Jump to content

my search results go to differnt places Malwarebytes didnt find anything


Dieseldave
 Share

Recommended Posts

Hello Dieseldave and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

Please read my instructions again:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Copy&Paste the entire report in your next reply.
On completion of the scan click save log, save it to your desktop and post in your next reply
In your next reply, post the following log files:
Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-16 13:34:31

-----------------------------

13:34:31.234 OS Version: Windows 5.1.2600 Service Pack 3

13:34:31.234 Number of processors: 4 586 0xF07

13:34:31.234 ComputerName: SKULL UserName: owner

13:34:33.937 Initialize success

13:43:37.718 AVAST engine defs: 12091400

13:44:03.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts3Port4Path1Target1Lun0

13:44:03.546 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3

13:44:03.593 Disk 0 MBR read successfully

13:44:03.593 Disk 0 MBR scan

13:44:03.656 Disk 0 Windows XP default MBR code

13:44:03.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63

13:44:03.656 Disk 0 scanning sectors +976768065

13:44:03.734 Disk 0 scanning C:\WINDOWS\system32\drivers

13:44:12.078 Service scanning

13:44:22.859 Modules scanning

13:44:26.453 Disk 0 trace - called modules:

13:44:26.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk11F.tmp hal.dll SCSIPORT.SYS nvgts.sys

13:44:26.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a524ab8]

13:44:26.812 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a56d920]

13:44:26.812 5 tsk11F.tmp[b7f51620] -> nt!IofCallDriver -> \Device\Scsi\nvgts3Port4Path1Target1Lun0[0x8a56da38]

13:44:28.062 AVAST engine scan C:\WINDOWS

13:44:39.593 AVAST engine scan C:\WINDOWS\system32

13:47:30.109 AVAST engine scan C:\WINDOWS\system32\drivers

13:47:52.500 AVAST engine scan C:\Documents and Settings\owner

13:48:11.640 File: C:\Documents and Settings\owner\Application Data\crdrf.dll **INFECTED** Win32:Medfos [Trj]

13:48:38.484 File: C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\35\3952a8a3-12c03353 **INFECTED** Win32:Karagany-KH [Trj]

13:49:34.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\owner\Desktop\recent stuff\MBR.dat"

13:49:34.796 The log file has been saved successfully to "C:\Documents and Settings\owner\Desktop\recent stuff\aswMBR.txt"

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/19/2010 9:19:50 AM

System Uptime: 9/16/2012 8:32:57 AM (6 hours ago)

.

Motherboard: EVGA | | 122-CK-NF68

Processor: Intel® Core2 Quad CPU @ 2.40GHz | Socket 775 | 2399/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 367.419 GiB free.

E: is Removable

F: is Removable

G: is Removable

H: is CDROM ()

I: is CDROM ()

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Gigabyte GN-WP01GS PCI WLAN Card(Turbo)

Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&1A82106&0&5078

Manufacturer: Gigabyte Technology Corp.

Name: Gigabyte GN-WP01GS PCI WLAN Card(Turbo)

PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_E9341458&REV_00\4&1A82106&0&5078

Service: RT61

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: NVIDIA nForce Networking Controller

Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&575C2CF&0&00

Manufacturer: NVIDIA

Name: NVIDIA nForce 10/100/1000 Mbps Ethernet

PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&575C2CF&0&00

Service: NVENETFD

.

==== System Restore Points ===================

.

