88F9-4CB8-87B8-2B5222ECAC33} : DhcpNameServer = 192.168.200.1

Filter: text/html - {34f8e9e9-3bac-4d45-94a9-f4a541b17525} -

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\wood family\application data\mozilla\firefox\profiles\fqa90g6m.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111012&q=

FF - plugin: c:\documents and settings\wood family\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\retrogamer_2z\bar\1.bin\NP2zStub.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - e5220c87-678f-4caf-8056-de794668bf67

.

============= SERVICES / DRIVERS ===============

.

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? hitmanpro35;Hitman Pro 3.5 Support Driver

R? McComponentHostService;McAfee Security Scan Component Host Service

R? mcupdmgr.exe;McAfee SecurityCenter Update Manager

R? Retrogamer_2zService;RetrogamerService

R? RetrogamerIEService;Retrogamer Service

R? WDC_SAM;WD SCSI Pass Thru driver

R? WDDMService;WD SmartWare Drive Manager

R? WDSmartWareBackgroundService;WD SmartWare Background Service

S? AVGIDSAgent;AVGIDSAgent

S? AVGIDSDriver;AVGIDSDriver

S? AVGIDSEH;AVGIDSEH

S? AVGIDSFilter;AVGIDSFilter

S? AVGIDSShim;AVGIDSShim

S? Avgldx86;AVG AVI Loader Driver

S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield

S? Avgrkx86;AVG Anti-Rootkit Driver

S? Avgtdix;AVG TDI Driver

S? avgwd;AVG WatchDog

S? MPFIREWL;MPFIREWL

S? NEOFLTR_700_16899;Juniper Networks TDI Filter Driver (NEOFLTR_700_16899)

S? Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar

.

=============== Created Last 30 ================

.

2011-11-13 02:48:50 819200 ---ha-w- c:\windows\system32\GameTapWebPlayer_4_4_0_7.ocx

2011-11-13 02:48:45 749568 ---ha-w- c:\program files\mozilla firefox\extensions\gametapplayer@gametap.com\plugins\npGameTapWebPlayer.dll

2011-11-13 02:48:08 -------- d--h--w- c:\program files\Retrogamer_2z

2011-11-13 02:47:29 -------- d--h--w- c:\program files\Retrogamer_2zEI

.

==================== Find3M ====================

.

2011-10-28 00:13:29 56 --sh--r- c:\windows\system32\D1FFB55C1C.sys

2011-10-28 00:13:29 1786 --sha-w- c:\windows\system32\KGyGaAvL.sys

2011-10-17 22:02:52 0 ---ha-w- c:\documents and settings\wood family\qownzuopxk.tmp

2011-10-10 14:22:41 692736 ---ha-w- c:\windows\system32\inetcomm.dll

2011-10-07 10:23:48 230608 ---ha-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 10:21:42 16720 ---ha-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06:50 599040 ---ha-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll

2011-09-13 10:30:10 32592 ---ha-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20:51 1858944 ---ha-w- c:\windows\system32\win32k.sys

2011-08-31 22:00:50 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 20:04:18.76 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.