RP405: 6/23/2012 12:00:08 PM - System Checkpoint

RP406: 6/24/2012 1:14:35 PM - System Checkpoint

RP407: 6/26/2012 6:52:41 PM - System Checkpoint

RP408: 6/27/2012 7:23:29 PM - System Checkpoint

RP409: 6/29/2012 7:33:12 PM - System Checkpoint

RP410: 7/1/2012 7:52:13 AM - System Checkpoint

RP411: 7/4/2012 2:44:56 PM - System Checkpoint

RP412: 7/6/2012 6:37:27 PM - System Checkpoint

RP413: 7/7/2012 6:43:55 PM - System Checkpoint

RP414: 7/8/2012 7:49:11 PM - System Checkpoint

RP415: 7/10/2012 7:18:03 PM - System Checkpoint

RP416: 7/11/2012 7:38:10 PM - System Checkpoint

RP417: 7/12/2012 8:41:13 PM - System Checkpoint

RP418: 7/13/2012 10:02:37 PM - System Checkpoint

RP419: 7/14/2012 10:55:10 PM - System Checkpoint

RP420: 7/17/2012 8:23:06 PM - System Checkpoint

RP421: 7/18/2012 8:44:56 PM - System Checkpoint

RP422: 7/19/2012 8:49:51 PM - System Checkpoint

RP423: 7/20/2012 9:00:46 PM - System Checkpoint

RP424: 7/21/2012 9:45:18 PM - System Checkpoint

RP425: 7/25/2012 6:23:51 PM - System Checkpoint

RP426: 7/26/2012 7:54:47 PM - System Checkpoint

RP427: 7/28/2012 6:03:33 PM - System Checkpoint

RP428: 7/29/2012 6:30:18 PM - System Checkpoint

RP429: 7/30/2012 7:08:29 PM - System Checkpoint

RP430: 7/31/2012 7:21:41 PM - System Checkpoint

RP431: 8/1/2012 7:35:50 PM - System Checkpoint

RP432: 8/2/2012 8:31:13 PM - System Checkpoint

RP433: 8/3/2012 9:03:40 PM - System Checkpoint

RP434: 8/4/2012 9:43:04 PM - System Checkpoint

RP435: 8/8/2012 8:35:13 PM - System Checkpoint

RP436: 8/10/2012 11:13:26 PM - System Checkpoint

RP437: 8/12/2012 7:54:43 AM - System Checkpoint

RP438: 8/14/2012 7:39:34 PM - System Checkpoint

RP439: 8/16/2012 7:10:59 PM - System Checkpoint

RP440: 8/18/2012 3:21:58 PM - Installed AVG 2012

RP441: 8/18/2012 3:22:15 PM - Installed AVG 2012

RP442: 8/18/2012 8:15:15 PM - Installed Far Cry Demo 2

RP443: 8/19/2012 8:23:04 PM - System Checkpoint

RP444: 8/23/2012 7:01:19 PM - System Checkpoint

RP445: 8/24/2012 7:48:51 PM - System Checkpoint

RP446: 8/25/2012 7:57:44 PM - System Checkpoint

RP447: 8/28/2012 5:24:48 PM - System Checkpoint

RP448: 9/2/2012 12:29:16 PM - System Checkpoint

RP449: 9/3/2012 1:34:10 PM - System Checkpoint

RP450: 9/4/2012 7:40:25 PM - System Checkpoint

RP451: 9/7/2012 6:52:34 PM - System Checkpoint

RP452: 9/9/2012 8:05:22 AM - System Checkpoint

RP453: 9/11/2012 7:58:06 PM - System Checkpoint

RP454: 9/14/2012 7:25:34 PM - System Checkpoint

RP455: 9/15/2012 1:30:27 PM - Removed AVG 2012

RP456: 9/15/2012 1:31:35 PM - Removed AVG 2012

RP457: 9/16/2012 7:33:23 AM - Removed ABBYY FineReader 6.0 Sprint

RP458: 9/16/2012 7:56:28 AM - Installed Windows Defender

RP459: 9/16/2012 7:59:18 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

18 Wheels of Steel Haulin

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.5

Adobe SVG Viewer 3.0

Army Men

Cross Fire En

Dell Driver Download Manager

Far Cry Demo 2

Ford Racing 3

FriendFinder Messenger v4.1

Get Tiffany

Gigabyte GN-WP01GS

Grand Theft Auto IV

Grand Theft Auto Vice City

Grand Theft Auto: Episodes From Liberty City

GTA San Andreas

GTAIII

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Photo Creations

HP Update

IC4 Interface Device by SU Enterprise, Inc.

IDS

Image Plugin

Java Auto Updater

Java 6 Update 31

Lexmark Printable Web

Lexmark S300-S400 Series

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 97, Professional Edition

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA nView Desktop Manager

NVIDIA PhysX

Puma

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

SpeedFan (remove only)

Spybot - Search & Destroy

TeamSpeak 2 RC2

Teradyne Wireless Card

The Lord of the Rings Online™ v03.02.03.8013

TTI Trailers Skins Pack

TTI Trucks and Trailers Skins Pack

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Ventrilo Client

WebFldrs XP

Windows Defender

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

9/16/2012 8:35:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp nvata nvatabus

9/16/2012 1:47:38 PM, error: nvgts [9] - The device, \Device\Scsi\nvgts3, did not respond within the timeout period.

9/16/2012 1:47:38 PM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts3.

9/15/2012 1:31:27 PM, error: Service Control Manager [7000] - The avgtp service failed to start due to the following error: The specified driver is invalid.

9/11/2012 7:33:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

9/11/2012 6:43:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgtp

9/11/2012 6:43:45 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

9/11/2012 6:43:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService service to connect.

9/11/2012 6:43:45 PM, error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/11/2012 6:43:45 PM, error: Service Control Manager [7000] - The 5619 service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by owner at 14:01:22 on 2012-09-16

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1121 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxeacoms.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PnkBstrA.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe

C:\Program Files\Lexmark S300-S400 Series\ezprint.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - No File

BHO: TM_BHO Class: {60ec89b7-367d-402b-8c55-30faeb32a705} - c:\program files\ford motor company\ids\runtime\TMCtrlBHO.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [TDSReanimator] "c:\program files\common files\teradyne\TDSReanimator.exe"

mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"

mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [crdrf] "c:\windows\system32\rundll32.exe" "c:\documents and settings\owner\application data\crdrf.dll",ToContiguous

mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\ford motor company\ids\runtime\DeviceManager.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gn-wp0~1.lnk - c:\program files\gigabyte\gigabyte wp01gs wireless pci adapter softap\installer\winxp\RaUI.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: %SYSTEMROOT%\system32\nvLsp.dll

Trusted Zone: yahoo.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345319533534

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292781541281

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://webdeploy.teradyne-ds.com/webdeploy/Wireless_11.2.0/setup.ocx

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4FF69FB5-376C-460A-AD7F-B6C3AED6C54C} : DhcpNameServer = 192.168.1.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 TDSNetSetup;TDSNetSetup;c:\program files\common files\teradyne\TDSNetSetup.exe [2011-3-22 17920]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-16 40776]

R3 skfilt;skfilt;c:\windows\system32\drivers\skfilt.sys [2008-2-12 1670016]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-18 27496]

S2 5619;5619;\??\c:\docume~1\owner\locals~1\temp\5619.sys --> c:\docume~1\owner\locals~1\temp\5619.sys [?]

S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-5-16 193192]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-16 35144]

S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2006-5-10 22016]

S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?]

S3 XDva398;XDva398;\??\c:\windows\system32\xdva398.sys --> c:\windows\system32\XDva398.sys [?]

S3 XDva399;XDva399;\??\c:\windows\system32\xdva399.sys --> c:\windows\system32\XDva399.sys [?]

.

=============== Created Last 30 ================

.

2012-09-16 17:50:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-09-16 14:28:09 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9b1a7bd7-edc5-4a98-9701-d87aa1e07b5b}\offreg.dll

2012-09-16 13:31:28 -------- d-----w- C:\TDSSKiller_Quarantine

2012-09-16 13:12:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-09-16 12:59:24 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll

2012-09-16 12:59:21 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9b1a7bd7-edc5-4a98-9701-d87aa1e07b5b}\mpengine.dll

2012-09-16 12:59:20 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-09-16 12:33:30 -------- d-----w- c:\windows\system32\appmgmt

2012-09-15 18:31:36 -------- d-----w- c:\documents and settings\owner\application data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}

2012-08-18 22:52:25 -------- d-sh--w- c:\documents and settings\owner\IECompatCache

2012-08-18 20:25:10 -------- d-----w- c:\documents and settings\owner\application data\AVG2012

2012-08-18 20:24:46 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search

2012-08-18 20:24:39 -------- d-----w- c:\documents and settings\owner\application data\AVG Secure Search

2012-08-18 20:24:38 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-18 20:24:37 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-08-18 20:24:37 -------- d-----w- c:\program files\AVG Secure Search

2012-08-18 20:21:58 -------- d-----w- c:\program files\AVG

2012-08-18 20:12:33 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-08-18 20:12:33 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-08-18 20:04:29 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-08-18 18:33:45 -------- d-----w- c:\program files\Yontoo

2012-08-18 18:33:43 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

.

==================== Find3M ====================

.

2012-09-16 13:33:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys

2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-21 23:42:24 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-21 23:42:23 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-07 23:23:49 371712 ----a-w- c:\documents and settings\owner\application data\crdrf.dll

2012-07-27 23:56:16 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2012-06-28 02:17:05 139136 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2012-06-28 02:16:56 233920 ----a-w- c:\windows\system32\PnkBstrB.xtr

2012-06-28 02:16:56 233920 ----a-w- c:\windows\system32\PnkBstrB.exe

.

============= FINISH: 14:02:17.12 ===============

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.16.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

owner :: SKULL [administrator]

9/16/2012 12:51:54 PM

mbam-log-2012-09-16 (13-31-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 274715

Time elapsed: 34 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken.

Registry Values Detected: 1

HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 4290b82d4017c5d31ef2aabc7ded302c -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Documents and Settings\owner\Local Settings\Temp\install_0_msi.exe (Backdoor.Agent.RC2Gen) -> No action taken.

C:\Documents and Settings\owner\Local Settings\Temp\install_1_msi.exe (Trojan.Sirefef) -> No action taken.

C:\WINDOWS\Installer\{d74cfbfb-0c05-d728-f3fd-0a24268dca5f}\U\80000000.@ (Trojan.Small) -> No action taken.

(end)

Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove Older Versions.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your system's version)
  • Run the installer
  • Close JavaRa

Step 2

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

In your last log, it seems you do not have take any action. Please this time make sure you click on Remove Selected button.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • JavaRa log
  • TDSSKiller log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

Object reference not set to an instance of an object.

Object reference not set to an instance of an object.

User initialised redundant data purge.

......................

Removed registry subkey tree: JavaPlugin.160_31

Removed registry subkey: {08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Removed registry subkey: 0357E4991DA5FF14F9615B3412062B06

Removed registry subkey: 0357E4991DA5FF14F9615B3612062B06

Removal routine completed successfully. 4 items have been deleted.

Object reference not set to an instance of an object.

Object reference not set to an instance of an object.

User initialised redundant data purge.

......................

Removal routine completed successfully. 4 items have been deleted.

JavaRa 2.0 loaded without incident. Checking system...

User initialised redundant data purge.

......................

Removal routine completed successfully. 0 items have been deleted.

JavaRa 2.0 loaded without incident. Checking system...

User initialised redundant data purge.

......................

Cleanup routine completed successfully. 0 items have been deleted.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.16.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

owner :: SKULL [administrator]

9/16/2012 4:19:12 PM

mbam-log-2012-09-16 (16-19-12).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 398828

Time elapsed: 1 hour(s), 19 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\System Volume Information\_restore{65C06EA8-4E62-4E8A-8B9A-A8BE0C4B1B74}\RP441\A0238236.EXE (PUP.Tool) -> Quarantined and deleted successfully.

C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\35\3952a8a3-12c03353 (Trojan.Reza) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.